Lingering virus removal problems

Status
Not open for further replies.
J

jamesmouse

New member
I reciently removed VUNDO.H TROJAN from my computer. Still having problems with spyware and possible viruses. These are the scans I did.
 
Logfile of HijackThis v1.99.1
Scan saved at 8:57:07 PM, on 11/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kktools\userdump.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.ex

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.
 
Last edited by a moderator:
StartupList report, 11/17/2006, 9:54:46 PM
StartupList version: 1.52.2
Started from : C:\DOCUME~1\Owner\LOCALS~1\Temp\QZTEMP\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
* Including empty and uninteresting sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kktools\userdump.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
G:\ICON.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
G:\ICON.EXE
G:\ICON.EXE
G:\ICON.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\QuickZip4\QuickZip.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\QZTEMP\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,lucnbym.exe

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
LogitechVideoRepair = C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray = C:\Program Files\Logitech\Video\LogiTray.exe
SpyCatcher Reminder = "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
PinnacleDriverCheck = C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

DW4 = "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
LogitechSoftwareUpdate = "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
iolo Task Agent = C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Yahoo! Pager = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=Interceptor.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe,
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - (no file) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll - {0A87E45F-537A-40B4-B812-E2544C21A09F}
(no name) - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll - {1E8A6170-7264-4D0F-BEAE-D42A53123C75}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
(no name) - (no file) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6}
(no name) - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton Internet Security - Run Full System Scan - Owner.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[SupportSoft SmartIssue]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlsi.dll
CODEBASE = http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab

[SupportSoft RemoteControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ssrc.dll
CODEBASE = http://symantec.atgnow.com/sdccommon/download/ssrc.cab

[SupportSoft Listener Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\sprtctlln.dll
CODEBASE = http://symantec.atgnow.com/sdccommon/download/sprtctlln.cab

[Controller Class]
InProcServer32 = C:\WINDOWS\System32\WINSSWEBAGENT.DLL
CODEBASE = https://www.windowsonecare.com/install/cli/1.1.1067.8/WinSSWebAgent.CAB

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab

[SysData Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SysInfo.dll
CODEBASE = http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab

[WXcom Class]
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163388269875

[XML DOM Document 4.0]
InProcServer32 = %SystemRoot%\system32\msxml4.dll
CODEBASE = http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/msxml4.cab

[Java Plug-in 1.3.1_02]
InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1_02\bin\npjava131_02.dll
CODEBASE = http://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab

[YahooYMailTo Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
CODEBASE = http://download.yahoo.com/dl/installs/ymail/ymmapi.dll

[Java Plug-in 1.3.1_02]
InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1_02\bin\npjava131_02.dll
CODEBASE = http://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab

[Java Plug-in 1.4.0_01]
InProcServer32 = C:\Program Files\Java\j2re1.4.0\bin\npjpi140_01.dll
CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_01-win.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx
CODEBASE = https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: *Registry key not found*
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 18,242 bytes
Report generated in 0.078 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 
I think my main problem is I have a file in SystemRoot and all files and folders thats called unvise32.exe with a red circle and red line through the center of circle. I removed another file that looked just like it called unvise32qt which google says is a virus. I get blue screen error message when i try to use F10 System Recovery. STOP: c000021a {Fatal System Error}
 
Smitfraud-C Spybot unable to remove 11/17/06

Hi, I've run spybot 3 times once in SAFE Mode and every time i get 2 entries of Smitfraud and spybot says restart and run again, could not remove this.
 
Hi again.

None of the HijackThis logs you posted were complete :(

Please post a full HijackThis log beginning from "Logfile of HijackThi...."
(If the log is too long, please use multiple answers)

:bigthumb:
 
Logfile of HijackThis v1.99.1
Scan saved at 4:24:00 PM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
 
Last edited by a moderator:
.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,lucnbym.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [ypagerps] cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll"
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
 
Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} (SupportSoft RemoteControl Class) - http://symantec.atgnow.com/sdccommon/download/ssrc.cab
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} (SupportSoft Listener Control) - http://symantec.atgnow.com/sdccommon/download/sprtctlln.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.8/WinSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) -

scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163388269875
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/msxml4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: Interceptor.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: netdns - C:\WINDOWS\
O20 - Winlogon Notify: vbbin - C:\WINDOWS\
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O23 - Service: Microsoft ASPI Manager (aspi113210) - Pinnacle Systems GmbH - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
 
Last edited by a moderator:
Hi again :)

Was that HijackThis log taken from the safe mode ? Next time you post it, do it from the normal mode...

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
 
Scan in safe mode

Hi, Thanks for the reply. Yes I believe I did that scan in safe mode. I'll do another in regular mode and post. I ran the VUNDO scan you sugested and it came up with nothing. I was last week getting Winantivirus popups and search the web and found out its a scam with vundo trojan in it. I found VUNDO just by typing in vundo in search in Windows and deleted it.
I was looking around Microsoft downloads today and noticed they have a malware scan I could do. I did that and came up with a little Trojan called Win32/Mimail.gen. I looked at Microsofts asisment of it and they said it was 1st detected about 2 months ago. I looked around Symantech and they had a scan/fix for TROJAN.ALEMOD which was a few years old for Win32/Mimail.gen. It found nothing. I have Norton Internet security installed. Thanks James W
 
Logfile of HijackThis v1.99.1
Scan saved at 2:05:55 AM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kktools\userdump.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,lucnbym.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} (SupportSoft RemoteControl Class) - http://symantec.atgnow.com/sdccommon/download/ssrc.cab
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} (SupportSoft Listener Control) - http://symantec.atgnow.com/sdccommon/download/sprtctlln.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.8/WinSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163388269875
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/msxml4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: Interceptor.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: netdns - C:\WINDOWS\
O20 - Winlogon Notify: vbbin - C:\WINDOWS\
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O23 - Service: Microsoft ASPI Manager (aspi113210) - Pinnacle Systems GmbH - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
 
Last edited by a moderator:
Hi again :)

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
Owner - 06-11-19 15:36:07.78 Service Pack 2
ComboFix 06.11.19 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\{3C36F5A0-05FC-1033-0821-031113020001}
C:\Program Files\Common Files\{CC36F5A0-05FC-1033-0821-031113020001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\WNSXS~1
C:\QooBox\Purity\Program Files\Common Files\STEM32~1
C:\QooBox\Purity\WINDOWS\FNTS~1
C:\QooBox\Purity\WINDOWS\SSTEM3~1
C:\QooBox\Purity\WINDOWS\FNTS~1\FNTS~1
C:\QooBox\Purity\WINDOWS\system32\ICROSO~1.NET


((((((((((((((((((((((((((((((( Files Created from 2006-10-19 to 2006-11-19 ))))))))))))))))))))))))))))))))))


2006-11-19 10:22 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2006-11-18 20:59 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2006-11-18 20:59 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2006-11-18 20:59 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2006-11-18 20:59 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2006-11-18 20:58 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2006-11-18 20:58 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2006-11-18 20:58 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2006-11-18 20:58 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2006-11-18 20:58 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2006-11-18 20:58 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2006-11-18 20:58 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2006-11-18 20:58 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2006-11-18 20:58 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2006-11-18 20:58 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2006-11-18 20:58 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2006-11-18 20:58 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2006-11-18 20:57 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-11-18 20:57 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-11-18 20:57 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2006-11-18 20:57 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-11-18 20:57 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-11-18 20:57 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-11-18 20:57 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-11-17 21:25 <DIR> d-------- C:\WINDOWS\Application Data
2006-11-17 19:18 <DIR> d-------- C:\New Folder (2)
2006-11-17 19:17 <DIR> d-------- C:\New Folder
2006-11-17 17:04 <DIR> d-------- C:\Documents and Settings\Owner\.java
2006-11-17 03:13 <DIR> d-------- C:\VundoFix Backups
2006-11-17 02:58 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-17 02:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-17 01:41 <DIR> d-------- C:\fixwareout
2006-11-15 21:10 60,720 --a------ C:\WINDOWS\system32\drivers\userdump.sys
2006-11-15 21:10 <DIR> d-------- C:\WINDOWS\system32\kktools
2006-11-15 20:57 <DIR> d-------- C:\kktools
2006-11-15 17:03 12,928 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2006-11-15 14:40 <DIR> d-------- C:\WINDOWS\cache
2006-11-14 21:19 31,924 --a------ C:\WINDOWS\system32\drivers\DVC150B.sys
2006-11-14 18:52 458,112 --a------ C:\WINDOWS\system32\drivers\MarvinUsb.sys
2006-11-14 18:52 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2006-11-14 18:39 <DIR> d-------- C:\Program Files\Pinnacle Systems
2006-11-14 17:45 81,920 --------- C:\WINDOWS\system32\vdrmux.dll
2006-11-14 17:45 76,800 --------- C:\WINDOWS\system32\Lfwmf13n.dll
2006-11-14 17:45 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
2006-11-14 17:45 73,728 --------- C:\WINDOWS\system32\lffax13n.dll
2006-11-14 17:45 65,536 --------- C:\WINDOWS\system32\Lfpct13n.dll
2006-11-14 17:45 46,592 --------- C:\WINDOWS\system32\vdrcodec.dll
2006-11-14 17:45 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll
2006-11-14 17:45 40,960 --------- C:\WINDOWS\system32\langserv.dll
2006-11-14 17:45 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL
2006-11-14 17:45 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
2006-11-14 17:45 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll
2006-11-14 17:45 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll
2006-11-14 17:45 278,016 --------- C:\WINDOWS\system32\LFJ2K13n.dll
2006-11-14 17:45 24,576 --------- C:\WINDOWS\system32\lftga13n.dll
2006-11-14 17:45 204,881 --------- C:\WINDOWS\system32\DiskIO.dll
2006-11-14 17:45 18,432 --------- C:\WINDOWS\system32\Cachex.dll
2006-11-14 17:45 155,721 --------- C:\WINDOWS\system32\RALMain.dll
2006-11-14 17:45 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL
2006-11-14 17:45 143,360 --------- C:\WINDOWS\system32\lftif13n.dll
2006-11-14 17:45 114,759 --------- C:\WINDOWS\system32\Aviprax.dll
2006-11-14 17:45 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll
2006-11-14 17:31 <DIR> d-------- C:\Program Files\SmartSound Software
2006-11-14 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2006-11-14 17:28 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2006-11-14 17:28 <DIR> d-------- C:\Program Files\QuickTime
2006-11-14 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2006-11-14 17:27 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
2006-11-14 17:22 90,112 --a------ C:\WINDOWS\unvise32.exe
2006-11-14 17:22 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
2006-11-14 17:22 19,456 --a------ C:\WINDOWS\system32\asapi.dll
2006-11-14 17:22 11,264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys
2006-11-14 17:18 61,440 --a------ C:\WINDOWS\system32\pclepim1.dll

2006-11-14 17:18 61,440 --a------ C:\WINDOWS\system32\pclepim1.dll
2006-11-14 17:18 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
2006-11-14 17:15 <DIR> d-------- C:\Program Files\Pinnacle
2006-11-14 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2006-11-14 15:04 307,200 --a-s---- C:\WINDOWS\system32\InterceptHelper.dll
2006-11-14 15:04 176,128 --a-s---- C:\WINDOWS\system32\Interceptor.dll
2006-11-14 15:04 <DIR> d-------- C:\Program Files\SpyCatcher 2006
2006-11-14 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2006-11-14 13:30 <DIR> d-------- C:\Program Files\CyberLink
2006-11-14 10:36 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2006-11-14 10:36 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-11-14 10:36 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2006-11-14 10:36 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-11-14 10:36 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2006-11-14 10:36 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2006-11-14 10:35 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-11-14 10:18 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-14 09:09 913,280 -ra------ C:\WINDOWS\system32\drivers\LV302AV.SYS
2006-11-14 09:09 7,136 -ra------ C:\WINDOWS\system32\drivers\lv302af.sys
2006-11-14 09:09 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2006-11-14 09:09 22,016 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2006-11-14 09:09 204,800 -ra------ C:\WINDOWS\system32\LVUI2.dll
2006-11-14 09:09 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2006-11-14 09:09 2,180,096 -ra------ C:\WINDOWS\system32\drivers\LVSVF2.sys
2006-11-14 09:09 106,496 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2006-11-14 09:01 <DIR> d-------- C:\Program Files\Common Files\FotoWire
2006-11-14 09:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\FotoWire
2006-11-14 08:58 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2006-11-14 08:56 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll
2006-11-14 08:56 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll
2006-11-14 08:56 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2006-11-14 08:56 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll
2006-11-14 08:56 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll
2006-11-14 08:56 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll
2006-11-14 08:56 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll
2006-11-14 08:56 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
2006-11-14 08:56 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
2006-11-14 08:56 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll
2006-11-14 08:56 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
2006-11-14 08:56 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll
2006-11-14 08:56 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll
2006-11-14 08:56 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll
2006-11-14 08:56 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL
2006-11-14 06:57 <DIR> d-------- C:\Program Files\The Weather Channel FW
2006-11-14 06:56 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2006-11-14 04:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2006-11-13 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2006-11-13 21:10 <DIR> d-------- C:\Program Files\Common Files\HP
2006-11-13 20:55 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-11-13 20:45 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2006-11-13 20:45 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2006-11-13 20:44 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2006-11-13 20:43 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-11-13 20:41 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2006-11-13 20:41 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2006-11-13 20:41 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2006-11-13 20:41 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2006-11-13 20:41 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2006-11-13 20:39 <DIR> d-------- C:\Program Files\HP
2006-11-13 16:57 <DIR> d-------- C:\Program Files\XoftSpy
2006-11-13 04:03 59,392 --------- C:\WINDOWS\system32\ltremove.exe
2006-11-13 04:03 <DIR> d-------- C:\WINDOWS\Options
2006-11-13 04:00 9,196,032 --------- C:\WINDOWS\system32\RTLCPL.exe
2006-11-13 04:00 69,632 --------- C:\WINDOWS\soundman.exe
2006-11-13 04:00 57,344 --a------ C:\WINDOWS\ALCXMNTR.EXE
2006-11-13 04:00 40,448 --------- C:\WINDOWS\system32\ChCfg.exe
2006-11-13 04:00 208,896 --------- C:\WINDOWS\alcupd.exe
2006-11-13 04:00 156,672 --------- C:\WINDOWS\system32\RtlCPAPI.dll
2006-11-13 04:00 139,264 --------- C:\WINDOWS\alcrmv.exe
2006-11-13 01:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Tenebril
2006-11-13 01:39 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2006-11-13 01:39 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2006-11-13 01:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2006-11-13 01:30 78,488 --a------ C:\WINDOWS\system32\XMD5.dll
2006-11-13 01:30 <DIR> d-------- C:\Program Files\SpywareBot
2006-11-13 01:06 <DIR> d-------- C:\Program Files\Symantec Technical Support
2006-11-13 00:26 <DIR> d-------- C:\Program Files\Norton Internet Security
2006-11-13 00:25 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-11-13 00:25 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-11-13 00:24 <DIR> d-------- C:\Program Files\Symantec
2006-11-12 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2006-11-12 23:29 <DIR> d-------- C:\Program Files\Security Task Manager
2006-11-12 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-11-12 19:11 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-12 19:11 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-12 19:09 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-12 19:07 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-12 15:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Help
2006-11-12 15:03 309,248 --a------ C:\WINDOWS\system32\Incinerator.dll
2006-11-12 15:03 <DIR> d-------- C:\Program Files\iolo
2006-11-12 05:22 <DIR> d-------- C:\Program Files\RegistrySmart
2006-11-11 17:09 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-11-11 17:09 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-11-11 14:32 <DIR> d-------- C:\kav
2006-11-11 10:13 <DIR> d-------- C:\Program Files\Common Files\AOL
2006-11-11 10:13 <DIR> d-------- C:\Program Files\AOL
2006-11-11 10:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Aim
2006-11-11 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2006-11-11 10:12 <DIR> d-------- C:\Program Files\AOD
2006-11-11 10:12 <DIR> d-------- C:\Program Files\AIM
2006-11-11 10:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2006-11-10 21:02 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-11-10 21:01 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-11-10 21:01 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-11-10 21:01 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-11-10 21:01 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-11-10 21:01 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-11-10 21:00 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-11-10 21:00 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-11-10 20:59 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-11-10 20:59 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-11-10 20:41 <DIR> d-------- C:\Program Files\Common Files\Logitech
2006-11-10 20:40 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2006-11-10 20:40 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2006-11-10 20:40 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2006-11-10 20:40 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2006-11-10 20:40 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2006-11-10 20:40 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2006-11-10 20:40 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2006-11-10 20:40 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2006-11-10 20:39 <DIR> d-------- C:\Program Files\Logitech
2006-11-10 18:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Paltalk
2006-11-08 18:34 <DIR> d-------- C:\WINDOWS\Paltalk Messenger
2006-11-08 18:34 <DIR> d-------- C:\Program Files\Paltalk Messenger
2006-11-08 16:24 <DIR> d--h----- C:\WINDOWS\PIF
2006-11-08 16:19 <DIR> d-------- C:\WINDOWS\Minidump
2006-11-08 10:53 <DIR> d-------- C:\Program Files\QuickZip4
2006-11-08 10:46 <DIR> d-------- C:\Program Files\EndItAll
2006-11-08 06:15 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-08 06:08 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2006-11-08 01:37 <DIR> d-------- C:\WINDOWS\Prefetch
2006-11-08 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-11-08 00:38 <DIR> d-------- C:\WINDOWS\provisioning
2006-11-08 00:38 <DIR> d-------- C:\WINDOWS\peernet
2006-11-08 00:31 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2006-11-08 00:21 <DIR> d-------- C:\WINDOWS\EHome
2006-11-08 00:11 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-11-07 21:54 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-11-07 21:54 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-11-07 21:54 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-11-07 21:41 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-11-07 21:41 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-11-07 21:41 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-11-07 21:41 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-11-07 21:40 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-11-07 21:40 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-11-07 21:40 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-11-07 21:40 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-11-07 21:40 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-11-07 21:40 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-11-07 21:40 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-11-07 21:40 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-11-07 21:40 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-11-07 21:40 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-11-07 21:40 15,120 --
 
Last edited by a moderator:
page 3

2006-11-07 21:40 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-11-07 21:40 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-11-07 21:40 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-11-07 20:56 <DIR> d-------- C:\WINDOWS\CAVTemp
2006-11-06 21:53 <DIR> d-------- C:\WINDOWS\pss
2006-11-06 20:36 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-11-06 20:33 <DIR> drah----- C:\Documents and Settings\Owner\Application Data\yahoo!
2006-11-06 19:42 <DIR> d--hs---- C:\Documents and Settings\Owner\UserData
2006-11-06 17:59 243,824 --a------ C:\WINDOWS\unicows.dll
2006-11-06 17:58 <DIR> d-------- C:\Program Files\Common Files\Scanner
2006-11-06 17:53 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2006-11-06 17:52 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2006-11-06 17:51 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-11-06 17:51 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2006-11-06 17:51 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-11-06 17:51 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-11-06 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2006-11-06 17:42 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-11-06 16:03 275,576 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2006-11-06 16:03 245,880 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2006-11-06 16:03 24,184 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2006-11-05 22:31 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2006-11-05 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2006-11-05 19:04 <DIR> d-------- C:\WINDOWS\system32\bits
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 10:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-02 12:34 <DIR> d-------- C:\Program Files\Common Files\ozzz
2006-11-02 12:29 <DIR> d-------- C:\WINDOWS\ozzz
2006-11-02 08:04 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-02 08:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-11-02 08:04 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-11-02 03:33 <DIR> d-------- C:\Program Files\àdobe
2006-11-02 03:33 <DIR> d-------- C:\Program Files\Common Files\àdobe
2006-11-01 18:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2006-11-01 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2006-11-01 18:04 <DIR> d-------- C:\WINDOWS\EDCD4CE3DE9249A987F9FE09B2FBA16C.TMP
2006-11-01 11:40 <DIR> dr-h----- C:\Documents and Settings\Owner\Recent
2006-11-01 11:40 <DIR> d--hs---- C:\WINDOWS\SmFtZXMgV2FzaGJ1cm4
2006-11-01 11:40 <DIR> d--h----- C:\Config.Msi
2006-11-01 11:40 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-10-31 11:20 969 --a------ C:\WINDOWS\system32\winpfg32.sys
2006-10-31 11:11 1,259 --a------ C:\WINDOWS\system32\kca8d05e.sys
2006-10-31 10:51 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2006-10-31 10:29 <DIR> d--hs---- C:\RECYCLER
2006-10-31 08:44 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-10-31 08:44 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-10-31 08:44 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-10-31 08:44 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-31 08:40 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-31 08:40 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-10-31 08:40 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-31 08:40 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-10-31 08:40 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-31 08:40 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-31 08:40 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-10-31 08:32 <DIR> d-------- C:\6in1ico
2006-10-31 08:31 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2006-10-31 08:31 24,576 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2006-10-31 08:30 40,960 --a------ C:\WINDOWS\AolCInUn.exe
2006-10-31 08:17 <DIR> d--hs---- C:\System Volume Information
2006-10-31 08:16 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-31 08:16 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2006-10-31 08:16 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-31 08:16 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-10-31 08:16 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-31 08:16 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2006-10-31 08:16 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2006-10-31 08:16 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2006-10-31 08:16 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-31 08:16 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-31 08:16 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-10-31 08:15 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-31 08:15 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-31 08:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-10-31 07:10 <DIR> d-------- C:\i386
2006-10-31 07:02 <DIR> drah----- C:\Documents and Settings\Owner\SendTo
2006-10-31 07:02 <DIR> dra-s---- C:\WINDOWS\assembly
2006-10-31 07:02 <DIR> dra------ C:\WINDOWS\Offline Web Pages
2006-10-31 07:02 <DIR> dra------ C:\Documents and Settings\Owner\My Documents
2006-10-31 07:02 <DIR> dra------ C:\Documents and Settings\Owner\Favorites
2006-10-31 07:02 <DIR> dra------ C:\Documents and Settings\All Users\Documents
2006-10-31 07:02 <DIR> d-ahs---- C:\Program Files\..
2006-10-31 07:02 <DIR> d-ah----- C:\Documents and Settings\Owner\Application Data\.
2006-10-31 07:02 <DIR> d-ah----- C:\Documents and Settings\Owner\Application Data
2006-10-31 07:02 <DIR> d-ah----- C:\Documents and Settings\All Users\Application Data\.
2006-10-31 07:02 <DIR> d-ah----- C:\Documents and Settings\All Users\Application Data
2006-10-31 07:02 <DIR> d-a------ C:\Program Files\.
2006-10-31 07:02 <DIR> d-a------ C:\Program Files
2006-10-31 07:02 <DIR> d-a------ C:\Documents and Settings\Owner\Start Menu
2006-10-31 07:02 <DIR> d-a------ C:\Documents and Settings\All Users\Start Menu
2006-10-31 07:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\..
2006-10-31 07:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
2006-10-31 07:00 <DIR> drahsc--- C:\WINDOWS\system32\dllcache
2006-10-27 15:09 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system
 
page 4

2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-21 16:42 618328 --a------ C:\WINDOWS\system32\WINSSWEBAGENT.DLL
2006-09-12 21:09 1110528 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-02 11:35 613056 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-09-02 11:35 239808 --a------ C:\WINDOWS\system32\SymRedir.dll
2006-08-25 07:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 04:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 01:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DW4"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"iolo Task Agent"="C:\\Program Files\\iolo\\Common\\Task Agent\\Task_Agent.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,f0,00,00,00,00,00,00,00,30,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,f0,00,00,00,00,00,00,00,30,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ForceClassicControlPanel"=dword:00000001
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^aaaaaaca.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\aaaaaaca.t"
"backup"="C:\\WINDOWS\\pss\\aaaaaaca.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\aaaaaaca.t"
"item"="aaaaaaca"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^aaaaaepa.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\aaaaaepa.t"
"backup"="C:\\WINDOWS\\pss\\aaaaaepa.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\aaaaaepa.t"
"item"="aaaaaepa"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^aaaaaiox.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\aaaaaiox.t"
"backup"="C:\\WINDOWS\\pss\\aaaaaiox.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\aaaaaiox.t"
"item"="aaaaaiox"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dgyrwefr.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\dgyrwefr.t"
"backup"="C:\\WINDOWS\\pss\\dgyrwefr.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\dgyrwefr.t"
"item"="dgyrwefr"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gmxjtily.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\gmxjtily.t"
"backup"="C:\\WINDOWS\\pss\\gmxjtily.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\gmxjtily.t"
"item"="gmxjtily"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gmxjtimw.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\gmxjtimw.t"
"backup"="C:\\WINDOWS\\pss\\gmxjtimw.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\gmxjtimw.t"
"item"="gmxjtimw"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gmxjtuyk.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\gmxjtuyk.t"
"backup"="C:\\WINDOWS\\pss\\gmxjtuyk.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\gmxjtuyk.t"
"item"="gmxjtuyk"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Image Zone Fast Start.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone Fast Start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^jswbqhir.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\jswbqhir.t"
"backup"="C:\\WINDOWS\\pss\\jswbqhir.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\jswbqhir.t"
"item"="jswbqhir"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^jswbqmfs.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\jswbqmfs.t"
"backup"="C:\\WINDOWS\\pss\\jswbqmfs.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\jswbqmfs.t"
"item"="jswbqmfs"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^jswbqqaf.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\jswbqqaf.t"
"backup"="C:\\WINDOWS\\pss\\jswbqqaf.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\jswbqqaf.t"
"item"="jswbqqaf"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^jswbqqed.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\jswbqqed.t"
"backup"="C:\\WINDOWS\\pss\\jswbqqed.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\jswbqqed.t"
"item"="jswbqqed"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^jswbqqeg.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\jswbqqeg.t"
"backup"="C:\\WINDOWS\\pss\\jswbqqeg.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\jswbqqeg.t"
"item"="jswbqqeg"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^jswbqqil.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\jswbqqil.t"
"backup"="C:\\WINDOWS\\pss\\jswbqqil.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\jswbqqil.t"
"item"="jswbqqil"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^jswbqulf.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\jswbqulf.t"
"backup"="C:\\WINDOWS\\pss\\jswbqulf.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\jswbqulf.t"
"item"="jswbqulf"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^myvsnqte.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\myvsnqte.t"
"backup"="C:\\WINDOWS\\pss\\myvsnqte.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\myvsnqte.t"
"item"="myvsnqte"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^myvsnsvp.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\myvsnsvp.t"
"backup"="C:\\WINDOWS\\pss\\myvsnsvp.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\myvsnsvp.t"
"item"="myvsnsvp"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^myvsnuoq.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\myvsnuoq.t"
"backup"="C:\\WINDOWS\\pss\\myvsnuoq.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\myvsnuoq.t"
"item"="myvsnuoq"
 
page 5

"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\myvsnuoq.t"
"item"="myvsnuoq"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PalStart.lnk"
"backup"="C:\\WINDOWS\\pss\\PalStart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\PALTAL~1\\palstart.exe "
"item"="PalStart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^pfukkupw.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\pfukkupw.t"
"backup"="C:\\WINDOWS\\pss\\pfukkupw.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\pfukkupw.t"
"item"="pfukkupw"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^pfukkurp.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\pfukkurp.t"
"backup"="C:\\WINDOWS\\pss\\pfukkurp.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\pfukkurp.t"
"item"="pfukkurp"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^pfukkyjd.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\pfukkyjd.t"
"backup"="C:\\WINDOWS\\pss\\pfukkyjd.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\pfukkyjd.t"
"item"="pfukkyjd"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^pfukkyxx.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\pfukkyxx.t"
"backup"="C:\\WINDOWS\\pss\\pfukkyxx.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\pfukkyxx.t"
"item"="pfukkyxx"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Scheduled Updates.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Scheduled Updates.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Quicken\\bagent.exe "
"item"="Quicken Scheduled Updates"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^sltchddd.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\sltchddd.t"
"backup"="C:\\WINDOWS\\pss\\sltchddd.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\sltchddd.t"
"item"="sltchddd"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^sltchdkf.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\sltchdkf.t"
"backup"="C:\\WINDOWS\\pss\\sltchdkf.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\sltchdkf.t"
"item"="sltchdkf"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^sltchhfg.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\sltchhfg.t"
"backup"="C:\\WINDOWS\\pss\\sltchhfg.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\sltchhfg.t"
"item"="sltchhfg"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^sltchybw.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\sltchybw.t"
"backup"="C:\\WINDOWS\\pss\\sltchybw.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\sltchybw.t"
"item"="sltchybw"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\SpyCatcher Protector.lnk"
"backup"="C:\\WINDOWS\\pss\\SpyCatcher Protector.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SPYCAT~1\\PROTEC~1.EXE "
"item"="SpyCatcher Protector"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^vrstedhy.t]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\vrstedhy.t"
"backup"="C:\\WINDOWS\\pss\\vrstedhy.tCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\vrstedhy.t"
"item"="vrstedhy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Scheduler.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Scheduler.lnk"
"backup"="C:\\WINDOWS\\pss\\Scheduler.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\SPYCAT~1\\SCHEDU~1.EXE "
"item"="Scheduler"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TA_Start.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\TA_Start.lnk"
"location"="Startup"
"command"="C:\\WINDOWS\\system32\\dsreg.exe SED001"
"item"="TA_Start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Think-Adz.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Think-Adz.lnk"
"location"="Startup"
"command"="C:\\WINDOWS\\system32\\owinqoem.exe SED001"
"item"="Think-Adz"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1pop06apelt3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="octeltpop"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCXMNTR"
"hkey"="HKLM"
"command"="ALCXMNTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\anotherap2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmpopoct"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CFD"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CAVTray"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CAVRID"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccRegVfy"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeluxeCommunications]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dxc"
"hkey"="HKLM"
 
Status
Not open for further replies.
Back
Top