Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

w.32.myzor.fk@yf


  • This topic is locked This topic is locked

#1
Perfect Alibi

Perfect Alibi

    Member

  • Member
  • PipPip
  • 31 posts
i unknowingly contracted the W.32.myzor.fk@yk virus and now i'm in a world of trouble. i did some research about the virus and came across a blog on this website. i followed it accordingly but had a little trouble executing the plan. i think i may have done something wrong
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Perfect Alibi and welcome to GeeksToGo!


If you are having malware issues, please go to the following link and follow all the instructions carefully.


You Must Read This Before Posting A Hijackthis Log

this will help you clean up to 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THIS thread.

Thanks,

:whistling:

Excal
  • 0

#3
Perfect Alibi

Perfect Alibi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
thanks for the help but i need to know step by step information on how to get this out because i ran the smithfraud on my safe mode and i think i really messed up :whistling:
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
At the very least I am going to see a HiJackthis log :blink:

:whistling:

Excal
  • 0

#5
Perfect Alibi

Perfect Alibi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I hope i did this right!!!! I really appreciat the help.






Logfile of HijackThis v1.99.1
Scan saved at 9:27:45 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://officialhomep...org/home15.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...g...=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.attbi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {8362B8A7-7E31-0B9D-15DA-71F2CD234599} - C:\WINDOWS\System32\zxrzo.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe" -vt mt
O4 - HKCU\..\Run: [Bdurqsp] C:\WINDOWS\SYSTEM32\?ecurity\w?nspool.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.attbi.com
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Spades - http://download2.gam...nts/y/st3_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwir...5.30/Hiwire.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotb...rams/hotbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168495245295
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Got a little work to do :blink:

Open up Hijackthis and do a scan. Check the following items off:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://officialhomep...org/home15.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...g...=stmpl1&fw=
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {8362B8A7-7E31-0B9D-15DA-71F2CD234599} - C:\WINDOWS\System32\zxrzo.dll
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwir...5.30/Hiwire.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotb...rams/hotbar.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)


Click Fix Checked, then close HJT

1. Download ComboFix.exe using either of these links:

BleepingComputer

Techsupportforum.com

2. Double click on combofix.exe & follow the prompts to allow the tool to run.

3. When it has finished, it will produce a log for you.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Open Uninstall Manager"
  • Click on the button "Save list"
  • Copy and past the List from the notebook onto your post
Please post a fresh HiJackthis log, an uninstall log and the combofix log in your next reply

:whistling:


Excal
  • 0

#7
Perfect Alibi

Perfect Alibi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
thanks, you are beimg really helpful.
Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 11:21:50 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.attbi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe" -vt mt
O4 - HKCU\..\Run: [Bdurqsp] C:\WINDOWS\SYSTEM32\?ecurity\w?nspool.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.attbi.com
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Spades - http://download2.gam...nts/y/st3_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168495245295
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

Combofix
"Hum" - 07-01-14 23:14:25 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Hum\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wintsvit.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\svchost.exe
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\S?mantec
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1\w?nspool.exe


((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))


2007-01-14 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek
2007-01-14 03:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-01-12 14:27 1,474 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-12 00:37 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-12 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-11 22:16 <DIR> d-------- C:\SmitfraudFix
2007-01-11 19:50 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\PC Tools
2007-01-11 19:33 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\SystemDoctor 2006 Free
2007-01-11 16:11 25,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2007-01-11 14:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 14:29 <DIR> d-------- C:\Program Files\MalwareBot
2007-01-11 14:20 <DIR> d-------- C:\Program Files\Malware-Wiped
2007-01-11 13:47 <DIR> d--hs---- C:\WA7P
2007-01-11 13:46 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\WinAntiVirus Pro 2007
2007-01-11 13:45 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-01-11 13:45 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-01-11 13:45 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-01-11 13:45 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-01-11 13:37 20,992 --a------ C:\WINDOWS\SYSTEM32\axlet.dll
2007-01-11 02:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-11 02:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-01-11 02:05 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-01-11 01:41 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\peernet
2007-01-11 01:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-10 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-08 18:26 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\Google
2007-01-08 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-07 12:09 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-01-07 12:08 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-01-07 12:08 35,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-01-07 12:08 34,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-01-07 12:08 31,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-01-07 12:08 168,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-01-07 12:08 100,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-01-07 12:08 <DIR> d-------- C:\Program Files\McAfee.com
2007-01-07 12:07 <DIR> d-------- C:\Program Files\McAfee
2007-01-07 12:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-07 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-07 11:36 146 --a------ C:\DOCUME~1\Hum\Application Data\tvmuknwrd.dll
2007-01-06 19:12 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\InstallShield
2007-01-06 19:08 57,344 --a------ C:\WINDOWS\SYSTEM32\zxrzo.dll
2007-01-05 15:19 23,856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-01-05 15:15 <DIR> d-------- C:\WINDOWS\EHome
2007-01-05 15:05 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-01-05 14:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-01-05 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-05 14:40 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-01-05 14:40 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-01-05 14:40 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-01-05 14:40 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-01-05 14:40 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-01-05 14:40 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-01-04 14:28 <DIR> d-------- C:\Program Files\support.com
2007-01-04 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Support.com
2006-12-14 13:08 77,824 --a------ C:\WINDOWS\SYSTEM32\NotePadSync.dll
2006-12-14 13:08 <DIR> d-------- C:\Program Files\SAMSUNG


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 03:41 -------- d-------- C:\Program Files\messenger
2007-01-11 03:35 -------- d-------- C:\Program Files\whenusearch
2007-01-11 03:30 -------- d-------- C:\Program Files\modem helper
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft works
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft picture it! 2002
2007-01-11 03:30 -------- d-------- C:\Program Files\aim95
2007-01-11 02:55 -------- d-------- C:\Program Files\Common Files\real
2007-01-11 02:12 -------- d---s---- C:\DOCUME~1\Hum\Application Data\microsoft
2007-01-11 02:01 2508 --a------ C:\DOCUME~1\Hum\Application Data\$_hpcst$.hpc
2007-01-11 02:00 -------- d-------- C:\Program Files\microsoft activesync
2007-01-11 01:26 -------- d-------- C:\Program Files\movie maker
2007-01-11 01:20 -------- d-------- C:\Program Files\windows nt
2007-01-08 13:17 -------- d-------- C:\Program Files\google
2007-01-07 12:18 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-07 12:17 -------- d-------- C:\Program Files\symantec
2007-01-07 11:36 0 --a------ C:\DOCUME~1\Hum\Application Data\tvmknwrd.dll
2007-01-05 14:49 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 21:27 -------- d--h----- C:\Program Files\installshield installation information
2006-12-08 23:57 -------- d-------- C:\DOCUME~1\Hum\Application Data\real
2006-12-08 23:55 -------- d-------- C:\Program Files\real
2006-12-08 23:27 22768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\SYSTEM32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadve.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadvd.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wdfapi.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\SYSTEM32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\SYSTEM32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\SYSTEM32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\SYSTEM32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\SYSTEM32\mp4sdecd.dll
2006-10-18 21:47 314880 --------- C:\WINDOWS\SYSTEM32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\SYSTEM32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\SYSTEM32\audiodev.dll
2006-10-18 21:47 27136 --------- C:\WINDOWS\SYSTEM32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\SYSTEM32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-10-18 21:47 242688 --------- C:\WINDOWS\SYSTEM32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-10-18 21:47 227328 --------- C:\WINDOWS\SYSTEM32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\SYSTEM32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\SYSTEM32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\SYSTEM32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\SYSTEM32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\SYSTEM32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\SYSTEM32\wmvencod.dll
2006-10-18 21:47 157184 --------- C:\WINDOWS\SYSTEM32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\SYSTEM32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\SYSTEM32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\SYSTEM32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\SYSTEM32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --------- C:\WINDOWS\SYSTEM32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\SYSTEM32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\SYSTEM32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\SYSTEM32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\SYSTEM32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TV Media"="C:\\Program Files\\TV Media\\Tvm.exe"
"Aida"="\"C:\\PROGRA~1\\COMMON~1\\SMANTE~1\\svchost.exe\" -vt mt"
"Bdurqsp"="C:\\WINDOWS\\SYSTEM32\\?ecurity\\w?nspool.exe"
"H/PC Connection Agent"="\"C:\\PROGRA~1\\MICROS~4\\wcescomm.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dell|Alert"="C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 7.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 7.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 7.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\GMT\\GMT.exe /startup"
"item"="GStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Microsoft Works Calendar Reminders"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PowerPanel.lnk"
"backup"="C:\\WINDOWS\\pss\\PowerPanel.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\CYBERP~1\\POWERP~1\\PowPanel.exe "
"item"="PowerPanel"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eetu"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\rdso\\eetu.exe\" -vt mt"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alchem"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\alchem.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMESys"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContextUninstall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="STUninstall"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\STUninstall.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Des]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="r?gedit"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\r?gedit.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnyxzoe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uhqgbl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\uhqgbl.exe r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inetgt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="inetgt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\inetgt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kazaa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DownloadWare\\dw.exe\" /H"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AolPassHack"
"hkey"="HKLM"
"command"="C:\\Program Files\\KaZaA\\My Shared Folder\\AolPassHack.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Moauxkn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pnex"
"hkey"="HKLM"
"command"="C:\\Program Files\\Xoec\\Pnex.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msbb"
"hkey"="HKLM"
"command"="c:\\program files\\internet optimizer\\sim\\msbb.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="navapw32"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="P2P Networking"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sc"
"hkey"="HKLM"
"command"="C:\\windows\\slog\\sc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="se"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\se\\v11\\se.EXE\" /H"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TempLoader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Loader"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\Hum\\LOCALS~1\\Temp\\Loader.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tgcmd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe /server /startmonitor /deaf"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Tvm"
"hkey"="HKLM"
"command"="C:\\Program Files\\TV Media\\Tvm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="updmgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common files\\updmgr\\updmgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.EXE 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\WeatherCast\\Weather.exe\" /q"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebRebates0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Web_Rebates\\WebRebates0.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Save\\Save.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Search"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WhenUSearch\\Search.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cdaEngine0500"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WildTangent\\Apps\\CDA\\GameDrvr.exe\" /startup \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0500.dll\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Files]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dnetc"
"hkey"="HKLM"
"command"="C:\\Program Files\\microsoft hardware\\dnetc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WToolsA"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wrzylhpxigf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ybdzik]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zurw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zurwm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\zurw\\zurwm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{12EE7A5E-0674-42f9-A76B-000000004D00}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe stlb2.dll,DllRunMain"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamini.exe"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\%s"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-14 23:18:00

Uninstall List
"Hum" - 07-01-14 23:14:25 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Hum\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wintsvit.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\svchost.exe
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\S?mantec
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1\w?nspool.exe


((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))


2007-01-14 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek
2007-01-14 03:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-01-12 14:27 1,474 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-12 00:37 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-12 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-11 22:16 <DIR> d-------- C:\SmitfraudFix
2007-01-11 19:50 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\PC Tools
2007-01-11 19:33 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\SystemDoctor 2006 Free
2007-01-11 16:11 25,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2007-01-11 14:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 14:29 <DIR> d-------- C:\Program Files\MalwareBot
2007-01-11 14:20 <DIR> d-------- C:\Program Files\Malware-Wiped
2007-01-11 13:47 <DIR> d--hs---- C:\WA7P
2007-01-11 13:46 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\WinAntiVirus Pro 2007
2007-01-11 13:45 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-01-11 13:45 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-01-11 13:45 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-01-11 13:45 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-01-11 13:37 20,992 --a------ C:\WINDOWS\SYSTEM32\axlet.dll
2007-01-11 02:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-11 02:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-01-11 02:05 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-01-11 01:41 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\peernet
2007-01-11 01:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-10 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-08 18:26 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\Google
2007-01-08 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-07 12:09 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-01-07 12:08 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-01-07 12:08 35,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-01-07 12:08 34,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-01-07 12:08 31,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-01-07 12:08 168,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-01-07 12:08 100,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-01-07 12:08 <DIR> d-------- C:\Program Files\McAfee.com
2007-01-07 12:07 <DIR> d-------- C:\Program Files\McAfee
2007-01-07 12:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-07 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-07 11:36 146 --a------ C:\DOCUME~1\Hum\Application Data\tvmuknwrd.dll
2007-01-06 19:12 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\InstallShield
2007-01-06 19:08 57,344 --a------ C:\WINDOWS\SYSTEM32\zxrzo.dll
2007-01-05 15:19 23,856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-01-05 15:15 <DIR> d-------- C:\WINDOWS\EHome
2007-01-05 15:05 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-01-05 14:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-01-05 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-05 14:40 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-01-05 14:40 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-01-05 14:40 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-01-05 14:40 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-01-05 14:40 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-01-05 14:40 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-01-04 14:28 <DIR> d-------- C:\Program Files\support.com
2007-01-04 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Support.com
2006-12-14 13:08 77,824 --a------ C:\WINDOWS\SYSTEM32\NotePadSync.dll
2006-12-14 13:08 <DIR> d-------- C:\Program Files\SAMSUNG


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 03:41 -------- d-------- C:\Program Files\messenger
2007-01-11 03:35 -------- d-------- C:\Program Files\whenusearch
2007-01-11 03:30 -------- d-------- C:\Program Files\modem helper
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft works
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft picture it! 2002
2007-01-11 03:30 -------- d-------- C:\Program Files\aim95
2007-01-11 02:55 -------- d-------- C:\Program Files\Common Files\real
2007-01-11 02:12 -------- d---s---- C:\DOCUME~1\Hum\Application Data\microsoft
2007-01-11 02:01 2508 --a------ C:\DOCUME~1\Hum\Application Data\$_hpcst$.hpc
2007-01-11 02:00 -------- d-------- C:\Program Files\microsoft activesync
2007-01-11 01:26 -------- d-------- C:\Program Files\movie maker
2007-01-11 01:20 -------- d-------- C:\Program Files\windows nt
2007-01-08 13:17 -------- d-------- C:\Program Files\google
2007-01-07 12:18 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-07 12:17 -------- d-------- C:\Program Files\symantec
2007-01-07 11:36 0 --a------ C:\DOCUME~1\Hum\Application Data\tvmknwrd.dll
2007-01-05 14:49 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 21:27 -------- d--h----- C:\Program Files\installshield installation information
2006-12-08 23:57 -------- d-------- C:\DOCUME~1\Hum\Application Data\real
2006-12-08 23:55 -------- d-------- C:\Program Files\real
2006-12-08 23:27 22768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\SYSTEM32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
  • 0

#8
Perfect Alibi

Perfect Alibi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
thanks, you are beimg really helpful.
Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 11:21:50 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.attbi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe" -vt mt
O4 - HKCU\..\Run: [Bdurqsp] C:\WINDOWS\SYSTEM32\?ecurity\w?nspool.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.attbi.com
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Spades - http://download2.gam...nts/y/st3_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168495245295
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

Combofix
"Hum" - 07-01-14 23:14:25 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Hum\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wintsvit.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\svchost.exe
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\S?mantec
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1\w?nspool.exe


((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))


2007-01-14 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek
2007-01-14 03:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-01-12 14:27 1,474 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-12 00:37 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-12 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-11 22:16 <DIR> d-------- C:\SmitfraudFix
2007-01-11 19:50 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\PC Tools
2007-01-11 19:33 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\SystemDoctor 2006 Free
2007-01-11 16:11 25,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2007-01-11 14:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 14:29 <DIR> d-------- C:\Program Files\MalwareBot
2007-01-11 14:20 <DIR> d-------- C:\Program Files\Malware-Wiped
2007-01-11 13:47 <DIR> d--hs---- C:\WA7P
2007-01-11 13:46 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\WinAntiVirus Pro 2007
2007-01-11 13:45 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-01-11 13:45 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-01-11 13:45 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-01-11 13:45 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-01-11 13:37 20,992 --a------ C:\WINDOWS\SYSTEM32\axlet.dll
2007-01-11 02:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-11 02:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-01-11 02:05 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-01-11 01:41 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\peernet
2007-01-11 01:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-10 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-08 18:26 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\Google
2007-01-08 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-07 12:09 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-01-07 12:08 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-01-07 12:08 35,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-01-07 12:08 34,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-01-07 12:08 31,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-01-07 12:08 168,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-01-07 12:08 100,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-01-07 12:08 <DIR> d-------- C:\Program Files\McAfee.com
2007-01-07 12:07 <DIR> d-------- C:\Program Files\McAfee
2007-01-07 12:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-07 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-07 11:36 146 --a------ C:\DOCUME~1\Hum\Application Data\tvmuknwrd.dll
2007-01-06 19:12 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\InstallShield
2007-01-06 19:08 57,344 --a------ C:\WINDOWS\SYSTEM32\zxrzo.dll
2007-01-05 15:19 23,856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-01-05 15:15 <DIR> d-------- C:\WINDOWS\EHome
2007-01-05 15:05 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-01-05 14:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-01-05 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-05 14:40 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-01-05 14:40 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-01-05 14:40 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-01-05 14:40 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-01-05 14:40 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-01-05 14:40 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-01-04 14:28 <DIR> d-------- C:\Program Files\support.com
2007-01-04 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Support.com
2006-12-14 13:08 77,824 --a------ C:\WINDOWS\SYSTEM32\NotePadSync.dll
2006-12-14 13:08 <DIR> d-------- C:\Program Files\SAMSUNG


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 03:41 -------- d-------- C:\Program Files\messenger
2007-01-11 03:35 -------- d-------- C:\Program Files\whenusearch
2007-01-11 03:30 -------- d-------- C:\Program Files\modem helper
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft works
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft picture it! 2002
2007-01-11 03:30 -------- d-------- C:\Program Files\aim95
2007-01-11 02:55 -------- d-------- C:\Program Files\Common Files\real
2007-01-11 02:12 -------- d---s---- C:\DOCUME~1\Hum\Application Data\microsoft
2007-01-11 02:01 2508 --a------ C:\DOCUME~1\Hum\Application Data\$_hpcst$.hpc
2007-01-11 02:00 -------- d-------- C:\Program Files\microsoft activesync
2007-01-11 01:26 -------- d-------- C:\Program Files\movie maker
2007-01-11 01:20 -------- d-------- C:\Program Files\windows nt
2007-01-08 13:17 -------- d-------- C:\Program Files\google
2007-01-07 12:18 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-07 12:17 -------- d-------- C:\Program Files\symantec
2007-01-07 11:36 0 --a------ C:\DOCUME~1\Hum\Application Data\tvmknwrd.dll
2007-01-05 14:49 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 21:27 -------- d--h----- C:\Program Files\installshield installation information
2006-12-08 23:57 -------- d-------- C:\DOCUME~1\Hum\Application Data\real
2006-12-08 23:55 -------- d-------- C:\Program Files\real
2006-12-08 23:27 22768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\SYSTEM32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadve.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadvd.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wdfapi.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\SYSTEM32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\SYSTEM32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\SYSTEM32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\SYSTEM32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\SYSTEM32\mp4sdecd.dll
2006-10-18 21:47 314880 --------- C:\WINDOWS\SYSTEM32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\SYSTEM32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\SYSTEM32\audiodev.dll
2006-10-18 21:47 27136 --------- C:\WINDOWS\SYSTEM32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\SYSTEM32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-10-18 21:47 242688 --------- C:\WINDOWS\SYSTEM32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-10-18 21:47 227328 --------- C:\WINDOWS\SYSTEM32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\SYSTEM32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\SYSTEM32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\SYSTEM32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\SYSTEM32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\SYSTEM32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\SYSTEM32\wmvencod.dll
2006-10-18 21:47 157184 --------- C:\WINDOWS\SYSTEM32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\SYSTEM32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\SYSTEM32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\SYSTEM32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\SYSTEM32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --------- C:\WINDOWS\SYSTEM32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\SYSTEM32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\SYSTEM32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\SYSTEM32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\SYSTEM32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TV Media"="C:\\Program Files\\TV Media\\Tvm.exe"
"Aida"="\"C:\\PROGRA~1\\COMMON~1\\SMANTE~1\\svchost.exe\" -vt mt"
"Bdurqsp"="C:\\WINDOWS\\SYSTEM32\\?ecurity\\w?nspool.exe"
"H/PC Connection Agent"="\"C:\\PROGRA~1\\MICROS~4\\wcescomm.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dell|Alert"="C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 7.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 7.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 7.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\GMT\\GMT.exe /startup"
"item"="GStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Microsoft Works Calendar Reminders"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PowerPanel.lnk"
"backup"="C:\\WINDOWS\\pss\\PowerPanel.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\CYBERP~1\\POWERP~1\\PowPanel.exe "
"item"="PowerPanel"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eetu"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\rdso\\eetu.exe\" -vt mt"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alchem"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\alchem.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMESys"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContextUninstall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="STUninstall"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\STUninstall.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Des]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="r?gedit"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\r?gedit.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnyxzoe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uhqgbl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\uhqgbl.exe r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inetgt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="inetgt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\inetgt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kazaa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DownloadWare\\dw.exe\" /H"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AolPassHack"
"hkey"="HKLM"
"command"="C:\\Program Files\\KaZaA\\My Shared Folder\\AolPassHack.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Moauxkn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pnex"
"hkey"="HKLM"
"command"="C:\\Program Files\\Xoec\\Pnex.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msbb"
"hkey"="HKLM"
"command"="c:\\program files\\internet optimizer\\sim\\msbb.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="navapw32"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="P2P Networking"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sc"
"hkey"="HKLM"
"command"="C:\\windows\\slog\\sc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="se"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\se\\v11\\se.EXE\" /H"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TempLoader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Loader"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\Hum\\LOCALS~1\\Temp\\Loader.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tgcmd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe /server /startmonitor /deaf"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Tvm"
"hkey"="HKLM"
"command"="C:\\Program Files\\TV Media\\Tvm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="updmgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common files\\updmgr\\updmgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.EXE 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\WeatherCast\\Weather.exe\" /q"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebRebates0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Web_Rebates\\WebRebates0.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Save\\Save.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Search"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WhenUSearch\\Search.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cdaEngine0500"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WildTangent\\Apps\\CDA\\GameDrvr.exe\" /startup \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0500.dll\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Files]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dnetc"
"hkey"="HKLM"
"command"="C:\\Program Files\\microsoft hardware\\dnetc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WToolsA"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wrzylhpxigf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ybdzik]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zurw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zurwm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\zurw\\zurwm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{12EE7A5E-0674-42f9-A76B-000000004D00}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe stlb2.dll,DllRunMain"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamini.exe"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\%s"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-14 23:18:00

Uninstall List
"Hum" - 07-01-14 23:14:25 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Hum\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wintsvit.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\svchost.exe
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\S?mantec
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1\w?nspool.exe


((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))


2007-01-14 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek
2007-01-14 03:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-01-12 14:27 1,474 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-12 00:37 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-12 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-11 22:16 <DIR> d-------- C:\SmitfraudFix
2007-01-11 19:50 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\PC Tools
2007-01-11 19:33 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\SystemDoctor 2006 Free
2007-01-11 16:11 25,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2007-01-11 14:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 14:29 <DIR> d-------- C:\Program Files\MalwareBot
2007-01-11 14:20 <DIR> d-------- C:\Program Files\Malware-Wiped
2007-01-11 13:47 <DIR> d--hs---- C:\WA7P
2007-01-11 13:46 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\WinAntiVirus Pro 2007
2007-01-11 13:45 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-01-11 13:45 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-01-11 13:45 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-01-11 13:45 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-01-11 13:37 20,992 --a------ C:\WINDOWS\SYSTEM32\axlet.dll
2007-01-11 02:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-11 02:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-01-11 02:05 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-01-11 01:41 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\peernet
2007-01-11 01:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-10 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-08 18:26 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\Google
2007-01-08 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-07 12:09 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-01-07 12:08 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-01-07 12:08 35,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-01-07 12:08 34,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-01-07 12:08 31,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-01-07 12:08 168,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-01-07 12:08 100,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-01-07 12:08 <DIR> d-------- C:\Program Files\McAfee.com
2007-01-07 12:07 <DIR> d-------- C:\Program Files\McAfee
2007-01-07 12:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-07 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-07 11:36 146 --a------ C:\DOCUME~1\Hum\Application Data\tvmuknwrd.dll
2007-01-06 19:12 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\InstallShield
2007-01-06 19:08 57,344 --a------ C:\WINDOWS\SYSTEM32\zxrzo.dll
2007-01-05 15:19 23,856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-01-05 15:15 <DIR> d-------- C:\WINDOWS\EHome
2007-01-05 15:05 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-01-05 14:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-01-05 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-05 14:40 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-01-05 14:40 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-01-05 14:40 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-01-05 14:40 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-01-05 14:40 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-01-05 14:40 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-01-04 14:28 <DIR> d-------- C:\Program Files\support.com
2007-01-04 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Support.com
2006-12-14 13:08 77,824 --a------ C:\WINDOWS\SYSTEM32\NotePadSync.dll
2006-12-14 13:08 <DIR> d-------- C:\Program Files\SAMSUNG


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 03:41 -------- d-------- C:\Program Files\messenger
2007-01-11 03:35 -------- d-------- C:\Program Files\whenusearch
2007-01-11 03:30 -------- d-------- C:\Program Files\modem helper
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft works
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft picture it! 2002
2007-01-11 03:30 -------- d-------- C:\Program Files\aim95
2007-01-11 02:55 -------- d-------- C:\Program Files\Common Files\real
2007-01-11 02:12 -------- d---s---- C:\DOCUME~1\Hum\Application Data\microsoft
2007-01-11 02:01 2508 --a------ C:\DOCUME~1\Hum\Application Data\$_hpcst$.hpc
2007-01-11 02:00 -------- d-------- C:\Program Files\microsoft activesync
2007-01-11 01:26 -------- d-------- C:\Program Files\movie maker
2007-01-11 01:20 -------- d-------- C:\Program Files\windows nt
2007-01-08 13:17 -------- d-------- C:\Program Files\google
2007-01-07 12:18 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-07 12:17 -------- d-------- C:\Program Files\symantec
2007-01-07 11:36 0 --a------ C:\DOCUME~1\Hum\Application Data\tvmknwrd.dll
2007-01-05 14:49 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 21:27 -------- d--h----- C:\Program Files\installshield installation information
2006-12-08 23:57 -------- d-------- C:\DOCUME~1\Hum\Application Data\real
2006-12-08 23:55 -------- d-------- C:\Program Files\real
2006-12-08 23:27 22768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\SYSTEM32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
  • 0

#9
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Can i get the uninstall list also please.



:whistling:



Excal
  • 0

#10
Perfect Alibi

Perfect Alibi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Uninstall List


Adobe Flash Player 9 ActiveX
AIM Toolbar
America Online
AOL Instant Messenger
ATI Display Driver
BMSE dbl
Comcast High-Speed Internet Install Wizard
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Context Display
Dell | Support
Dell Solution Center
Desktop Doctor
Easy CD Creator 5 Basic
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB926239)
IE Help
IEC system
InterActual Player
iPod for Windows 2005-03-23
iTunes
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
McAfee SecurityCenter
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Outlook 2002
Microsoft Picture It! Photo 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
NotePadSync
PartyPokerNet
PowerDVD
PowerPanel 2.03
QuickTime
RealPlayer
Realtek RTL8139 Diagnostics Program
RON Display
SAMSUNG Mobile Modem Driver Set
SE Assistant
SE Help
Search Aid
Search Function
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929969)
Shockwave
Software Update Manager
Software Update Manager
System Alert Popup
TSA
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
URL Display
USB MP3 Player WIN98 Drivers
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WSEM Update
  • 0

Advertisements


#11
Perfect Alibi

Perfect Alibi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
ComboFix Log



"Hum" - 07-01-15 1:29:38 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Hum\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\svchost.exe
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\S?mantec
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1\w?nspool.exe


((((((((((((((((((((((((((((((( Files Created from 2006-12-15 to 2007-01-15 ))))))))))))))))))))))))))))))))))


2007-01-14 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek
2007-01-14 03:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-01-12 14:27 1,474 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-12 00:37 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-12 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-11 22:16 <DIR> d-------- C:\SmitfraudFix
2007-01-11 19:50 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\PC Tools
2007-01-11 19:33 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\SystemDoctor 2006 Free
2007-01-11 16:11 25,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2007-01-11 14:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 14:29 <DIR> d-------- C:\Program Files\MalwareBot
2007-01-11 14:20 <DIR> d-------- C:\Program Files\Malware-Wiped
2007-01-11 13:47 <DIR> d--hs---- C:\WA7P
2007-01-11 13:46 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\WinAntiVirus Pro 2007
2007-01-11 13:45 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-01-11 13:45 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-01-11 13:45 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-01-11 13:45 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-01-11 13:37 20,992 --a------ C:\WINDOWS\SYSTEM32\axlet.dll
2007-01-11 02:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-11 02:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-01-11 02:05 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-01-11 01:41 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\peernet
2007-01-11 01:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-10 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-08 18:26 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\Google
2007-01-08 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-07 12:09 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-01-07 12:08 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-01-07 12:08 35,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-01-07 12:08 34,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-01-07 12:08 31,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-01-07 12:08 168,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-01-07 12:08 100,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-01-07 12:08 <DIR> d-------- C:\Program Files\McAfee.com
2007-01-07 12:07 <DIR> d-------- C:\Program Files\McAfee
2007-01-07 12:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-07 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-07 11:36 146 --a------ C:\DOCUME~1\Hum\Application Data\tvmuknwrd.dll
2007-01-06 19:12 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\InstallShield
2007-01-06 19:08 57,344 --a------ C:\WINDOWS\SYSTEM32\zxrzo.dll
2007-01-05 15:19 23,856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-01-05 15:15 <DIR> d-------- C:\WINDOWS\EHome
2007-01-05 15:05 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-01-05 14:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-01-05 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-05 14:40 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-01-05 14:40 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-01-05 14:40 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-01-05 14:40 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-01-05 14:40 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-01-05 14:40 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-01-04 14:28 <DIR> d-------- C:\Program Files\support.com
2007-01-04 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Support.com


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 03:41 -------- d-------- C:\Program Files\messenger
2007-01-11 03:35 -------- d-------- C:\Program Files\whenusearch
2007-01-11 03:30 -------- d-------- C:\Program Files\modem helper
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft works
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft picture it! 2002
2007-01-11 03:30 -------- d-------- C:\Program Files\aim95
2007-01-11 02:55 -------- d-------- C:\Program Files\Common Files\real
2007-01-11 02:12 -------- d---s---- C:\DOCUME~1\Hum\Application Data\microsoft
2007-01-11 02:01 2508 --a------ C:\DOCUME~1\Hum\Application Data\$_hpcst$.hpc
2007-01-11 02:00 -------- d-------- C:\Program Files\microsoft activesync
2007-01-11 01:26 -------- d-------- C:\Program Files\movie maker
2007-01-11 01:20 -------- d-------- C:\Program Files\windows nt
2007-01-08 13:17 -------- d-------- C:\Program Files\google
2007-01-07 12:18 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-07 12:17 -------- d-------- C:\Program Files\symantec
2007-01-07 11:36 0 --a------ C:\DOCUME~1\Hum\Application Data\tvmknwrd.dll
2007-01-05 14:49 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 21:27 -------- d--h----- C:\Program Files\installshield installation information
2006-12-14 13:08 -------- d-------- C:\Program Files\samsung
2006-12-08 23:57 -------- d-------- C:\DOCUME~1\Hum\Application Data\real
2006-12-08 23:55 -------- d-------- C:\Program Files\real
2006-12-08 23:27 22768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\SYSTEM32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadve.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadvd.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wdfapi.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\SYSTEM32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\SYSTEM32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\SYSTEM32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\SYSTEM32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\SYSTEM32\mp4sdecd.dll
2006-10-18 21:47 314880 --------- C:\WINDOWS\SYSTEM32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\SYSTEM32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\SYSTEM32\audiodev.dll
2006-10-18 21:47 27136 --------- C:\WINDOWS\SYSTEM32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\SYSTEM32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-10-18 21:47 242688 --------- C:\WINDOWS\SYSTEM32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-10-18 21:47 227328 --------- C:\WINDOWS\SYSTEM32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\SYSTEM32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\SYSTEM32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\SYSTEM32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\SYSTEM32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\SYSTEM32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\SYSTEM32\wmvencod.dll
2006-10-18 21:47 157184 --------- C:\WINDOWS\SYSTEM32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\SYSTEM32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\SYSTEM32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\SYSTEM32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\SYSTEM32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --------- C:\WINDOWS\SYSTEM32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\SYSTEM32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\SYSTEM32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\SYSTEM32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\SYSTEM32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TV Media"="C:\\Program Files\\TV Media\\Tvm.exe"
"Aida"="\"C:\\PROGRA~1\\COMMON~1\\SMANTE~1\\svchost.exe\" -vt mt"
"Bdurqsp"="C:\\WINDOWS\\SYSTEM32\\?ecurity\\w?nspool.exe"
"H/PC Connection Agent"="\"C:\\PROGRA~1\\MICROS~4\\wcescomm.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dell|Alert"="C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 7.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 7.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 7.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\GMT\\GMT.exe /startup"
"item"="GStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Microsoft Works Calendar Reminders"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PowerPanel.lnk"
"backup"="C:\\WINDOWS\\pss\\PowerPanel.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\CYBERP~1\\POWERP~1\\PowPanel.exe "
"item"="PowerPanel"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eetu"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\rdso\\eetu.exe\" -vt mt"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alchem"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\alchem.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMESys"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContextUninstall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="STUninstall"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\STUninstall.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Des]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="r?gedit"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\r?gedit.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnyxzoe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uhqgbl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\uhqgbl.exe r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inetgt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="inetgt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\inetgt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kazaa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DownloadWare\\dw.exe\" /H"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AolPassHack"
"hkey"="HKLM"
"command"="C:\\Program Files\\KaZaA\\My Shared Folder\\AolPassHack.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Moauxkn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pnex"
"hkey"="HKLM"
"command"="C:\\Program Files\\Xoec\\Pnex.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msbb"
"hkey"="HKLM"
"command"="c:\\program files\\internet optimizer\\sim\\msbb.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="navapw32"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="P2P Networking"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sc"
"hkey"="HKLM"
"command"="C:\\windows\\slog\\sc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="se"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\se\\v11\\se.EXE\" /H"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TempLoader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Loader"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\Hum\\LOCALS~1\\Temp\\Loader.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tgcmd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe /server /startmonitor /deaf"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Tvm"
"hkey"="HKLM"
"command"="C:\\Program Files\\TV Media\\Tvm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="updmgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common files\\updmgr\\updmgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.EXE 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\WeatherCast\\Weather.exe\" /q"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebRebates0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Web_Rebates\\WebRebates0.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Save\\Save.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Search"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WhenUSearch\\Search.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cdaEngine0500"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WildTangent\\Apps\\CDA\\GameDrvr.exe\" /startup \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0500.dll\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Files]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dnetc"
"hkey"="HKLM"
"command"="C:\\Program Files\\microsoft hardware\\dnetc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WToolsA"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wrzylhpxigf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ybdzik]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zurw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zurwm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\zurw\\zurwm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{12EE7A5E-0674-42f9-A76B-000000004D00}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe stlb2.dll,DllRunMain"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamini.exe"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\%s"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-15 1:33:54
C:\ComboFix2.txt ... 07-01-14 23:18
  • 0

#12
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Wow, nice collection you have there..... :blink:

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Thanks,


:whistling:


Excal
  • 0

#13
Perfect Alibi

Perfect Alibi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
i downloaded the Winpfind3u and started my scan, however in the middle of the scan the program freezes and my task manger say that it in't responding. Please help
  • 0

#14
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Ok :blink:

Depending on how large your hard drive is task Manager could say that WPF is not responding when in reality it is performing the file scanning. Check what the status bar says at the bottom to see if the program is actually stalling and where that point is. If it is doing the file scanning the status bar will continually update with what file is being scanned (even when Task Manager says it is not responding).

Try it again and let me know. It may take a while, so leave it running if you have that opportunity.

:whistling:


Excal
  • 0

#15
Perfect Alibi

Perfect Alibi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
well i've activated the scan and kept up with the status bar but when it gets to a certain file called "C:/WINDOWS/setupapi.log.0.old " it freezes. the scan has been running now for over an hour and is still continuing to run ( but i think its stuck). what am i to do.? :whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP