Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

optimize.exe virus

Started by kellio , Jun 29 2006 03:57 PM

  • Please log in to reply

#1
kellio
Posted 29 June 2006 - 03:57 PM

kellio

    Member

  • Member
  • PipPip
  • 13 posts
Please help...here is my log..thanks!

Logfile of HijackThis v1.99.1
Scan saved at 5:56:47 PM, on 6/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Garrett Keating\My Documents\My Downloads\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {29D73455-3ADA-49BB-9067-44822F6728F5} - http://www.joga.com/.../uploadactx.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128013305187
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

Advertisements

#2
Wizard
Posted 04 July 2006 - 05:05 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi kellio and Welcome to GeekstoGo!

Sorry for the delays responding to your post.


Download WinPFind to your C Drive.
http://download.blee...r/winpfind2.zip

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)

From the WinPFind folder-> Doubleclick WinPFind.exe to launch the program.

Under File Options,Click the Select All tab.

Now,Click the "Files" Tab at the top and Click "Scan Files"

The scan will take a few minutes to complete.

Once you see Scan Complete,Click Configuration and then Click Export to Text

Click Yes to the prompt that follows and this will generate a log in the WinPFind folder


Restart Normal and Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply along with the WinPFind log.

  • 0

#3
kellio
Posted 10 July 2006 - 09:25 PM

kellio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Logfile created on: 07/10/2006 21:12
WinPFind2 - PreRelease 1.3.1 Folder = C:\WinPFind\
Microsoft Windows XP (Version = Service Pack 2)
Internet Explorer (Version - 6.0.2900.2180)





Files
Full Path Details
%SystemDrive%
%ProgramFilesDir%
%WinDir%
C:\WINDOWS\whCC-GIANT.exe UPX! [Ver = / Size = 226536 bytes] 10/17/2005 22:44
%System%
C:\WINDOWS\SYSTEM32\dfrg.msc AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213 [Ver = / Size = 41397 bytes] 07/16/2003 16:26
C:\WINDOWS\SYSTEM32\divx.dll PEC2 DivX, Inc. [Ver = 6.2.2.3 / Size = 619156 bytes] 04/19/2006 22:09
C:\WINDOWS\SYSTEM32\divx.dll PECompact2 DivX, Inc. [Ver = 6.2.2.3 / Size = 619156 bytes] 04/19/2006 22:09
C:\WINDOWS\SYSTEM32\LegitCheckControl.dll RIMAPPTECHNOLOGIES Microsoft Corporation [Ver = 1.5.0540.0 / Size = 571184 bytes] 06/19/2006 16:19
C:\WINDOWS\SYSTEM32\MRT.exe (PeCompact2) Microsoft Corporation [Ver = 1.17.1478.0 / Size = 5967776 bytes] 06/08/2006 21:19
C:\WINDOWS\SYSTEM32\MRT.exe (ASPack) Microsoft Corporation [Ver = 1.17.1478.0 / Size = 5967776 bytes] 06/08/2006 21:19
C:\WINDOWS\SYSTEM32\ntdll.dll .aspack Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 708096 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\rasdlg.dll \DuMonitor SendMessage(WM_RASEVENT) doneMicrosoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 657920 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\wbdbase.deu msubjsuchsullsupeswinsyncszens [Ver = / Size = 1309184 bytes] 07/16/2003 16:50
C:\WINDOWS\SYSTEM32\WgaTray.exe RIMAPPTECHNOLOGIES Microsoft Corporation [Ver = 1.5.0540.0 / Size = 304944 bytes] 06/19/2006 16:19
%System%\Drivers folder and sub-folders
C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys V90NEC, --------ERROR--------- occured in adaptechoSmart Link [Ver = 3.80.01MC15 / Size = 1309184 bytes] 08/04/2004 01:41
%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINDOWS\bootstat.dat [Ver = / Size = 2048 bytes] 07/10/2006 20:05 S
C:\WINDOWS\QTFont.qfn [Ver = / Size = 54156 bytes] 07/05/2006 12:45 H
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\Docklets\Animation\Thumbs.db [Ver = / Size = 3584 bytes] 07/03/2006 22:58 HS
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\Docklets\gfd\Thumbs.db [Ver = / Size = 182784 bytes] 07/03/2006 23:39 HS
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\Docklets\gfd\icons\Thumbs.db [Ver = / Size = 153088 bytes] 07/03/2006 23:39 HS
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\Docklets\Search\Thumbs.db [Ver = / Size = 28672 bytes] 07/03/2006 22:58 HS
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\Icons\Blaqua Applications\Labelled\Thumbs.db [Ver = / Size = 56320 bytes] 06/27/2006 21:29 HS
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\Icons\Blaqua Applications\Labelled\ico\Thumbs.db [Ver = / Size = 64512 bytes] 06/27/2006 23:10 HS
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\Icons\Blaqua Applications\Labelled\png\Thumbs.db [Ver = / Size = 273408 bytes] 06/27/2006 23:11 HS
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\Icons\Blaqua Applications\Unlabelled\Thumbs.db [Ver = / Size = 47104 bytes] 06/27/2006 21:22 HS
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\Icons\Blaqua Applications\Unlabelled\ico\Thumbs.db [Ver = / Size = 52736 bytes] 06/27/2006 23:10 HS
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\Icons\Blaqua Applications\Unlabelled\png\Thumbs.db [Ver = / Size = 252416 bytes] 06/27/2006 23:11 HS
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\Themes\Vista Inspirat\Thumbs.db [Ver = / Size = 4096 bytes] 07/03/2006 22:57 HS
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat [Ver = / Size = 13309 bytes] 05/14/2006 06:21 S
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat [Ver = / Size = 23751 bytes] 05/29/2006 12:16 S
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat [Ver = / Size = 10925 bytes] 05/18/2006 03:15 S
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat [Ver = / Size = 11043 bytes] 06/01/2006 16:28 S
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat [Ver = / Size = 7160 bytes] 06/19/2006 16:20 S
C:\WINDOWS\system32\config\default.LOG [Ver = / Size = 8192 bytes] 07/10/2006 20:05 H
C:\WINDOWS\system32\config\SAM.LOG [Ver = / Size = 1024 bytes] 07/10/2006 20:05 H
C:\WINDOWS\system32\config\SECURITY.LOG [Ver = / Size = 16384 bytes] 07/10/2006 20:05 H
C:\WINDOWS\system32\config\software.LOG [Ver = / Size = 73728 bytes] 07/10/2006 20:07 H
C:\WINDOWS\system32\config\system.LOG [Ver = / Size = 950272 bytes] 07/10/2006 20:05 H
C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG [Ver = / Size = 1024 bytes] 06/15/2006 03:05 H
C:\WINDOWS\system32\drivers\umdf\MsftWdf_user_01_00_00.Wdf [Ver = / Size = 0 bytes] 06/29/2006 19:48 H
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\a6b09ca3-d53e-4854-8319-4745bd2a87ca [Ver = / Size = 388 bytes] 05/14/2006 19:35 HS
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred [Ver = / Size = 24 bytes] 05/14/2006 19:35 HS
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\5c0cf735-f181-42b5-a2a5-39de7e24790b [Ver = / Size = 388 bytes] 05/14/2006 19:25 HS
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred [Ver = / Size = 24 bytes] 05/14/2006 19:25 HS
C:\WINDOWS\Tasks\SA.DAT [Ver = / Size = 6 bytes] 07/10/2006 20:04 H
CPL files
C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 68608 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 549888 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\bdeadmin.cpl Borland Software Corporation [Ver = 5.2.0.2 / Size = 184320 bytes] 10/07/2003 13:39
C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 110592 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 135168 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 80384 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 155136 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) / Size = 358400 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 129536 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 380416 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 68608 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\jpicpl32.cpl Sun Microsystems, Inc. [Ver = 5.0.40.5 / Size = 49265 bytes] 06/03/2005 03:52
C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation [Ver = 5.1.2403.1 / Size = 187904 bytes] 07/16/2003 16:32
C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 618496 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 35840 bytes] 07/16/2003 16:37
C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 25600 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) / Size = 257024 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\nvtuicpl.cpl NVIDIA Corporation [Ver = 6.14.10.4586 / Size = 143360 bytes] 01/08/2004 15:26
C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) / Size = 32768 bytes] 08/04/2004 03:56
C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) / Size = 114688 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\stac97.cpl SigmaTel Inc. [Ver = 1, 0, 0, 12 / Size = 102481 bytes] 04/06/2004 11:13
C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 298496 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 28160 bytes] 07/16/2003 16:47
C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 94208 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 148480 bytes]08/04/2004 03:56
C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) / Size = 174360 bytes] 05/26/2005 04:16
C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation [Ver = 5.1.2403.1 / Size = 629248 bytes] 07/16/2003 16:32
C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 167936 bytes] 07/16/2003 16:37
C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 166400 bytes] 07/16/2003 16:47
AllUsers Startup Folder
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [Ver = / Size = 1757 bytes] 09/03/2005 16:16
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini [Ver = / Size = 84 bytes] 07/22/2005 22:48 HS
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter with SpeedBooster Utility.lnk [Ver = / Size = 1046 bytes] 07/23/2005 00:04
AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini [Ver = / Size = 62 bytes] 07/22/2005 18:33 HS
CurrentUser Startup Folder
C:\Documents and Settings\Garrett Keating\Start Menu\Programs\Startup\Adobe Gamma.lnk [Ver = / Size = 988 bytes] 09/09/2005 22:23
C:\Documents and Settings\Garrett Keating\Start Menu\Programs\Startup\desktop.ini [Ver = / Size = 84 bytes] 07/22/2005 22:48 HS
C:\Documents and Settings\Garrett Keating\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [Ver = / Size = 1685 bytes] 07/10/2006 12:31
CurrentUser ApplicationData Folder
C:\Documents and Settings\Garrett Keating\Application Data\AdobeDLM.log [Ver = / Size = 871 bytes] 09/03/2005 16:12
C:\Documents and Settings\Garrett Keating\Application Data\desktop.ini [Ver = / Size = 62 bytes] 07/22/2005 18:33 HS
C:\Documents and Settings\Garrett Keating\Application Data\dm.ini [Ver = / Size = 0 bytes] 09/03/2005 16:12
C:\Documents and Settings\Garrett Keating\Application Data\PFP120JCM.{PB [Ver = / Size = 12358 bytes] 08/11/2005 09:55
C:\Documents and Settings\Garrett Keating\Application Data\PFP120JPR.{PB [Ver = / Size = 61678 bytes] 08/11/2005 09:55
DPF files
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} QuickTime Object - CodeBase = http://www.apple.com...ex/qtplugin.cab
{166B1BCA-3F9C-11CF-8075-444553540000} Shockwave ActiveX Control - CodeBase = http://download.macr...director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204
{29D73455-3ADA-49BB-9067-44822F6728F5} - CodeBase = http://www.joga.com/.../uploadactx.cab
{3334504D-9980-0010-8000-00AA00389B71} - CodeBase = http://download.micr...C4D/mp43dmo.CAB
{5F8469B4-B055-49DD-83F7-62B522420ECC} Facebook Photo Uploader Control - CodeBase = http://upload.facebo...otoUploader.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} MUWebControl Class - CodeBase = http://update.micros...b?1128013305187
{8AD9C840-044E-11D1-B3E9-00805F499D93} Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/...indows-i586.cab
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/...indows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} Shockwave Flash Object - CodeBase = http://fpdownload.ma...ash/swflash.cab
Hosts file = 734 bytes. Reading all entries.
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost




Scanning Report
Monday, July 10, 2006 21:28:35 - 23:21:06

Computer name: GARRETT
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 6 malware found
Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System
* System

WebHancer (spyware)

* System (Disinfected)

Statistics
Scanned:

* Files: 31175
* System: 4233
* Not scanned: 4

Actions:

* Disinfected: 2
* Renamed: 0
* Deleted: 0
* None: 4
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{E38D93EE-988E-423A-B43B-175F29B8692B}.BIN
* C:\DOCUMENTS AND SETTINGS\GARRETT KEATING\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\7LGLHM81\FRONT[3].ASP

Options
Scanning engines:

* F-Secure AVP: 6.0.171, 2006-07-10
* F-Secure Libra: 2.4.1, 2006-07-08
* F-Secure Orion: 1.2.37, 2006-07-10
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Pegasus: 1.19.0, 2006-06-04
* F-Secure Draco: 1.0.35, 0259-24-212

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics
  • 0

#4
Wizard
Posted 11 July 2006 - 04:00 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,not seeing much in those logs,lets take a closer look.


Download ComboFix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.

Post the contents of combofix.txt into the next reply.
  • 0

#5
kellio
Posted 02 August 2006 - 11:35 PM

kellio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Start Time= Thu 08/03/2006 1:24:48.89
Running from: C:\Documents and Settings\Garrett Keating\Desktop

QuickScan did not find any signs of infected files

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

1:15:52.59

* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-05-09 22:36:46 6,656 "C:\WINDOWS\system32\WdfMgr.exe"
2006-07-13 15:13:22 1,163,264 "C:\WINDOWS\system32\fhsxc.exe"
2006-07-13 15:56:50 143,360 "C:\WINDOWS\system32\mptft.exe"
2006-05-09 22:26:34 219,648 "C:\WINDOWS\system32\CEWMDM.dll"
2006-05-19 08:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll"
2006-05-10 01:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 01:23:00 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-05-09 22:26:32 9,728 "C:\WINDOWS\system32\LAPRXY.dll"
2006-05-09 21:00:08 382,976 "C:\WINDOWS\system32\MFPLAT.dll"
2006-05-19 11:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll"
2006-05-09 22:26:34 165,376 "C:\WINDOWS\system32\MsPMSP.dll"
2006-05-10 01:23:02 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-05-09 22:26:34 306,688 "C:\WINDOWS\system32\MSWMDM.dll"
2006-05-10 01:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll"
2006-05-09 22:26:34 4,096 "C:\WINDOWS\system32\wdfApi.dll"
2006-05-09 22:26:34 36,864 "C:\WINDOWS\system32\WMDMPS.dll"
2006-05-09 22:26:34 237,056 "C:\WINDOWS\system32\wmpasf.dll"
2006-05-09 22:26:34 301,056 "C:\WINDOWS\system32\wmpdxm.dll"
2006-05-09 22:26:34 7,706,112 "C:\WINDOWS\system32\wmploc.dll"
2006-05-09 21:00:22 546,816 "C:\WINDOWS\system32\wmpmde.dll"
2006-05-09 20:58:40 144,896 "C:\WINDOWS\system32\wpdmtp.dll"
2006-05-09 20:58:50 670,208 "C:\WINDOWS\system32\wpd_ci.dll"
2006-07-13 15:13:08 36,864 "C:\WINDOWS\system32\ahnciup.exe"
2006-06-19 16:19:26 304,944 "C:\WINDOWS\system32\WgaTray.exe"
2006-05-10 01:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 01:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 01:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 01:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 14:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 14:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 01:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-05-10 01:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll"
2006-05-09 20:45:20 304,640 "C:\WINDOWS\system32\MSDelta.dll"
2006-05-10 01:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-05-14 04:44:08 181,248 "C:\WINDOWS\system32\rasmans.dll"
2006-05-29 11:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-10 01:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-05-10 01:23:04 658,432 "C:\WINDOWS\system32\wininet.dll"
2006-05-09 22:26:34 705,024 "C:\WINDOWS\system32\WMADMOD.dll"
2006-05-09 22:26:34 1,063,424 "C:\WINDOWS\system32\WMADMOE.dll"
2006-05-09 22:26:34 31,744 "C:\WINDOWS\system32\WMDMLOG.dll"
2006-05-09 22:26:32 218,112 "C:\WINDOWS\system32\wmerror.dll"
2006-05-09 22:26:34 4,096 "C:\WINDOWS\system32\wmsdmod.dll"
2006-05-09 22:26:34 4,096 "C:\WINDOWS\system32\WMVADVD.dll"
2006-05-09 22:26:34 4,096 "C:\WINDOWS\system32\WMVADVE.DLL"
2006-05-09 22:22:32 2,463,744 "C:\WINDOWS\system32\wmvcore.dll"
2006-05-09 22:26:34 4,096 "C:\WINDOWS\system32\wmvdmod.dll"
2006-05-10 01:23:00 1,054,208 "C:\WINDOWS\system32\danim.dll"
2006-05-09 20:57:06 11,264 "C:\WINDOWS\system32\ehETW.dll"
2006-05-09 20:59:20 417,280 "C:\WINDOWS\system32\MSSCP.dll"
2006-05-09 22:26:34 221,696 "C:\WINDOWS\system32\wmasf.dll"
2006-05-09 22:26:34 155,136 "C:\WINDOWS\system32\wmidx.dll"
2006-05-09 22:26:34 135,680 "C:\WINDOWS\system32\wmpps.dll"
2006-05-09 20:58:46 343,552 "C:\WINDOWS\system32\WPDSp.dll"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *




DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-07-13 15:13:08 36,864 "C:\WINDOWS\system32\ahnciup.exe"
2006-06-19 16:19:26 304,944 "C:\WINDOWS\system32\WgaTray.exe"
2006-05-09 22:36:46 6,656 "C:\WINDOWS\system32\WdfMgr.exe"
2006-07-13 15:13:22 1,163,264 "C:\WINDOWS\system32\fhsxc.exe"
2006-07-13 15:56:50 143,360 "C:\WINDOWS\system32\mptft.exe"
2006-05-10 01:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 01:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 01:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 01:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 14:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 14:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 01:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-05-10 01:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll"
2006-05-09 20:45:20 304,640 "C:\WINDOWS\system32\MSDelta.dll"
2006-05-10 01:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-05-14 04:44:08 181,248 "C:\WINDOWS\system32\rasmans.dll"
2006-05-29 11:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-10 01:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-05-10 01:23:04 658,432 "C:\WINDOWS\system32\wininet.dll"
2006-05-09 22:26:34 705,024 "C:\WINDOWS\system32\WMADMOD.dll"
2006-05-09 22:26:34 1,063,424 "C:\WINDOWS\system32\WMADMOE.dll"
2006-05-09 22:26:34 31,744 "C:\WINDOWS\system32\WMDMLOG.dll"
2006-05-09 22:26:32 218,112 "C:\WINDOWS\system32\wmerror.dll"
2006-05-09 22:26:34 4,096 "C:\WINDOWS\system32\wmsdmod.dll"
2006-05-09 22:26:34 4,096 "C:\WINDOWS\system32\WMVADVD.dll"
2006-05-09 22:26:34 4,096 "C:\WINDOWS\system32\WMVADVE.DLL"
2006-05-09 22:22:32 2,463,744 "C:\WINDOWS\system32\wmvcore.dll"
2006-05-09 22:26:34 4,096 "C:\WINDOWS\system32\wmvdmod.dll"
2006-05-09 22:26:34 219,648 "C:\WINDOWS\system32\CEWMDM.dll"
2006-05-19 08:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll"
2006-05-10 01:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 01:23:00 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-05-09 22:26:32 9,728 "C:\WINDOWS\system32\LAPRXY.dll"
2006-05-09 21:00:08 382,976 "C:\WINDOWS\system32\MFPLAT.dll"
2006-05-19 11:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll"
2006-05-09 22:26:34 165,376 "C:\WINDOWS\system32\MsPMSP.dll"
2006-05-10 01:23:02 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-05-09 22:26:34 306,688 "C:\WINDOWS\system32\MSWMDM.dll"
2006-05-10 01:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll"
2006-05-09 22:26:34 4,096 "C:\WINDOWS\system32\wdfApi.dll"
2006-05-09 22:26:34 36,864 "C:\WINDOWS\system32\WMDMPS.dll"
2006-05-09 22:26:34 237,056 "C:\WINDOWS\system32\wmpasf.dll"
2006-05-09 22:26:34 301,056 "C:\WINDOWS\system32\wmpdxm.dll"
2006-05-09 22:26:34 7,706,112 "C:\WINDOWS\system32\wmploc.dll"
2006-05-09 21:00:22 546,816 "C:\WINDOWS\system32\wmpmde.dll"
2006-05-09 20:58:40 144,896 "C:\WINDOWS\system32\wpdmtp.dll"
2006-05-09 20:58:50 670,208 "C:\WINDOWS\system32\wpd_ci.dll"
2006-05-10 01:23:00 1,054,208 "C:\WINDOWS\system32\danim.dll"
2006-05-09 20:57:06 11,264 "C:\WINDOWS\system32\ehETW.dll"
2006-05-09 20:59:20 417,280 "C:\WINDOWS\system32\MSSCP.dll"
2006-05-09 22:26:34 221,696 "C:\WINDOWS\system32\wmasf.dll"
2006-05-09 22:26:34 155,136 "C:\WINDOWS\system32\wmidx.dll"
2006-05-09 22:26:34 135,680 "C:\WINDOWS\system32\wmpps.dll"
2006-05-09 20:58:46 343,552 "C:\WINDOWS\system32\WPDSp.dll"


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-31 18:27:42 ( .D... ) "C:\Program Files\ipwins"
2006-07-31 18:27:38 ( .D... ) "C:\Program Files\InetGet2"
2006-07-31 18:26:26 32768 ( A.... ) "C:\WINDOWS\unstall.exe"
2006-07-31 18:26:20 53120 ( A.... ) "C:\WINDOWS\optimize.exe"
2006-07-31 18:26:12 57344 ( A.... ) "C:\WINDOWS\kiuj0v.exe"
2006-07-31 18:26:04 42944 ( A.... ) "C:\WINDOWS\pop06ap2.exe"
2006-07-31 18:25:42 139264 ( A.... ) "C:\WINDOWS\MirarSetup_876075.exe"
2006-07-31 18:25:36 290816 ( A.... ) "C:\WINDOWS\installer_252.exe"
2006-07-31 18:25:26 226536 ( A.... ) "C:\WINDOWS\whCC-GIANT.exe"
2006-07-31 18:25:16 ( .D... ) "C:\Program Files\ToolBar888"
2006-07-31 18:25:12 ( .D... ) "C:\Program Files\Common Files\{709A8012-0BF0-1033-0730-040129040001}"
2006-07-31 18:24:58 ( .D... ) "C:\Program Files\Cowabanga"
2006-07-13 15:56:50 143360 ( A.... ) "C:\WINDOWS\system32\mptft.exe"
2006-07-13 15:13:22 1163264 ( A.... ) "C:\WINDOWS\system32\fhsxc.exe"
2006-07-13 15:13:08 36864 ( A.... ) "C:\WINDOWS\system32\ahnciup.exe"
2006-07-11 10:24:26 ( .D... ) "C:\Program Files\Common Files\Stardock"
2006-07-10 23:51:40 ( .D... ) "C:\Program Files\Common Files\Merge Modules"
2006-07-10 23:51:32 ( .D... ) "C:\Program Files\Microsoft Visual Studio .NET 2003"
2006-07-10 23:48:02 ( .D... ) "C:\Program Files\Atomix Virtual DJ"
2006-07-10 23:46:58 ( .D... ) "C:\Program Files\XviD"
2006-07-10 23:45:36 ( .D... ) "C:\Program Files\whInstall"
2006-07-10 12:10:22 ( .D... ) "C:\Program Files\K-Lite Codec Pack"
2006-07-08 04:26:04 ( .D... ) "C:\Program Files\Common Files\Stardock(2)"
2006-07-08 03:34:00 ( .D... ) "C:\Program Files\Stardock"
2006-06-30 12:57:14 ( .D... ) "C:\Program Files\MediaMonkey"
2006-06-23 02:28:16 ( .D... ) "C:\Program Files\WinAVI VideoConverter"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-05-19 08:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 08:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 08:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-05-11 11:50:22 461 ( A.... ) "C:\Program Files\INSTALL.LOG"
2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\WdfMgr.exe"
2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\uWDF.exe"
2006-05-09 22:26:34 7706112 ( A.... ) "C:\WINDOWS\system32\wmploc.dll"
2006-05-09 22:26:34 1641472 ( A.... ) "C:\WINDOWS\system32\wmpencen.dll"
2006-05-09 22:26:34 1280000 ( A.... ) "C:\WINDOWS\system32\WMSPDMOE.dll"
2006-05-09 22:26:34 1063424 ( A.... ) "C:\WINDOWS\system32\WMADMOE.dll"
2006-05-09 22:26:34 992256 ( A.... ) "C:\WINDOWS\system32\WMNetMgr.dll"
2006-05-09 22:26:34 705024 ( A.... ) "C:\WINDOWS\system32\WMADMOD.dll"
2006-05-09 22:26:34 564736 ( A.... ) "C:\WINDOWS\system32\WMSPDMOD.dll"
2006-05-09 22:26:34 433152 ( ..... ) "C:\WINDOWS\system32\wmpeffects.dll"
2006-05-09 22:26:34 417280 ( A.... ) "C:\WINDOWS\system32\wmdrmdev.dll"
2006-05-09 22:26:34 337408 ( A.... ) "C:\WINDOWS\system32\wmdrmnet.dll"
2006-05-09 22:26:34 306688 ( A.... ) "C:\WINDOWS\system32\MSWMDM.dll"
2006-05-09 22:26:34 301056 ( A.... ) "C:\WINDOWS\system32\wmpdxm.dll"
2006-05-09 22:26:34 267776 ( A.... ) "C:\WINDOWS\system32\Audiodev.dll"
2006-05-09 22:26:34 237056 ( A.... ) "C:\WINDOWS\system32\wmpasf.dll"
2006-05-09 22:26:34 221696 ( A.... ) "C:\WINDOWS\system32\wmasf.dll"
2006-05-09 22:26:34 219648 ( A.... ) "C:\WINDOWS\system32\CEWMDM.dll"
2006-05-09 22:26:34 212480 ( A.... ) "C:\WINDOWS\system32\msnetobj.dll"
2006-05-09 22:26:34 203776 ( A.... ) "C:\WINDOWS\system32\wmpsrcwp.dll"
2006-05-09 22:26:34 201728 ( A.... ) "C:\WINDOWS\system32\qasf.dll"
2006-05-09 22:26:34 165376 ( A.... ) "C:\WINDOWS\system32\MsPMSP.dll"
2006-05-09 22:26:34 155136 ( A.... ) "C:\WINDOWS\system32\wmidx.dll"
2006-05-09 22:26:34 135680 ( ..... ) "C:\WINDOWS\system32\wmpps.dll"
2006-05-09 22:26:34 97792 ( A.... ) "C:\WINDOWS\system32\wmpshell.dll"
2006-05-09 22:26:34 36864 ( A.... ) "C:\WINDOWS\system32\WMDMPS.dll"
2006-05-09 22:26:34 31744 ( A.... ) "C:\WINDOWS\system32\WMDMLOG.dll"
2006-05-09 22:26:34 26112 ( A.... ) "C:\WINDOWS\system32\MsPMSNSv.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmoe2.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmod.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVE.DLL"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVD.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmoe2.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmod.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wdfApi.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MPG4DMOD.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MP43DMOD.dll"
2006-05-09 22:26:34 4096 ( ..... ) "C:\WINDOWS\system32\MP4SDMOD.dll"
2006-05-09 22:26:32 218112 ( A.... ) "C:\WINDOWS\system32\wmerror.dll"
2006-05-09 22:26:32 9728 ( A.... ) "C:\WINDOWS\system32\LAPRXY.dll"
2006-05-09 22:26:32 7168 ( A.... ) "C:\WINDOWS\system32\asferror.dll"
2006-05-09 22:22:32 2463744 ( A.... ) "C:\WINDOWS\system32\wmvcore.dll"
2006-05-09 21:02:02 84480 ( A.... ) "C:\WINDOWS\system32\logagent.exe"
2006-05-09 21:01:06 1463808 ( ..... ) "C:\WINDOWS\system32\WMVDECOD.dll"
2006-05-09 21:01:06 1359360 ( ..... ) "C:\WINDOWS\system32\WMVSDECD.dll"
2006-05-09 21:00:58 1455616 ( ..... ) "C:\WINDOWS\system32\WMVENCOD.dll"
2006-05-09 21:00:58 770560 ( ..... ) "C:\WINDOWS\system32\WMVSENCD.dll"
2006-05-09 21:00:58 299520 ( ..... ) "C:\WINDOWS\system32\MP4SDECD.dll"
2006-05-09 21:00:58 241152 ( ..... ) "C:\WINDOWS\system32\MPG4DECD.dll"
2006-05-09 21:00:56 636928 ( ..... ) "C:\WINDOWS\system32\WMVXENCD.dll"
2006-05-09 21:00:56 241152 ( ..... ) "C:\WINDOWS\system32\MP43DECD.dll"
2006-05-09 21:00:22 546816 ( ..... ) "C:\WINDOWS\system32\wmpmde.dll"
2006-05-09 21:00:08 382976 ( ..... ) "C:\WINDOWS\system32\MFPLAT.dll"
2006-05-09 21:00:02 1350656 ( A.... ) "C:\WINDOWS\system32\drmv2clt.dll"
2006-05-09 20:59:34 513536 ( ..... ) "C:\WINDOWS\system32\wmdrmsdk.dll"
2006-05-09 20:59:20 417280 ( A.... ) "C:\WINDOWS\system32\MSSCP.dll"
2006-05-09 20:59:18 229376 ( ..... ) "C:\WINDOWS\system32\drmupgds.exe"
2006-05-09 20:59:14 585216 ( A.... ) "C:\WINDOWS\system32\blackbox.dll"
2006-05-09 20:58:54 3745280 ( ..... ) "C:\WINDOWS\system32\WpdShext.dll"
2006-05-09 20:58:54 52224 ( ..... ) "C:\WINDOWS\system32\WPDShServiceObj.dll"
2006-05-09 20:58:54 13824 ( ..... ) "C:\WINDOWS\system32\wpdshextautoplay.exe"
2006-05-09 20:58:50 670208 ( A.... ) "C:\WINDOWS\system32\wpd_ci.dll"
2006-05-09 20:58:50 103424 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWiaCompat.dll"
2006-05-09 20:58:48 345600 ( ..... ) "C:\WINDOWS\system32\PortableDeviceApi.dll"
2006-05-09 20:58:48 188928 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWMDRM.dll"
2006-05-09 20:58:48 101376 ( ..... ) "C:\WINDOWS\system32\PortableDeviceClassExtension.dll"
2006-05-09 20:58:46 343552 ( A.... ) "C:\WINDOWS\system32\WPDSp.dll"
2006-05-09 20:58:40 144896 ( A.... ) "C:\WINDOWS\system32\wpdmtp.dll"
2006-05-09 20:58:40 55808 ( A.... ) "C:\WINDOWS\system32\wpdmtpus.dll"
2006-05-09 20:58:40 35840 ( A.... ) "C:\WINDOWS\system32\wpdconns.dll"
2006-05-09 20:58:38 168960 ( ..... ) "C:\WINDOWS\system32\PortableDeviceTypes.dll"
2006-05-09 20:58:38 13312 ( A.... ) "C:\WINDOWS\system32\wpdtrace.dll"
2006-05-09 20:57:06 11264 ( ..... ) "C:\WINDOWS\system32\ehETW.dll"
2006-05-09 20:45:20 304640 ( ..... ) "C:\WINDOWS\system32\MSDelta.dll"
2006-05-09 20:00:48 22752 ( A.... ) "C:\WINDOWS\system32\spupdsvc.exe"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-31 18:26 57,344 C:\WINDOWS\kiuj0v.exe
2006-07-31 18:26 53,120 C:\WINDOWS\optimize.exe
2006-07-31 18:26 42,944 C:\WINDOWS\pop06ap2.exe
2006-07-31 18:26 36,864 C:\WINDOWS\system32\ahnciup.exe
2006-07-31 18:26 32,768 C:\WINDOWS\unstall.exe
2006-07-31 18:26 143,360 C:\WINDOWS\system32\mptft.exe
2006-07-31 18:26 1,163,264 C:\WINDOWS\system32\fhsxc.exe
2006-07-31 18:25 290,816 C:\WINDOWS\installer_252.exe
2006-07-31 18:25 139,264 C:\WINDOWS\MirarSetup_876075.exe
2006-07-11 00:12 36,864 C:\WINDOWS\system32\wbsys.dll
2006-07-11 00:12 20,480 C:\WINDOWS\system32\wbload.dll
2006-07-08 03:22 155,648 C:\WINDOWS\system32\mscoree.dll
2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmaTel StacMon"="C:\\Program Files\\SigmaTel\\SigmaTel AC97 Audio Drivers\\stacmon.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet"
"BDMCon"="c:\\PROGRA~1\\softwin\\BITDEF~1\\bdmcon.exe"
"BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
"BDNewsAgent"="\"C:\\PROGRA~1\\softwin\\BITDEF~1\\bdnagent.exe\""
"BDSwitchAgent"="\"C:\\PROGRA~1\\softwin\\BITDEF~1\\bdswitch.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IpWins"="C:\\Program Files\\ipwins\\ipwins.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CursorXP"="C:\\Program Files\\CursorXP\\CursorXP.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{709A8012-0BF0-1033-0730-040129040001}"="\"C:\\Program Files\\Common Files\\{709A8012-0BF0-1033-0730-040129040001}\\Update.exe\" mc-110-12-0000103"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e6,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""




Contents of the 'Scheduled Tasks' folder

Completion time: Thu 08/03/2006 1:27:16.04
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-03.012448.txt
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP