w.32.myzor.fk@yf
Started by
Perfect Alibi
, Jan 13 2007 12:27 AM
#1
Posted 13 January 2007 - 12:27 AM
#2
Posted 13 January 2007 - 01:30 AM
Hi Perfect Alibi and welcome to GeeksToGo!
If you are having malware issues, please go to the following link and follow all the instructions carefully.
You Must Read This Before Posting A Hijackthis Log
this will help you clean up to 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THIS thread.
Thanks,
Excal
If you are having malware issues, please go to the following link and follow all the instructions carefully.
You Must Read This Before Posting A Hijackthis Log
this will help you clean up to 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THIS thread.
Thanks,
Excal
#3
Posted 14 January 2007 - 02:29 AM
thanks for the help but i need to know step by step information on how to get this out because i ran the smithfraud on my safe mode and i think i really messed up
#4
Posted 14 January 2007 - 11:04 AM
At the very least I am going to see a HiJackthis log
Excal
Excal
#5
Posted 14 January 2007 - 08:30 PM
I hope i did this right!!!! I really appreciat the help.
Logfile of HijackThis v1.99.1
Scan saved at 9:27:45 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://officialhomep...org/home15.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...g...=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.attbi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {8362B8A7-7E31-0B9D-15DA-71F2CD234599} - C:\WINDOWS\System32\zxrzo.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe" -vt mt
O4 - HKCU\..\Run: [Bdurqsp] C:\WINDOWS\SYSTEM32\?ecurity\w?nspool.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.attbi.com
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Spades - http://download2.gam...nts/y/st3_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwir...5.30/Hiwire.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotb...rams/hotbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168495245295
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 9:27:45 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://officialhomep...org/home15.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...g...=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.attbi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {8362B8A7-7E31-0B9D-15DA-71F2CD234599} - C:\WINDOWS\System32\zxrzo.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe" -vt mt
O4 - HKCU\..\Run: [Bdurqsp] C:\WINDOWS\SYSTEM32\?ecurity\w?nspool.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.attbi.com
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Spades - http://download2.gam...nts/y/st3_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwir...5.30/Hiwire.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotb...rams/hotbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168495245295
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
#6
Posted 14 January 2007 - 09:47 PM
Got a little work to do
Open up Hijackthis and do a scan. Check the following items off:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://officialhomep...org/home15.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...g...=stmpl1&fw=
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {8362B8A7-7E31-0B9D-15DA-71F2CD234599} - C:\WINDOWS\System32\zxrzo.dll
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwir...5.30/Hiwire.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotb...rams/hotbar.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)
Click Fix Checked, then close HJT
1. Download ComboFix.exe using either of these links:
BleepingComputer
Techsupportforum.com
2. Double click on combofix.exe & follow the prompts to allow the tool to run.
3. When it has finished, it will produce a log for you.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Excal
Open up Hijackthis and do a scan. Check the following items off:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://officialhomep...org/home15.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...g...=stmpl1&fw=
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {8362B8A7-7E31-0B9D-15DA-71F2CD234599} - C:\WINDOWS\System32\zxrzo.dll
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwir...5.30/Hiwire.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotb...rams/hotbar.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)
Click Fix Checked, then close HJT
1. Download ComboFix.exe using either of these links:
BleepingComputer
Techsupportforum.com
2. Double click on combofix.exe & follow the prompts to allow the tool to run.
3. When it has finished, it will produce a log for you.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
- Open HiJackThis
- Click on the configure button on the bottom right
- Click on the tab "Misc Tools"
- Click on the Box that says "Open Uninstall Manager"
- Click on the button "Save list"
- Copy and past the List from the notebook onto your post
Excal
#7
Posted 14 January 2007 - 10:27 PM
thanks, you are beimg really helpful.
Hijack log
Logfile of HijackThis v1.99.1
Scan saved at 11:21:50 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.attbi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe" -vt mt
O4 - HKCU\..\Run: [Bdurqsp] C:\WINDOWS\SYSTEM32\?ecurity\w?nspool.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.attbi.com
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Spades - http://download2.gam...nts/y/st3_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168495245295
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
Combofix
"Hum" - 07-01-14 23:14:25 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Hum\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wintsvit.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\svchost.exe
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\S?mantec
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1\w?nspool.exe
((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))
2007-01-14 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek
2007-01-14 03:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-01-12 14:27 1,474 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-12 00:37 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-12 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-11 22:16 <DIR> d-------- C:\SmitfraudFix
2007-01-11 19:50 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\PC Tools
2007-01-11 19:33 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\SystemDoctor 2006 Free
2007-01-11 16:11 25,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2007-01-11 14:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 14:29 <DIR> d-------- C:\Program Files\MalwareBot
2007-01-11 14:20 <DIR> d-------- C:\Program Files\Malware-Wiped
2007-01-11 13:47 <DIR> d--hs---- C:\WA7P
2007-01-11 13:46 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\WinAntiVirus Pro 2007
2007-01-11 13:45 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-01-11 13:45 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-01-11 13:45 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-01-11 13:45 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-01-11 13:37 20,992 --a------ C:\WINDOWS\SYSTEM32\axlet.dll
2007-01-11 02:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-11 02:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-01-11 02:05 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-01-11 01:41 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\peernet
2007-01-11 01:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-10 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-08 18:26 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\Google
2007-01-08 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-07 12:09 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-01-07 12:08 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-01-07 12:08 35,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-01-07 12:08 34,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-01-07 12:08 31,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-01-07 12:08 168,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-01-07 12:08 100,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-01-07 12:08 <DIR> d-------- C:\Program Files\McAfee.com
2007-01-07 12:07 <DIR> d-------- C:\Program Files\McAfee
2007-01-07 12:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-07 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-07 11:36 146 --a------ C:\DOCUME~1\Hum\Application Data\tvmuknwrd.dll
2007-01-06 19:12 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\InstallShield
2007-01-06 19:08 57,344 --a------ C:\WINDOWS\SYSTEM32\zxrzo.dll
2007-01-05 15:19 23,856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-01-05 15:15 <DIR> d-------- C:\WINDOWS\EHome
2007-01-05 15:05 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-01-05 14:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-01-05 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-05 14:40 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-01-05 14:40 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-01-05 14:40 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-01-05 14:40 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-01-05 14:40 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-01-05 14:40 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-01-04 14:28 <DIR> d-------- C:\Program Files\support.com
2007-01-04 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Support.com
2006-12-14 13:08 77,824 --a------ C:\WINDOWS\SYSTEM32\NotePadSync.dll
2006-12-14 13:08 <DIR> d-------- C:\Program Files\SAMSUNG
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-14 03:41 -------- d-------- C:\Program Files\messenger
2007-01-11 03:35 -------- d-------- C:\Program Files\whenusearch
2007-01-11 03:30 -------- d-------- C:\Program Files\modem helper
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft works
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft picture it! 2002
2007-01-11 03:30 -------- d-------- C:\Program Files\aim95
2007-01-11 02:55 -------- d-------- C:\Program Files\Common Files\real
2007-01-11 02:12 -------- d---s---- C:\DOCUME~1\Hum\Application Data\microsoft
2007-01-11 02:01 2508 --a------ C:\DOCUME~1\Hum\Application Data\$_hpcst$.hpc
2007-01-11 02:00 -------- d-------- C:\Program Files\microsoft activesync
2007-01-11 01:26 -------- d-------- C:\Program Files\movie maker
2007-01-11 01:20 -------- d-------- C:\Program Files\windows nt
2007-01-08 13:17 -------- d-------- C:\Program Files\google
2007-01-07 12:18 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-07 12:17 -------- d-------- C:\Program Files\symantec
2007-01-07 11:36 0 --a------ C:\DOCUME~1\Hum\Application Data\tvmknwrd.dll
2007-01-05 14:49 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 21:27 -------- d--h----- C:\Program Files\installshield installation information
2006-12-08 23:57 -------- d-------- C:\DOCUME~1\Hum\Application Data\real
2006-12-08 23:55 -------- d-------- C:\Program Files\real
2006-12-08 23:27 22768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\SYSTEM32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadve.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadvd.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wdfapi.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\SYSTEM32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\SYSTEM32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\SYSTEM32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\SYSTEM32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\SYSTEM32\mp4sdecd.dll
2006-10-18 21:47 314880 --------- C:\WINDOWS\SYSTEM32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\SYSTEM32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\SYSTEM32\audiodev.dll
2006-10-18 21:47 27136 --------- C:\WINDOWS\SYSTEM32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\SYSTEM32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-10-18 21:47 242688 --------- C:\WINDOWS\SYSTEM32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-10-18 21:47 227328 --------- C:\WINDOWS\SYSTEM32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\SYSTEM32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\SYSTEM32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\SYSTEM32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\SYSTEM32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\SYSTEM32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\SYSTEM32\wmvencod.dll
2006-10-18 21:47 157184 --------- C:\WINDOWS\SYSTEM32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\SYSTEM32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\SYSTEM32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\SYSTEM32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\SYSTEM32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --------- C:\WINDOWS\SYSTEM32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\SYSTEM32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\SYSTEM32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\SYSTEM32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\SYSTEM32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TV Media"="C:\\Program Files\\TV Media\\Tvm.exe"
"Aida"="\"C:\\PROGRA~1\\COMMON~1\\SMANTE~1\\svchost.exe\" -vt mt"
"Bdurqsp"="C:\\WINDOWS\\SYSTEM32\\?ecurity\\w?nspool.exe"
"H/PC Connection Agent"="\"C:\\PROGRA~1\\MICROS~4\\wcescomm.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dell|Alert"="C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 7.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 7.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 7.0 Tray Icon"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\GMT\\GMT.exe /startup"
"item"="GStartup"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Microsoft Works Calendar Reminders"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PowerPanel.lnk"
"backup"="C:\\WINDOWS\\pss\\PowerPanel.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\CYBERP~1\\POWERP~1\\PowPanel.exe "
"item"="PowerPanel"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eetu"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\rdso\\eetu.exe\" -vt mt"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alchem"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\alchem.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMESys"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContextUninstall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="STUninstall"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\STUninstall.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Des]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="r?gedit"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\r?gedit.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnyxzoe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uhqgbl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\uhqgbl.exe r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inetgt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="inetgt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\inetgt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kazaa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DownloadWare\\dw.exe\" /H"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AolPassHack"
"hkey"="HKLM"
"command"="C:\\Program Files\\KaZaA\\My Shared Folder\\AolPassHack.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Moauxkn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pnex"
"hkey"="HKLM"
"command"="C:\\Program Files\\Xoec\\Pnex.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msbb"
"hkey"="HKLM"
"command"="c:\\program files\\internet optimizer\\sim\\msbb.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="navapw32"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="P2P Networking"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sc"
"hkey"="HKLM"
"command"="C:\\windows\\slog\\sc.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="se"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\se\\v11\\se.EXE\" /H"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TempLoader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Loader"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\Hum\\LOCALS~1\\Temp\\Loader.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tgcmd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe /server /startmonitor /deaf"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Tvm"
"hkey"="HKLM"
"command"="C:\\Program Files\\TV Media\\Tvm.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="updmgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common files\\updmgr\\updmgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.EXE 1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\WeatherCast\\Weather.exe\" /q"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebRebates0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Web_Rebates\\WebRebates0.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Save\\Save.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Search"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WhenUSearch\\Search.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cdaEngine0500"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WildTangent\\Apps\\CDA\\GameDrvr.exe\" /startup \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0500.dll\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Files]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dnetc"
"hkey"="HKLM"
"command"="C:\\Program Files\\microsoft hardware\\dnetc.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WToolsA"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wrzylhpxigf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ybdzik]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zurw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zurwm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\zurw\\zurwm.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{12EE7A5E-0674-42f9-A76B-000000004D00}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe stlb2.dll,DllRunMain"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamini.exe"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\%s"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 07-01-14 23:18:00
Uninstall List
"Hum" - 07-01-14 23:14:25 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Hum\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wintsvit.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\svchost.exe
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\S?mantec
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1\w?nspool.exe
((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))
2007-01-14 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek
2007-01-14 03:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-01-12 14:27 1,474 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-12 00:37 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-12 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-11 22:16 <DIR> d-------- C:\SmitfraudFix
2007-01-11 19:50 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\PC Tools
2007-01-11 19:33 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\SystemDoctor 2006 Free
2007-01-11 16:11 25,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2007-01-11 14:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 14:29 <DIR> d-------- C:\Program Files\MalwareBot
2007-01-11 14:20 <DIR> d-------- C:\Program Files\Malware-Wiped
2007-01-11 13:47 <DIR> d--hs---- C:\WA7P
2007-01-11 13:46 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\WinAntiVirus Pro 2007
2007-01-11 13:45 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-01-11 13:45 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-01-11 13:45 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-01-11 13:45 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-01-11 13:37 20,992 --a------ C:\WINDOWS\SYSTEM32\axlet.dll
2007-01-11 02:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-11 02:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-01-11 02:05 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-01-11 01:41 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\peernet
2007-01-11 01:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-10 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-08 18:26 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\Google
2007-01-08 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-07 12:09 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-01-07 12:08 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-01-07 12:08 35,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-01-07 12:08 34,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-01-07 12:08 31,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-01-07 12:08 168,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-01-07 12:08 100,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-01-07 12:08 <DIR> d-------- C:\Program Files\McAfee.com
2007-01-07 12:07 <DIR> d-------- C:\Program Files\McAfee
2007-01-07 12:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-07 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-07 11:36 146 --a------ C:\DOCUME~1\Hum\Application Data\tvmuknwrd.dll
2007-01-06 19:12 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\InstallShield
2007-01-06 19:08 57,344 --a------ C:\WINDOWS\SYSTEM32\zxrzo.dll
2007-01-05 15:19 23,856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-01-05 15:15 <DIR> d-------- C:\WINDOWS\EHome
2007-01-05 15:05 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-01-05 14:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-01-05 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-05 14:40 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-01-05 14:40 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-01-05 14:40 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-01-05 14:40 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-01-05 14:40 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-01-05 14:40 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-01-04 14:28 <DIR> d-------- C:\Program Files\support.com
2007-01-04 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Support.com
2006-12-14 13:08 77,824 --a------ C:\WINDOWS\SYSTEM32\NotePadSync.dll
2006-12-14 13:08 <DIR> d-------- C:\Program Files\SAMSUNG
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-14 03:41 -------- d-------- C:\Program Files\messenger
2007-01-11 03:35 -------- d-------- C:\Program Files\whenusearch
2007-01-11 03:30 -------- d-------- C:\Program Files\modem helper
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft works
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft picture it! 2002
2007-01-11 03:30 -------- d-------- C:\Program Files\aim95
2007-01-11 02:55 -------- d-------- C:\Program Files\Common Files\real
2007-01-11 02:12 -------- d---s---- C:\DOCUME~1\Hum\Application Data\microsoft
2007-01-11 02:01 2508 --a------ C:\DOCUME~1\Hum\Application Data\$_hpcst$.hpc
2007-01-11 02:00 -------- d-------- C:\Program Files\microsoft activesync
2007-01-11 01:26 -------- d-------- C:\Program Files\movie maker
2007-01-11 01:20 -------- d-------- C:\Program Files\windows nt
2007-01-08 13:17 -------- d-------- C:\Program Files\google
2007-01-07 12:18 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-07 12:17 -------- d-------- C:\Program Files\symantec
2007-01-07 11:36 0 --a------ C:\DOCUME~1\Hum\Application Data\tvmknwrd.dll
2007-01-05 14:49 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 21:27 -------- d--h----- C:\Program Files\installshield installation information
2006-12-08 23:57 -------- d-------- C:\DOCUME~1\Hum\Application Data\real
2006-12-08 23:55 -------- d-------- C:\Program Files\real
2006-12-08 23:27 22768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\SYSTEM32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
Hijack log
Logfile of HijackThis v1.99.1
Scan saved at 11:21:50 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.attbi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe" -vt mt
O4 - HKCU\..\Run: [Bdurqsp] C:\WINDOWS\SYSTEM32\?ecurity\w?nspool.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.attbi.com
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Spades - http://download2.gam...nts/y/st3_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168495245295
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
Combofix
"Hum" - 07-01-14 23:14:25 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Hum\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wintsvit.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\svchost.exe
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\S?mantec
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1\w?nspool.exe
((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))
2007-01-14 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek
2007-01-14 03:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-01-12 14:27 1,474 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-12 00:37 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-12 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-11 22:16 <DIR> d-------- C:\SmitfraudFix
2007-01-11 19:50 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\PC Tools
2007-01-11 19:33 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\SystemDoctor 2006 Free
2007-01-11 16:11 25,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2007-01-11 14:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 14:29 <DIR> d-------- C:\Program Files\MalwareBot
2007-01-11 14:20 <DIR> d-------- C:\Program Files\Malware-Wiped
2007-01-11 13:47 <DIR> d--hs---- C:\WA7P
2007-01-11 13:46 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\WinAntiVirus Pro 2007
2007-01-11 13:45 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-01-11 13:45 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-01-11 13:45 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-01-11 13:45 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-01-11 13:37 20,992 --a------ C:\WINDOWS\SYSTEM32\axlet.dll
2007-01-11 02:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-11 02:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-01-11 02:05 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-01-11 01:41 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\peernet
2007-01-11 01:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-10 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-08 18:26 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\Google
2007-01-08 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-07 12:09 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-01-07 12:08 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-01-07 12:08 35,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-01-07 12:08 34,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-01-07 12:08 31,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-01-07 12:08 168,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-01-07 12:08 100,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-01-07 12:08 <DIR> d-------- C:\Program Files\McAfee.com
2007-01-07 12:07 <DIR> d-------- C:\Program Files\McAfee
2007-01-07 12:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-07 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-07 11:36 146 --a------ C:\DOCUME~1\Hum\Application Data\tvmuknwrd.dll
2007-01-06 19:12 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\InstallShield
2007-01-06 19:08 57,344 --a------ C:\WINDOWS\SYSTEM32\zxrzo.dll
2007-01-05 15:19 23,856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-01-05 15:15 <DIR> d-------- C:\WINDOWS\EHome
2007-01-05 15:05 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-01-05 14:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-01-05 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-05 14:40 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-01-05 14:40 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-01-05 14:40 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-01-05 14:40 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-01-05 14:40 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-01-05 14:40 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-01-04 14:28 <DIR> d-------- C:\Program Files\support.com
2007-01-04 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Support.com
2006-12-14 13:08 77,824 --a------ C:\WINDOWS\SYSTEM32\NotePadSync.dll
2006-12-14 13:08 <DIR> d-------- C:\Program Files\SAMSUNG
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-14 03:41 -------- d-------- C:\Program Files\messenger
2007-01-11 03:35 -------- d-------- C:\Program Files\whenusearch
2007-01-11 03:30 -------- d-------- C:\Program Files\modem helper
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft works
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft picture it! 2002
2007-01-11 03:30 -------- d-------- C:\Program Files\aim95
2007-01-11 02:55 -------- d-------- C:\Program Files\Common Files\real
2007-01-11 02:12 -------- d---s---- C:\DOCUME~1\Hum\Application Data\microsoft
2007-01-11 02:01 2508 --a------ C:\DOCUME~1\Hum\Application Data\$_hpcst$.hpc
2007-01-11 02:00 -------- d-------- C:\Program Files\microsoft activesync
2007-01-11 01:26 -------- d-------- C:\Program Files\movie maker
2007-01-11 01:20 -------- d-------- C:\Program Files\windows nt
2007-01-08 13:17 -------- d-------- C:\Program Files\google
2007-01-07 12:18 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-07 12:17 -------- d-------- C:\Program Files\symantec
2007-01-07 11:36 0 --a------ C:\DOCUME~1\Hum\Application Data\tvmknwrd.dll
2007-01-05 14:49 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 21:27 -------- d--h----- C:\Program Files\installshield installation information
2006-12-08 23:57 -------- d-------- C:\DOCUME~1\Hum\Application Data\real
2006-12-08 23:55 -------- d-------- C:\Program Files\real
2006-12-08 23:27 22768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\SYSTEM32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadve.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadvd.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wdfapi.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\SYSTEM32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\SYSTEM32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\SYSTEM32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\SYSTEM32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\SYSTEM32\mp4sdecd.dll
2006-10-18 21:47 314880 --------- C:\WINDOWS\SYSTEM32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\SYSTEM32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\SYSTEM32\audiodev.dll
2006-10-18 21:47 27136 --------- C:\WINDOWS\SYSTEM32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\SYSTEM32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-10-18 21:47 242688 --------- C:\WINDOWS\SYSTEM32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-10-18 21:47 227328 --------- C:\WINDOWS\SYSTEM32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\SYSTEM32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\SYSTEM32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\SYSTEM32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\SYSTEM32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\SYSTEM32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\SYSTEM32\wmvencod.dll
2006-10-18 21:47 157184 --------- C:\WINDOWS\SYSTEM32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\SYSTEM32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\SYSTEM32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\SYSTEM32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\SYSTEM32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --------- C:\WINDOWS\SYSTEM32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\SYSTEM32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\SYSTEM32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\SYSTEM32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\SYSTEM32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TV Media"="C:\\Program Files\\TV Media\\Tvm.exe"
"Aida"="\"C:\\PROGRA~1\\COMMON~1\\SMANTE~1\\svchost.exe\" -vt mt"
"Bdurqsp"="C:\\WINDOWS\\SYSTEM32\\?ecurity\\w?nspool.exe"
"H/PC Connection Agent"="\"C:\\PROGRA~1\\MICROS~4\\wcescomm.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dell|Alert"="C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 7.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 7.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 7.0 Tray Icon"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\GMT\\GMT.exe /startup"
"item"="GStartup"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Microsoft Works Calendar Reminders"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PowerPanel.lnk"
"backup"="C:\\WINDOWS\\pss\\PowerPanel.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\CYBERP~1\\POWERP~1\\PowPanel.exe "
"item"="PowerPanel"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eetu"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\rdso\\eetu.exe\" -vt mt"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alchem"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\alchem.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMESys"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContextUninstall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="STUninstall"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\STUninstall.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Des]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="r?gedit"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\r?gedit.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnyxzoe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uhqgbl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\uhqgbl.exe r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inetgt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="inetgt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\inetgt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kazaa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DownloadWare\\dw.exe\" /H"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AolPassHack"
"hkey"="HKLM"
"command"="C:\\Program Files\\KaZaA\\My Shared Folder\\AolPassHack.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Moauxkn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pnex"
"hkey"="HKLM"
"command"="C:\\Program Files\\Xoec\\Pnex.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msbb"
"hkey"="HKLM"
"command"="c:\\program files\\internet optimizer\\sim\\msbb.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="navapw32"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="P2P Networking"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sc"
"hkey"="HKLM"
"command"="C:\\windows\\slog\\sc.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="se"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\se\\v11\\se.EXE\" /H"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TempLoader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Loader"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\Hum\\LOCALS~1\\Temp\\Loader.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tgcmd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe /server /startmonitor /deaf"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Tvm"
"hkey"="HKLM"
"command"="C:\\Program Files\\TV Media\\Tvm.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="updmgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common files\\updmgr\\updmgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.EXE 1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\WeatherCast\\Weather.exe\" /q"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebRebates0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Web_Rebates\\WebRebates0.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Save\\Save.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Search"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WhenUSearch\\Search.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cdaEngine0500"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WildTangent\\Apps\\CDA\\GameDrvr.exe\" /startup \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0500.dll\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Files]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dnetc"
"hkey"="HKLM"
"command"="C:\\Program Files\\microsoft hardware\\dnetc.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WToolsA"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wrzylhpxigf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ybdzik]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zurw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zurwm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\zurw\\zurwm.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{12EE7A5E-0674-42f9-A76B-000000004D00}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe stlb2.dll,DllRunMain"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamini.exe"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\%s"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 07-01-14 23:18:00
Uninstall List
"Hum" - 07-01-14 23:14:25 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Hum\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wintsvit.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\svchost.exe
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\S?mantec
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1\w?nspool.exe
((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))
2007-01-14 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek
2007-01-14 03:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-01-12 14:27 1,474 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-12 00:37 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-12 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-11 22:16 <DIR> d-------- C:\SmitfraudFix
2007-01-11 19:50 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\PC Tools
2007-01-11 19:33 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\SystemDoctor 2006 Free
2007-01-11 16:11 25,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2007-01-11 14:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 14:29 <DIR> d-------- C:\Program Files\MalwareBot
2007-01-11 14:20 <DIR> d-------- C:\Program Files\Malware-Wiped
2007-01-11 13:47 <DIR> d--hs---- C:\WA7P
2007-01-11 13:46 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\WinAntiVirus Pro 2007
2007-01-11 13:45 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-01-11 13:45 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-01-11 13:45 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-01-11 13:45 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-01-11 13:37 20,992 --a------ C:\WINDOWS\SYSTEM32\axlet.dll
2007-01-11 02:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-11 02:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-01-11 02:05 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-01-11 01:41 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\peernet
2007-01-11 01:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-10 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-08 18:26 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\Google
2007-01-08 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-07 12:09 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-01-07 12:08 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-01-07 12:08 35,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-01-07 12:08 34,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-01-07 12:08 31,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-01-07 12:08 168,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-01-07 12:08 100,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-01-07 12:08 <DIR> d-------- C:\Program Files\McAfee.com
2007-01-07 12:07 <DIR> d-------- C:\Program Files\McAfee
2007-01-07 12:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-07 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-07 11:36 146 --a------ C:\DOCUME~1\Hum\Application Data\tvmuknwrd.dll
2007-01-06 19:12 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\InstallShield
2007-01-06 19:08 57,344 --a------ C:\WINDOWS\SYSTEM32\zxrzo.dll
2007-01-05 15:19 23,856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-01-05 15:15 <DIR> d-------- C:\WINDOWS\EHome
2007-01-05 15:05 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-01-05 14:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-01-05 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-05 14:40 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-01-05 14:40 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-01-05 14:40 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-01-05 14:40 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-01-05 14:40 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-01-05 14:40 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-01-04 14:28 <DIR> d-------- C:\Program Files\support.com
2007-01-04 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Support.com
2006-12-14 13:08 77,824 --a------ C:\WINDOWS\SYSTEM32\NotePadSync.dll
2006-12-14 13:08 <DIR> d-------- C:\Program Files\SAMSUNG
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-14 03:41 -------- d-------- C:\Program Files\messenger
2007-01-11 03:35 -------- d-------- C:\Program Files\whenusearch
2007-01-11 03:30 -------- d-------- C:\Program Files\modem helper
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft works
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft picture it! 2002
2007-01-11 03:30 -------- d-------- C:\Program Files\aim95
2007-01-11 02:55 -------- d-------- C:\Program Files\Common Files\real
2007-01-11 02:12 -------- d---s---- C:\DOCUME~1\Hum\Application Data\microsoft
2007-01-11 02:01 2508 --a------ C:\DOCUME~1\Hum\Application Data\$_hpcst$.hpc
2007-01-11 02:00 -------- d-------- C:\Program Files\microsoft activesync
2007-01-11 01:26 -------- d-------- C:\Program Files\movie maker
2007-01-11 01:20 -------- d-------- C:\Program Files\windows nt
2007-01-08 13:17 -------- d-------- C:\Program Files\google
2007-01-07 12:18 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-07 12:17 -------- d-------- C:\Program Files\symantec
2007-01-07 11:36 0 --a------ C:\DOCUME~1\Hum\Application Data\tvmknwrd.dll
2007-01-05 14:49 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 21:27 -------- d--h----- C:\Program Files\installshield installation information
2006-12-08 23:57 -------- d-------- C:\DOCUME~1\Hum\Application Data\real
2006-12-08 23:55 -------- d-------- C:\Program Files\real
2006-12-08 23:27 22768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\SYSTEM32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
#8
Posted 14 January 2007 - 10:27 PM
thanks, you are beimg really helpful.
Hijack log
Logfile of HijackThis v1.99.1
Scan saved at 11:21:50 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.attbi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe" -vt mt
O4 - HKCU\..\Run: [Bdurqsp] C:\WINDOWS\SYSTEM32\?ecurity\w?nspool.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.attbi.com
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Spades - http://download2.gam...nts/y/st3_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168495245295
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
Combofix
"Hum" - 07-01-14 23:14:25 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Hum\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wintsvit.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\svchost.exe
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\S?mantec
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1\w?nspool.exe
((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))
2007-01-14 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek
2007-01-14 03:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-01-12 14:27 1,474 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-12 00:37 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-12 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-11 22:16 <DIR> d-------- C:\SmitfraudFix
2007-01-11 19:50 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\PC Tools
2007-01-11 19:33 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\SystemDoctor 2006 Free
2007-01-11 16:11 25,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2007-01-11 14:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 14:29 <DIR> d-------- C:\Program Files\MalwareBot
2007-01-11 14:20 <DIR> d-------- C:\Program Files\Malware-Wiped
2007-01-11 13:47 <DIR> d--hs---- C:\WA7P
2007-01-11 13:46 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\WinAntiVirus Pro 2007
2007-01-11 13:45 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-01-11 13:45 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-01-11 13:45 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-01-11 13:45 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-01-11 13:37 20,992 --a------ C:\WINDOWS\SYSTEM32\axlet.dll
2007-01-11 02:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-11 02:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-01-11 02:05 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-01-11 01:41 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\peernet
2007-01-11 01:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-10 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-08 18:26 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\Google
2007-01-08 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-07 12:09 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-01-07 12:08 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-01-07 12:08 35,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-01-07 12:08 34,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-01-07 12:08 31,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-01-07 12:08 168,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-01-07 12:08 100,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-01-07 12:08 <DIR> d-------- C:\Program Files\McAfee.com
2007-01-07 12:07 <DIR> d-------- C:\Program Files\McAfee
2007-01-07 12:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-07 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-07 11:36 146 --a------ C:\DOCUME~1\Hum\Application Data\tvmuknwrd.dll
2007-01-06 19:12 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\InstallShield
2007-01-06 19:08 57,344 --a------ C:\WINDOWS\SYSTEM32\zxrzo.dll
2007-01-05 15:19 23,856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-01-05 15:15 <DIR> d-------- C:\WINDOWS\EHome
2007-01-05 15:05 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-01-05 14:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-01-05 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-05 14:40 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-01-05 14:40 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-01-05 14:40 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-01-05 14:40 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-01-05 14:40 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-01-05 14:40 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-01-04 14:28 <DIR> d-------- C:\Program Files\support.com
2007-01-04 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Support.com
2006-12-14 13:08 77,824 --a------ C:\WINDOWS\SYSTEM32\NotePadSync.dll
2006-12-14 13:08 <DIR> d-------- C:\Program Files\SAMSUNG
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-14 03:41 -------- d-------- C:\Program Files\messenger
2007-01-11 03:35 -------- d-------- C:\Program Files\whenusearch
2007-01-11 03:30 -------- d-------- C:\Program Files\modem helper
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft works
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft picture it! 2002
2007-01-11 03:30 -------- d-------- C:\Program Files\aim95
2007-01-11 02:55 -------- d-------- C:\Program Files\Common Files\real
2007-01-11 02:12 -------- d---s---- C:\DOCUME~1\Hum\Application Data\microsoft
2007-01-11 02:01 2508 --a------ C:\DOCUME~1\Hum\Application Data\$_hpcst$.hpc
2007-01-11 02:00 -------- d-------- C:\Program Files\microsoft activesync
2007-01-11 01:26 -------- d-------- C:\Program Files\movie maker
2007-01-11 01:20 -------- d-------- C:\Program Files\windows nt
2007-01-08 13:17 -------- d-------- C:\Program Files\google
2007-01-07 12:18 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-07 12:17 -------- d-------- C:\Program Files\symantec
2007-01-07 11:36 0 --a------ C:\DOCUME~1\Hum\Application Data\tvmknwrd.dll
2007-01-05 14:49 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 21:27 -------- d--h----- C:\Program Files\installshield installation information
2006-12-08 23:57 -------- d-------- C:\DOCUME~1\Hum\Application Data\real
2006-12-08 23:55 -------- d-------- C:\Program Files\real
2006-12-08 23:27 22768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\SYSTEM32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadve.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadvd.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wdfapi.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\SYSTEM32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\SYSTEM32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\SYSTEM32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\SYSTEM32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\SYSTEM32\mp4sdecd.dll
2006-10-18 21:47 314880 --------- C:\WINDOWS\SYSTEM32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\SYSTEM32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\SYSTEM32\audiodev.dll
2006-10-18 21:47 27136 --------- C:\WINDOWS\SYSTEM32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\SYSTEM32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-10-18 21:47 242688 --------- C:\WINDOWS\SYSTEM32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-10-18 21:47 227328 --------- C:\WINDOWS\SYSTEM32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\SYSTEM32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\SYSTEM32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\SYSTEM32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\SYSTEM32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\SYSTEM32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\SYSTEM32\wmvencod.dll
2006-10-18 21:47 157184 --------- C:\WINDOWS\SYSTEM32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\SYSTEM32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\SYSTEM32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\SYSTEM32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\SYSTEM32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --------- C:\WINDOWS\SYSTEM32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\SYSTEM32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\SYSTEM32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\SYSTEM32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\SYSTEM32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TV Media"="C:\\Program Files\\TV Media\\Tvm.exe"
"Aida"="\"C:\\PROGRA~1\\COMMON~1\\SMANTE~1\\svchost.exe\" -vt mt"
"Bdurqsp"="C:\\WINDOWS\\SYSTEM32\\?ecurity\\w?nspool.exe"
"H/PC Connection Agent"="\"C:\\PROGRA~1\\MICROS~4\\wcescomm.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dell|Alert"="C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 7.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 7.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 7.0 Tray Icon"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\GMT\\GMT.exe /startup"
"item"="GStartup"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Microsoft Works Calendar Reminders"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PowerPanel.lnk"
"backup"="C:\\WINDOWS\\pss\\PowerPanel.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\CYBERP~1\\POWERP~1\\PowPanel.exe "
"item"="PowerPanel"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eetu"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\rdso\\eetu.exe\" -vt mt"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alchem"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\alchem.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMESys"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContextUninstall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="STUninstall"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\STUninstall.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Des]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="r?gedit"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\r?gedit.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnyxzoe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uhqgbl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\uhqgbl.exe r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inetgt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="inetgt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\inetgt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kazaa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DownloadWare\\dw.exe\" /H"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AolPassHack"
"hkey"="HKLM"
"command"="C:\\Program Files\\KaZaA\\My Shared Folder\\AolPassHack.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Moauxkn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pnex"
"hkey"="HKLM"
"command"="C:\\Program Files\\Xoec\\Pnex.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msbb"
"hkey"="HKLM"
"command"="c:\\program files\\internet optimizer\\sim\\msbb.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="navapw32"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="P2P Networking"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sc"
"hkey"="HKLM"
"command"="C:\\windows\\slog\\sc.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="se"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\se\\v11\\se.EXE\" /H"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TempLoader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Loader"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\Hum\\LOCALS~1\\Temp\\Loader.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tgcmd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe /server /startmonitor /deaf"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Tvm"
"hkey"="HKLM"
"command"="C:\\Program Files\\TV Media\\Tvm.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="updmgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common files\\updmgr\\updmgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.EXE 1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\WeatherCast\\Weather.exe\" /q"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebRebates0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Web_Rebates\\WebRebates0.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Save\\Save.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Search"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WhenUSearch\\Search.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cdaEngine0500"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WildTangent\\Apps\\CDA\\GameDrvr.exe\" /startup \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0500.dll\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Files]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dnetc"
"hkey"="HKLM"
"command"="C:\\Program Files\\microsoft hardware\\dnetc.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WToolsA"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wrzylhpxigf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ybdzik]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zurw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zurwm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\zurw\\zurwm.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{12EE7A5E-0674-42f9-A76B-000000004D00}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe stlb2.dll,DllRunMain"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamini.exe"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\%s"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 07-01-14 23:18:00
Uninstall List
"Hum" - 07-01-14 23:14:25 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Hum\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wintsvit.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\svchost.exe
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\S?mantec
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1\w?nspool.exe
((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))
2007-01-14 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek
2007-01-14 03:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-01-12 14:27 1,474 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-12 00:37 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-12 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-11 22:16 <DIR> d-------- C:\SmitfraudFix
2007-01-11 19:50 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\PC Tools
2007-01-11 19:33 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\SystemDoctor 2006 Free
2007-01-11 16:11 25,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2007-01-11 14:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 14:29 <DIR> d-------- C:\Program Files\MalwareBot
2007-01-11 14:20 <DIR> d-------- C:\Program Files\Malware-Wiped
2007-01-11 13:47 <DIR> d--hs---- C:\WA7P
2007-01-11 13:46 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\WinAntiVirus Pro 2007
2007-01-11 13:45 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-01-11 13:45 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-01-11 13:45 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-01-11 13:45 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-01-11 13:37 20,992 --a------ C:\WINDOWS\SYSTEM32\axlet.dll
2007-01-11 02:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-11 02:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-01-11 02:05 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-01-11 01:41 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\peernet
2007-01-11 01:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-10 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-08 18:26 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\Google
2007-01-08 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-07 12:09 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-01-07 12:08 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-01-07 12:08 35,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-01-07 12:08 34,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-01-07 12:08 31,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-01-07 12:08 168,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-01-07 12:08 100,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-01-07 12:08 <DIR> d-------- C:\Program Files\McAfee.com
2007-01-07 12:07 <DIR> d-------- C:\Program Files\McAfee
2007-01-07 12:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-07 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-07 11:36 146 --a------ C:\DOCUME~1\Hum\Application Data\tvmuknwrd.dll
2007-01-06 19:12 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\InstallShield
2007-01-06 19:08 57,344 --a------ C:\WINDOWS\SYSTEM32\zxrzo.dll
2007-01-05 15:19 23,856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-01-05 15:15 <DIR> d-------- C:\WINDOWS\EHome
2007-01-05 15:05 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-01-05 14:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-01-05 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-05 14:40 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-01-05 14:40 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-01-05 14:40 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-01-05 14:40 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-01-05 14:40 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-01-05 14:40 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-01-04 14:28 <DIR> d-------- C:\Program Files\support.com
2007-01-04 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Support.com
2006-12-14 13:08 77,824 --a------ C:\WINDOWS\SYSTEM32\NotePadSync.dll
2006-12-14 13:08 <DIR> d-------- C:\Program Files\SAMSUNG
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-14 03:41 -------- d-------- C:\Program Files\messenger
2007-01-11 03:35 -------- d-------- C:\Program Files\whenusearch
2007-01-11 03:30 -------- d-------- C:\Program Files\modem helper
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft works
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft picture it! 2002
2007-01-11 03:30 -------- d-------- C:\Program Files\aim95
2007-01-11 02:55 -------- d-------- C:\Program Files\Common Files\real
2007-01-11 02:12 -------- d---s---- C:\DOCUME~1\Hum\Application Data\microsoft
2007-01-11 02:01 2508 --a------ C:\DOCUME~1\Hum\Application Data\$_hpcst$.hpc
2007-01-11 02:00 -------- d-------- C:\Program Files\microsoft activesync
2007-01-11 01:26 -------- d-------- C:\Program Files\movie maker
2007-01-11 01:20 -------- d-------- C:\Program Files\windows nt
2007-01-08 13:17 -------- d-------- C:\Program Files\google
2007-01-07 12:18 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-07 12:17 -------- d-------- C:\Program Files\symantec
2007-01-07 11:36 0 --a------ C:\DOCUME~1\Hum\Application Data\tvmknwrd.dll
2007-01-05 14:49 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 21:27 -------- d--h----- C:\Program Files\installshield installation information
2006-12-08 23:57 -------- d-------- C:\DOCUME~1\Hum\Application Data\real
2006-12-08 23:55 -------- d-------- C:\Program Files\real
2006-12-08 23:27 22768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\SYSTEM32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
Hijack log
Logfile of HijackThis v1.99.1
Scan saved at 11:21:50 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.attbi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\SMANTE~1\svchost.exe" -vt mt
O4 - HKCU\..\Run: [Bdurqsp] C:\WINDOWS\SYSTEM32\?ecurity\w?nspool.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.attbi.com
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Spades - http://download2.gam...nts/y/st3_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168495245295
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
Combofix
"Hum" - 07-01-14 23:14:25 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Hum\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wintsvit.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\svchost.exe
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\S?mantec
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1\w?nspool.exe
((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))
2007-01-14 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek
2007-01-14 03:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-01-12 14:27 1,474 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-12 00:37 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-12 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-11 22:16 <DIR> d-------- C:\SmitfraudFix
2007-01-11 19:50 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\PC Tools
2007-01-11 19:33 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\SystemDoctor 2006 Free
2007-01-11 16:11 25,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2007-01-11 14:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 14:29 <DIR> d-------- C:\Program Files\MalwareBot
2007-01-11 14:20 <DIR> d-------- C:\Program Files\Malware-Wiped
2007-01-11 13:47 <DIR> d--hs---- C:\WA7P
2007-01-11 13:46 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\WinAntiVirus Pro 2007
2007-01-11 13:45 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-01-11 13:45 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-01-11 13:45 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-01-11 13:45 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-01-11 13:37 20,992 --a------ C:\WINDOWS\SYSTEM32\axlet.dll
2007-01-11 02:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-11 02:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-01-11 02:05 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-01-11 01:41 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\peernet
2007-01-11 01:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-10 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-08 18:26 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\Google
2007-01-08 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-07 12:09 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-01-07 12:08 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-01-07 12:08 35,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-01-07 12:08 34,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-01-07 12:08 31,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-01-07 12:08 168,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-01-07 12:08 100,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-01-07 12:08 <DIR> d-------- C:\Program Files\McAfee.com
2007-01-07 12:07 <DIR> d-------- C:\Program Files\McAfee
2007-01-07 12:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-07 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-07 11:36 146 --a------ C:\DOCUME~1\Hum\Application Data\tvmuknwrd.dll
2007-01-06 19:12 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\InstallShield
2007-01-06 19:08 57,344 --a------ C:\WINDOWS\SYSTEM32\zxrzo.dll
2007-01-05 15:19 23,856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-01-05 15:15 <DIR> d-------- C:\WINDOWS\EHome
2007-01-05 15:05 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-01-05 14:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-01-05 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-05 14:40 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-01-05 14:40 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-01-05 14:40 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-01-05 14:40 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-01-05 14:40 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-01-05 14:40 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-01-04 14:28 <DIR> d-------- C:\Program Files\support.com
2007-01-04 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Support.com
2006-12-14 13:08 77,824 --a------ C:\WINDOWS\SYSTEM32\NotePadSync.dll
2006-12-14 13:08 <DIR> d-------- C:\Program Files\SAMSUNG
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-14 03:41 -------- d-------- C:\Program Files\messenger
2007-01-11 03:35 -------- d-------- C:\Program Files\whenusearch
2007-01-11 03:30 -------- d-------- C:\Program Files\modem helper
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft works
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft picture it! 2002
2007-01-11 03:30 -------- d-------- C:\Program Files\aim95
2007-01-11 02:55 -------- d-------- C:\Program Files\Common Files\real
2007-01-11 02:12 -------- d---s---- C:\DOCUME~1\Hum\Application Data\microsoft
2007-01-11 02:01 2508 --a------ C:\DOCUME~1\Hum\Application Data\$_hpcst$.hpc
2007-01-11 02:00 -------- d-------- C:\Program Files\microsoft activesync
2007-01-11 01:26 -------- d-------- C:\Program Files\movie maker
2007-01-11 01:20 -------- d-------- C:\Program Files\windows nt
2007-01-08 13:17 -------- d-------- C:\Program Files\google
2007-01-07 12:18 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-07 12:17 -------- d-------- C:\Program Files\symantec
2007-01-07 11:36 0 --a------ C:\DOCUME~1\Hum\Application Data\tvmknwrd.dll
2007-01-05 14:49 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 21:27 -------- d--h----- C:\Program Files\installshield installation information
2006-12-08 23:57 -------- d-------- C:\DOCUME~1\Hum\Application Data\real
2006-12-08 23:55 -------- d-------- C:\Program Files\real
2006-12-08 23:27 22768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\SYSTEM32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadve.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadvd.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wdfapi.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\SYSTEM32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\SYSTEM32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\SYSTEM32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\SYSTEM32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\SYSTEM32\mp4sdecd.dll
2006-10-18 21:47 314880 --------- C:\WINDOWS\SYSTEM32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\SYSTEM32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\SYSTEM32\audiodev.dll
2006-10-18 21:47 27136 --------- C:\WINDOWS\SYSTEM32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\SYSTEM32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-10-18 21:47 242688 --------- C:\WINDOWS\SYSTEM32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-10-18 21:47 227328 --------- C:\WINDOWS\SYSTEM32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\SYSTEM32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\SYSTEM32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\SYSTEM32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\SYSTEM32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\SYSTEM32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\SYSTEM32\wmvencod.dll
2006-10-18 21:47 157184 --------- C:\WINDOWS\SYSTEM32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\SYSTEM32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\SYSTEM32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\SYSTEM32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\SYSTEM32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --------- C:\WINDOWS\SYSTEM32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\SYSTEM32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\SYSTEM32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\SYSTEM32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\SYSTEM32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TV Media"="C:\\Program Files\\TV Media\\Tvm.exe"
"Aida"="\"C:\\PROGRA~1\\COMMON~1\\SMANTE~1\\svchost.exe\" -vt mt"
"Bdurqsp"="C:\\WINDOWS\\SYSTEM32\\?ecurity\\w?nspool.exe"
"H/PC Connection Agent"="\"C:\\PROGRA~1\\MICROS~4\\wcescomm.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dell|Alert"="C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 7.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 7.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 7.0 Tray Icon"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\GMT\\GMT.exe /startup"
"item"="GStartup"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Microsoft Works Calendar Reminders"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PowerPanel.lnk"
"backup"="C:\\WINDOWS\\pss\\PowerPanel.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\CYBERP~1\\POWERP~1\\PowPanel.exe "
"item"="PowerPanel"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eetu"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\rdso\\eetu.exe\" -vt mt"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alchem"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\alchem.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMESys"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContextUninstall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="STUninstall"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\STUninstall.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Des]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="r?gedit"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\r?gedit.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnyxzoe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uhqgbl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\uhqgbl.exe r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inetgt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="inetgt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\inetgt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kazaa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DownloadWare\\dw.exe\" /H"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AolPassHack"
"hkey"="HKLM"
"command"="C:\\Program Files\\KaZaA\\My Shared Folder\\AolPassHack.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Moauxkn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pnex"
"hkey"="HKLM"
"command"="C:\\Program Files\\Xoec\\Pnex.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msbb"
"hkey"="HKLM"
"command"="c:\\program files\\internet optimizer\\sim\\msbb.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="navapw32"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="P2P Networking"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sc"
"hkey"="HKLM"
"command"="C:\\windows\\slog\\sc.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="se"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\se\\v11\\se.EXE\" /H"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TempLoader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Loader"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\Hum\\LOCALS~1\\Temp\\Loader.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tgcmd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe /server /startmonitor /deaf"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Tvm"
"hkey"="HKLM"
"command"="C:\\Program Files\\TV Media\\Tvm.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="updmgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common files\\updmgr\\updmgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.EXE 1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\WeatherCast\\Weather.exe\" /q"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebRebates0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Web_Rebates\\WebRebates0.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Save\\Save.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Search"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WhenUSearch\\Search.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cdaEngine0500"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WildTangent\\Apps\\CDA\\GameDrvr.exe\" /startup \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0500.dll\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Files]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dnetc"
"hkey"="HKLM"
"command"="C:\\Program Files\\microsoft hardware\\dnetc.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WToolsA"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wrzylhpxigf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ybdzik]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zurw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zurwm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\zurw\\zurwm.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{12EE7A5E-0674-42f9-A76B-000000004D00}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe stlb2.dll,DllRunMain"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamini.exe"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\%s"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 07-01-14 23:18:00
Uninstall List
"Hum" - 07-01-14 23:14:25 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Hum\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wintsvit.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\svchost.exe
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\S?mantec
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1\w?nspool.exe
((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))
2007-01-14 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek
2007-01-14 03:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-01-12 14:27 1,474 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-12 00:37 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-12 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-11 22:16 <DIR> d-------- C:\SmitfraudFix
2007-01-11 19:50 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\PC Tools
2007-01-11 19:33 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\SystemDoctor 2006 Free
2007-01-11 16:11 25,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2007-01-11 14:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 14:29 <DIR> d-------- C:\Program Files\MalwareBot
2007-01-11 14:20 <DIR> d-------- C:\Program Files\Malware-Wiped
2007-01-11 13:47 <DIR> d--hs---- C:\WA7P
2007-01-11 13:46 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\WinAntiVirus Pro 2007
2007-01-11 13:45 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-01-11 13:45 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-01-11 13:45 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-01-11 13:45 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-01-11 13:37 20,992 --a------ C:\WINDOWS\SYSTEM32\axlet.dll
2007-01-11 02:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-11 02:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-01-11 02:05 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-01-11 01:41 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\peernet
2007-01-11 01:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-10 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-08 18:26 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\Google
2007-01-08 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-07 12:09 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-01-07 12:08 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-01-07 12:08 35,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-01-07 12:08 34,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-01-07 12:08 31,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-01-07 12:08 168,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-01-07 12:08 100,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-01-07 12:08 <DIR> d-------- C:\Program Files\McAfee.com
2007-01-07 12:07 <DIR> d-------- C:\Program Files\McAfee
2007-01-07 12:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-07 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-07 11:36 146 --a------ C:\DOCUME~1\Hum\Application Data\tvmuknwrd.dll
2007-01-06 19:12 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\InstallShield
2007-01-06 19:08 57,344 --a------ C:\WINDOWS\SYSTEM32\zxrzo.dll
2007-01-05 15:19 23,856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-01-05 15:15 <DIR> d-------- C:\WINDOWS\EHome
2007-01-05 15:05 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-01-05 14:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-01-05 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-05 14:40 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-01-05 14:40 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-01-05 14:40 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-01-05 14:40 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-01-05 14:40 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-01-05 14:40 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-01-04 14:28 <DIR> d-------- C:\Program Files\support.com
2007-01-04 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Support.com
2006-12-14 13:08 77,824 --a------ C:\WINDOWS\SYSTEM32\NotePadSync.dll
2006-12-14 13:08 <DIR> d-------- C:\Program Files\SAMSUNG
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-14 03:41 -------- d-------- C:\Program Files\messenger
2007-01-11 03:35 -------- d-------- C:\Program Files\whenusearch
2007-01-11 03:30 -------- d-------- C:\Program Files\modem helper
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft works
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft picture it! 2002
2007-01-11 03:30 -------- d-------- C:\Program Files\aim95
2007-01-11 02:55 -------- d-------- C:\Program Files\Common Files\real
2007-01-11 02:12 -------- d---s---- C:\DOCUME~1\Hum\Application Data\microsoft
2007-01-11 02:01 2508 --a------ C:\DOCUME~1\Hum\Application Data\$_hpcst$.hpc
2007-01-11 02:00 -------- d-------- C:\Program Files\microsoft activesync
2007-01-11 01:26 -------- d-------- C:\Program Files\movie maker
2007-01-11 01:20 -------- d-------- C:\Program Files\windows nt
2007-01-08 13:17 -------- d-------- C:\Program Files\google
2007-01-07 12:18 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-07 12:17 -------- d-------- C:\Program Files\symantec
2007-01-07 11:36 0 --a------ C:\DOCUME~1\Hum\Application Data\tvmknwrd.dll
2007-01-05 14:49 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 21:27 -------- d--h----- C:\Program Files\installshield installation information
2006-12-08 23:57 -------- d-------- C:\DOCUME~1\Hum\Application Data\real
2006-12-08 23:55 -------- d-------- C:\Program Files\real
2006-12-08 23:27 22768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\SYSTEM32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
#9
Posted 15 January 2007 - 12:16 AM
Can i get the uninstall list also please.
Excal
Excal
#10
Posted 15 January 2007 - 12:28 AM
Uninstall List
Adobe Flash Player 9 ActiveX
AIM Toolbar
America Online
AOL Instant Messenger
ATI Display Driver
BMSE dbl
Comcast High-Speed Internet Install Wizard
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Context Display
Dell | Support
Dell Solution Center
Desktop Doctor
Easy CD Creator 5 Basic
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB926239)
IE Help
IEC system
InterActual Player
iPod for Windows 2005-03-23
iTunes
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
McAfee SecurityCenter
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Outlook 2002
Microsoft Picture It! Photo 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
NotePadSync
PartyPokerNet
PowerDVD
PowerPanel 2.03
QuickTime
RealPlayer
Realtek RTL8139 Diagnostics Program
RON Display
SAMSUNG Mobile Modem Driver Set
SE Assistant
SE Help
Search Aid
Search Function
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929969)
Shockwave
Software Update Manager
Software Update Manager
System Alert Popup
TSA
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
URL Display
USB MP3 Player WIN98 Drivers
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WSEM Update
Adobe Flash Player 9 ActiveX
AIM Toolbar
America Online
AOL Instant Messenger
ATI Display Driver
BMSE dbl
Comcast High-Speed Internet Install Wizard
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Context Display
Dell | Support
Dell Solution Center
Desktop Doctor
Easy CD Creator 5 Basic
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB926239)
IE Help
IEC system
InterActual Player
iPod for Windows 2005-03-23
iTunes
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
McAfee SecurityCenter
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Outlook 2002
Microsoft Picture It! Photo 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
NotePadSync
PartyPokerNet
PowerDVD
PowerPanel 2.03
QuickTime
RealPlayer
Realtek RTL8139 Diagnostics Program
RON Display
SAMSUNG Mobile Modem Driver Set
SE Assistant
SE Help
Search Aid
Search Function
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929969)
Shockwave
Software Update Manager
Software Update Manager
System Alert Popup
TSA
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
URL Display
USB MP3 Player WIN98 Drivers
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WSEM Update
#11
Posted 15 January 2007 - 01:05 AM
ComboFix Log
"Hum" - 07-01-15 1:29:38 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Hum\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\svchost.exe
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\S?mantec
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1\w?nspool.exe
((((((((((((((((((((((((((((((( Files Created from 2006-12-15 to 2007-01-15 ))))))))))))))))))))))))))))))))))
2007-01-14 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek
2007-01-14 03:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-01-12 14:27 1,474 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-12 00:37 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-12 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-11 22:16 <DIR> d-------- C:\SmitfraudFix
2007-01-11 19:50 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\PC Tools
2007-01-11 19:33 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\SystemDoctor 2006 Free
2007-01-11 16:11 25,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2007-01-11 14:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 14:29 <DIR> d-------- C:\Program Files\MalwareBot
2007-01-11 14:20 <DIR> d-------- C:\Program Files\Malware-Wiped
2007-01-11 13:47 <DIR> d--hs---- C:\WA7P
2007-01-11 13:46 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\WinAntiVirus Pro 2007
2007-01-11 13:45 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-01-11 13:45 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-01-11 13:45 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-01-11 13:45 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-01-11 13:37 20,992 --a------ C:\WINDOWS\SYSTEM32\axlet.dll
2007-01-11 02:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-11 02:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-01-11 02:05 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-01-11 01:41 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\peernet
2007-01-11 01:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-10 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-08 18:26 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\Google
2007-01-08 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-07 12:09 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-01-07 12:08 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-01-07 12:08 35,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-01-07 12:08 34,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-01-07 12:08 31,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-01-07 12:08 168,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-01-07 12:08 100,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-01-07 12:08 <DIR> d-------- C:\Program Files\McAfee.com
2007-01-07 12:07 <DIR> d-------- C:\Program Files\McAfee
2007-01-07 12:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-07 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-07 11:36 146 --a------ C:\DOCUME~1\Hum\Application Data\tvmuknwrd.dll
2007-01-06 19:12 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\InstallShield
2007-01-06 19:08 57,344 --a------ C:\WINDOWS\SYSTEM32\zxrzo.dll
2007-01-05 15:19 23,856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-01-05 15:15 <DIR> d-------- C:\WINDOWS\EHome
2007-01-05 15:05 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-01-05 14:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-01-05 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-05 14:40 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-01-05 14:40 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-01-05 14:40 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-01-05 14:40 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-01-05 14:40 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-01-05 14:40 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-01-04 14:28 <DIR> d-------- C:\Program Files\support.com
2007-01-04 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Support.com
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-14 03:41 -------- d-------- C:\Program Files\messenger
2007-01-11 03:35 -------- d-------- C:\Program Files\whenusearch
2007-01-11 03:30 -------- d-------- C:\Program Files\modem helper
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft works
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft picture it! 2002
2007-01-11 03:30 -------- d-------- C:\Program Files\aim95
2007-01-11 02:55 -------- d-------- C:\Program Files\Common Files\real
2007-01-11 02:12 -------- d---s---- C:\DOCUME~1\Hum\Application Data\microsoft
2007-01-11 02:01 2508 --a------ C:\DOCUME~1\Hum\Application Data\$_hpcst$.hpc
2007-01-11 02:00 -------- d-------- C:\Program Files\microsoft activesync
2007-01-11 01:26 -------- d-------- C:\Program Files\movie maker
2007-01-11 01:20 -------- d-------- C:\Program Files\windows nt
2007-01-08 13:17 -------- d-------- C:\Program Files\google
2007-01-07 12:18 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-07 12:17 -------- d-------- C:\Program Files\symantec
2007-01-07 11:36 0 --a------ C:\DOCUME~1\Hum\Application Data\tvmknwrd.dll
2007-01-05 14:49 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 21:27 -------- d--h----- C:\Program Files\installshield installation information
2006-12-14 13:08 -------- d-------- C:\Program Files\samsung
2006-12-08 23:57 -------- d-------- C:\DOCUME~1\Hum\Application Data\real
2006-12-08 23:55 -------- d-------- C:\Program Files\real
2006-12-08 23:27 22768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\SYSTEM32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadve.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadvd.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wdfapi.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\SYSTEM32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\SYSTEM32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\SYSTEM32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\SYSTEM32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\SYSTEM32\mp4sdecd.dll
2006-10-18 21:47 314880 --------- C:\WINDOWS\SYSTEM32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\SYSTEM32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\SYSTEM32\audiodev.dll
2006-10-18 21:47 27136 --------- C:\WINDOWS\SYSTEM32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\SYSTEM32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-10-18 21:47 242688 --------- C:\WINDOWS\SYSTEM32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-10-18 21:47 227328 --------- C:\WINDOWS\SYSTEM32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\SYSTEM32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\SYSTEM32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\SYSTEM32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\SYSTEM32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\SYSTEM32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\SYSTEM32\wmvencod.dll
2006-10-18 21:47 157184 --------- C:\WINDOWS\SYSTEM32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\SYSTEM32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\SYSTEM32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\SYSTEM32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\SYSTEM32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --------- C:\WINDOWS\SYSTEM32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\SYSTEM32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\SYSTEM32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\SYSTEM32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\SYSTEM32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TV Media"="C:\\Program Files\\TV Media\\Tvm.exe"
"Aida"="\"C:\\PROGRA~1\\COMMON~1\\SMANTE~1\\svchost.exe\" -vt mt"
"Bdurqsp"="C:\\WINDOWS\\SYSTEM32\\?ecurity\\w?nspool.exe"
"H/PC Connection Agent"="\"C:\\PROGRA~1\\MICROS~4\\wcescomm.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dell|Alert"="C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 7.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 7.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 7.0 Tray Icon"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\GMT\\GMT.exe /startup"
"item"="GStartup"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Microsoft Works Calendar Reminders"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PowerPanel.lnk"
"backup"="C:\\WINDOWS\\pss\\PowerPanel.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\CYBERP~1\\POWERP~1\\PowPanel.exe "
"item"="PowerPanel"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eetu"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\rdso\\eetu.exe\" -vt mt"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alchem"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\alchem.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMESys"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContextUninstall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="STUninstall"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\STUninstall.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Des]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="r?gedit"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\r?gedit.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnyxzoe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uhqgbl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\uhqgbl.exe r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inetgt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="inetgt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\inetgt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kazaa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DownloadWare\\dw.exe\" /H"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AolPassHack"
"hkey"="HKLM"
"command"="C:\\Program Files\\KaZaA\\My Shared Folder\\AolPassHack.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Moauxkn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pnex"
"hkey"="HKLM"
"command"="C:\\Program Files\\Xoec\\Pnex.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msbb"
"hkey"="HKLM"
"command"="c:\\program files\\internet optimizer\\sim\\msbb.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="navapw32"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="P2P Networking"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sc"
"hkey"="HKLM"
"command"="C:\\windows\\slog\\sc.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="se"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\se\\v11\\se.EXE\" /H"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TempLoader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Loader"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\Hum\\LOCALS~1\\Temp\\Loader.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tgcmd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe /server /startmonitor /deaf"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Tvm"
"hkey"="HKLM"
"command"="C:\\Program Files\\TV Media\\Tvm.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="updmgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common files\\updmgr\\updmgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.EXE 1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\WeatherCast\\Weather.exe\" /q"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebRebates0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Web_Rebates\\WebRebates0.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Save\\Save.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Search"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WhenUSearch\\Search.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cdaEngine0500"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WildTangent\\Apps\\CDA\\GameDrvr.exe\" /startup \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0500.dll\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Files]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dnetc"
"hkey"="HKLM"
"command"="C:\\Program Files\\microsoft hardware\\dnetc.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WToolsA"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wrzylhpxigf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ybdzik]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zurw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zurwm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\zurw\\zurwm.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{12EE7A5E-0674-42f9-A76B-000000004D00}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe stlb2.dll,DllRunMain"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamini.exe"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\%s"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 07-01-15 1:33:54
C:\ComboFix2.txt ... 07-01-14 23:18
"Hum" - 07-01-15 1:29:38 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Hum\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\svchost.exe
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\S?mantec
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1
C:\qoobox\purity\WINDOWS\SYSTEM32\ECURIT~1\w?nspool.exe
((((((((((((((((((((((((((((((( Files Created from 2006-12-15 to 2007-01-15 ))))))))))))))))))))))))))))))))))
2007-01-14 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek
2007-01-14 03:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-01-12 14:27 1,474 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-12 00:37 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-12 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-11 22:16 <DIR> d-------- C:\SmitfraudFix
2007-01-11 19:50 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\PC Tools
2007-01-11 19:33 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\SystemDoctor 2006 Free
2007-01-11 16:11 25,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2007-01-11 14:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 14:29 <DIR> d-------- C:\Program Files\MalwareBot
2007-01-11 14:20 <DIR> d-------- C:\Program Files\Malware-Wiped
2007-01-11 13:47 <DIR> d--hs---- C:\WA7P
2007-01-11 13:46 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\WinAntiVirus Pro 2007
2007-01-11 13:45 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-01-11 13:45 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-01-11 13:45 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-01-11 13:45 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-01-11 13:37 20,992 --a------ C:\WINDOWS\SYSTEM32\axlet.dll
2007-01-11 02:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-11 02:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-01-11 02:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-01-11 02:05 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-01-11 01:41 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-11 01:26 <DIR> d-------- C:\WINDOWS\peernet
2007-01-11 01:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-10 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-08 18:26 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\Google
2007-01-08 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-07 12:09 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-01-07 12:08 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-01-07 12:08 35,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-01-07 12:08 34,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-01-07 12:08 31,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-01-07 12:08 168,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-01-07 12:08 100,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-01-07 12:08 <DIR> d-------- C:\Program Files\McAfee.com
2007-01-07 12:07 <DIR> d-------- C:\Program Files\McAfee
2007-01-07 12:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-01-07 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-07 11:36 146 --a------ C:\DOCUME~1\Hum\Application Data\tvmuknwrd.dll
2007-01-06 19:12 <DIR> d-------- C:\DOCUME~1\Hum\Application Data\InstallShield
2007-01-06 19:08 57,344 --a------ C:\WINDOWS\SYSTEM32\zxrzo.dll
2007-01-05 15:19 23,856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-01-05 15:15 <DIR> d-------- C:\WINDOWS\EHome
2007-01-05 15:05 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-01-05 14:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-01-05 14:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-05 14:40 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-01-05 14:40 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-01-05 14:40 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-01-05 14:40 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-01-05 14:40 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-01-05 14:40 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-01-04 14:28 <DIR> d-------- C:\Program Files\support.com
2007-01-04 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Support.com
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-14 03:41 -------- d-------- C:\Program Files\messenger
2007-01-11 03:35 -------- d-------- C:\Program Files\whenusearch
2007-01-11 03:30 -------- d-------- C:\Program Files\modem helper
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft works
2007-01-11 03:30 -------- d-------- C:\Program Files\microsoft picture it! 2002
2007-01-11 03:30 -------- d-------- C:\Program Files\aim95
2007-01-11 02:55 -------- d-------- C:\Program Files\Common Files\real
2007-01-11 02:12 -------- d---s---- C:\DOCUME~1\Hum\Application Data\microsoft
2007-01-11 02:01 2508 --a------ C:\DOCUME~1\Hum\Application Data\$_hpcst$.hpc
2007-01-11 02:00 -------- d-------- C:\Program Files\microsoft activesync
2007-01-11 01:26 -------- d-------- C:\Program Files\movie maker
2007-01-11 01:20 -------- d-------- C:\Program Files\windows nt
2007-01-08 13:17 -------- d-------- C:\Program Files\google
2007-01-07 12:18 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-07 12:17 -------- d-------- C:\Program Files\symantec
2007-01-07 11:36 0 --a------ C:\DOCUME~1\Hum\Application Data\tvmknwrd.dll
2007-01-05 14:49 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 21:27 -------- d--h----- C:\Program Files\installshield installation information
2006-12-14 13:08 -------- d-------- C:\Program Files\samsung
2006-12-08 23:57 -------- d-------- C:\DOCUME~1\Hum\Application Data\real
2006-12-08 23:55 -------- d-------- C:\Program Files\real
2006-12-08 23:27 22768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\SYSTEM32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadve.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmvadvd.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\wdfapi.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\SYSTEM32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\SYSTEM32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\SYSTEM32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\SYSTEM32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\SYSTEM32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\SYSTEM32\mp4sdecd.dll
2006-10-18 21:47 314880 --------- C:\WINDOWS\SYSTEM32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\SYSTEM32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\SYSTEM32\audiodev.dll
2006-10-18 21:47 27136 --------- C:\WINDOWS\SYSTEM32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\SYSTEM32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-10-18 21:47 242688 --------- C:\WINDOWS\SYSTEM32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-10-18 21:47 227328 --------- C:\WINDOWS\SYSTEM32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\SYSTEM32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\SYSTEM32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\SYSTEM32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\SYSTEM32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\SYSTEM32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\SYSTEM32\wmvencod.dll
2006-10-18 21:47 157184 --------- C:\WINDOWS\SYSTEM32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\SYSTEM32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\SYSTEM32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\SYSTEM32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\SYSTEM32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --------- C:\WINDOWS\SYSTEM32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\SYSTEM32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\SYSTEM32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\SYSTEM32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\SYSTEM32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TV Media"="C:\\Program Files\\TV Media\\Tvm.exe"
"Aida"="\"C:\\PROGRA~1\\COMMON~1\\SMANTE~1\\svchost.exe\" -vt mt"
"Bdurqsp"="C:\\WINDOWS\\SYSTEM32\\?ecurity\\w?nspool.exe"
"H/PC Connection Agent"="\"C:\\PROGRA~1\\MICROS~4\\wcescomm.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dell|Alert"="C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 7.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 7.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 7.0 Tray Icon"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\GMT\\GMT.exe /startup"
"item"="GStartup"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Microsoft Works Calendar Reminders"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PowerPanel.lnk"
"backup"="C:\\WINDOWS\\pss\\PowerPanel.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\CYBERP~1\\POWERP~1\\PowPanel.exe "
"item"="PowerPanel"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eetu"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\rdso\\eetu.exe\" -vt mt"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alchem"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\alchem.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMESys"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContextUninstall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="STUninstall"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\STUninstall.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Des]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="r?gedit"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\r?gedit.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnyxzoe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uhqgbl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\uhqgbl.exe r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inetgt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="inetgt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\inetgt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kazaa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DownloadWare\\dw.exe\" /H"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AolPassHack"
"hkey"="HKLM"
"command"="C:\\Program Files\\KaZaA\\My Shared Folder\\AolPassHack.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Moauxkn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pnex"
"hkey"="HKLM"
"command"="C:\\Program Files\\Xoec\\Pnex.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msbb"
"hkey"="HKLM"
"command"="c:\\program files\\internet optimizer\\sim\\msbb.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="navapw32"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="P2P Networking"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sc"
"hkey"="HKLM"
"command"="C:\\windows\\slog\\sc.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="se"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\se\\v11\\se.EXE\" /H"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TempLoader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Loader"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\Hum\\LOCALS~1\\Temp\\Loader.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tgcmd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe /server /startmonitor /deaf"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Tvm"
"hkey"="HKLM"
"command"="C:\\Program Files\\TV Media\\Tvm.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="updmgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common files\\updmgr\\updmgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.EXE 1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\WeatherCast\\Weather.exe\" /q"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebRebates0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Web_Rebates\\WebRebates0.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Save\\Save.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Search"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WhenUSearch\\Search.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cdaEngine0500"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WildTangent\\Apps\\CDA\\GameDrvr.exe\" /startup \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0500.dll\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Files]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dnetc"
"hkey"="HKLM"
"command"="C:\\Program Files\\microsoft hardware\\dnetc.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WToolsA"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wrzylhpxigf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ybdzik]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jbzvvhk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jbzvvhk.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zurw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zurwm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\zurw\\zurwm.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{12EE7A5E-0674-42f9-A76B-000000004D00}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe stlb2.dll,DllRunMain"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamini.exe"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\%s"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 07-01-15 1:33:54
C:\ComboFix2.txt ... 07-01-14 23:18
#12
Posted 15 January 2007 - 01:12 AM
Wow, nice collection you have there.....
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
Thanks,
Excal
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
- Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
- Now click the Run Scan button on the toolbar.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Thanks,
Excal
#13
Posted 15 January 2007 - 10:48 AM
i downloaded the Winpfind3u and started my scan, however in the middle of the scan the program freezes and my task manger say that it in't responding. Please help
#14
Posted 15 January 2007 - 11:37 AM
Ok
Depending on how large your hard drive is task Manager could say that WPF is not responding when in reality it is performing the file scanning. Check what the status bar says at the bottom to see if the program is actually stalling and where that point is. If it is doing the file scanning the status bar will continually update with what file is being scanned (even when Task Manager says it is not responding).
Try it again and let me know. It may take a while, so leave it running if you have that opportunity.
Excal
Depending on how large your hard drive is task Manager could say that WPF is not responding when in reality it is performing the file scanning. Check what the status bar says at the bottom to see if the program is actually stalling and where that point is. If it is doing the file scanning the status bar will continually update with what file is being scanned (even when Task Manager says it is not responding).
Try it again and let me know. It may take a while, so leave it running if you have that opportunity.
Excal
#15
Posted 15 January 2007 - 01:28 PM
well i've activated the scan and kept up with the status bar but when it gets to a certain file called "C:/WINDOWS/setupapi.log.0.old " it freezes. the scan has been running now for over an hour and is still continuing to run ( but i think its stuck). what am i to do.?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users