Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible virus/spyware.

Started by lostsoul77 , Dec 10 2006 12:48 AM

  • This topic is locked This topic is locked

#1
lostsoul77
Posted 10 December 2006 - 12:48 AM

lostsoul77

    Member

  • Member
  • PipPip
  • 43 posts
I have windows xp home sp2,internet explorer 7 running on my computer.Iexplore.exe is running twice even when i'm not using it.I try to end the process but it keeps coming back as internetremotedart.exe or mp3hel~1.exe or intern~1.exe then iexplore.exe.I've ran avg anti-spyware,windows defender,spyware doctor,v-cleaner,panda online scanner,trendmicro online,avg anti-virus,findlop,and combofix.Trendmicro found somthing called d:/PROGRA~1/INTERN~1/H@@TKEY.EXE on my computer,but i could'nt fin the file to delete it.Just in case here are some of the scan logs.
Activescan:
Incident Status Location

Adware:adware/savenow Not disinfected d:\windows\system32\ap2nqrd4.dat
Adware:adware/sahagent Not disinfected d:\windows\system32\bqrufs5f.dat
Potentially unwanted tool:application/funweb Not disinfected d:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Adware:adware/gator Not disinfected d:\windows\GatorPdpLoudInstaller.log
Spyware:spyware/media-motor Not disinfected d:\windows\ubber60.ini
Adware:adware/whenusearch Not disinfected D:\Documents and Settings\joe\Start Menu\Programs\WhenU
Adware:adware/look2me Not disinfected Windows Registry
Adware:adware/isearch Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/novo Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/lop Not disinfected Windows Registry
Adware:adware/mediatickets Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Hacktool:Hacktool/Shutdown.L Not disinfected C:\windows\system32\dllcache\win32\psshutdown.exe
Potentially unwanted tool:Application/Processor Not disinfected D:\Documents and Settings\All Users\Desktop\nailfix\Process.exe
Spyware:Cookie/BurstNet Not disinfected D:\Documents and Settings\joe\Application Data\Mozilla\Firefox\Profiles\vcptte8q.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Searchportal Not disinfected D:\Documents and Settings\joe\Application Data\Mozilla\Firefox\Profiles\vcptte8q.default\cookies.txt[.searchportal.information.com/]
Spyware:Cookie/2o7 Not disinfected D:\Documents and Settings\joe\Cookies\joe@2o7[2].txt
Spyware:Cookie/Adrevolver Not disinfected D:\Documents and Settings\joe\Cookies\joe@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][2].txt
Spyware:Cookie/adultfriendfinder Not disinfected D:\Documents and Settings\joe\Cookies\joe@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected D:\Documents and Settings\joe\Cookies\joe@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected D:\Documents and Settings\joe\Cookies\joe@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][2].txt
Spyware:Cookie/Falkag Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected D:\Documents and Settings\joe\Cookies\joe@atdmt[2].txt
Spyware:Cookie/bravenetA Not disinfected D:\Documents and Settings\joe\Cookies\joe@bravenet[2].txt
Spyware:Cookie/BurstNet Not disinfected D:\Documents and Settings\joe\Cookies\joe@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected D:\Documents and Settings\joe\Cookies\joe@casalemedia[1].txt
Spyware:Cookie/Bridgetrack Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected D:\Documents and Settings\joe\Cookies\joe@com[1].txt
Spyware:Cookie/360i Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected D:\Documents and Settings\joe\Cookies\joe@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][2].txt
Spyware:Cookie/FastClick Not disinfected D:\Documents and Settings\joe\Cookies\joe@fastclick[2].txt
Spyware:Cookie/Go Not disinfected D:\Documents and Settings\joe\Cookies\joe@go[2].txt
Spyware:Cookie/Hitbox Not disinfected D:\Documents and Settings\joe\Cookies\joe@hitbox[2].txt
Spyware:Cookie/Maxserving Not disinfected D:\Documents and Settings\joe\Cookies\joe@maxserving[2].txt
Spyware:Cookie/Adrevolver Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected D:\Documents and Settings\joe\Cookies\joe@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected D:\Documents and Settings\joe\Cookies\joe@overture[2].txt
Spyware:Cookie/Overture Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][1].txt
Spyware:Cookie/QkSrv Not disinfected D:\Documents and Settings\joe\Cookies\joe@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected D:\Documents and Settings\joe\Cookies\joe@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected D:\Documents and Settings\joe\Cookies\joe@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected D:\Documents and Settings\joe\Cookies\joe@revenue[1].txt
Spyware:Cookie/Searchportal Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected D:\Documents and Settings\joe\Cookies\joe@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected D:\Documents and Settings\joe\Cookies\joe@statcounter[2].txt
Spyware:Cookie/Reliablestats Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][1].txt
Spyware:Cookie/Toplist Not disinfected D:\Documents and Settings\joe\Cookies\joe@toplist[1].txt
Spyware:Cookie/Tradedoubler Not disinfected D:\Documents and Settings\joe\Cookies\joe@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected D:\Documents and Settings\joe\Cookies\joe@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected D:\Documents and Settings\joe\Cookies\joe@tribalfusion[1].txt
Spyware:Cookie/Lop Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][2].txt
Spyware:Cookie/Systemdoctor Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][1].txt
Spyware:Cookie/Seeq Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected D:\Documents and Settings\joe\Cookies\[email protected][1].txt
Spyware:Cookie/Yadro Not disinfected D:\Documents and Settings\joe\Cookies\joe@yadro[1].txt
Spyware:Cookie/Zedo Not disinfected D:\Documents and Settings\joe\Cookies\joe@zedo[2].txt
Potentially unwanted tool:Application/Processor Not disinfected D:\Documents and Settings\joe\My Documents\antivirus\antispy\AntiPuper.exe[²PÇ]
Adware:Adware/Trymedia Not disinfected D:\Documents and Settings\joe\My Documents\games\moisdne-dm.exe
Spyware:Cookie/888 Not disinfected D:\Documents and Settings\LocalService\Cookies\system@888[1].txt
Spyware:Cookie/888 Not disinfected D:\Documents and Settings\LocalService\Cookies\system@888[2].txt
Spyware:Cookie/Belnk Not disinfected D:\Documents and Settings\LocalService\Cookies\system@belnk[1].txt
Spyware:Cookie/Enhance Not disinfected D:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
Spyware:Cookie/Cassava Not disinfected D:\Documents and Settings\LocalService\Cookies\system@cassava[1].txt
Spyware:Cookie/Belnk Not disinfected D:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
Adware:Adware/SaveNow Not disinfected D:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome\whenu_ff.jar[content/overlay.js]
Adware:Adware/SaveNow Not disinfected D:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll
Adware:Adware/SAHAgent Not disinfected D:\WINDOWS\Downloaded Program Files\setup4002b.ini
Potentially unwanted tool:Application/RealSpy Not disinfected D:\WINDOWS\system32\actskn45.ocx
Spyware:Cookie/888 Not disinfected D:\WINDOWS\Temp\Cookies\joe@888[1].txt
Spyware:Cookie/Hbmediapro Not disinfected D:\WINDOWS\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected D:\WINDOWS\Temp\Cookies\joe@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Temp\Cookies\joe@belnk[2].txt
Spyware:Cookie/DelfinMedia Not disinfected D:\WINDOWS\Temp\Cookies\joe@delfinproject[1].txt
Spyware:Cookie/Belnk Not disinfected D:\WINDOWS\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected D:\WINDOWS\Temp\Cookies\joe@go[1].txt
Spyware:Cookie/Screensavers Not disinfected D:\WINDOWS\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/VirtualBouncer Not disinfected D:\WINDOWS\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Searchportal Not disinfected D:\WINDOWS\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Reliablestats Not disinfected D:\WINDOWS\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/WinFixer Not disinfected D:\WINDOWS\Temp\Cookies\joe@winfixer[2].txt
Adware:Adware/SaveNow Not disinfected D:\WINDOWS\Temp\TMP0000027D523F110F23AD067C
joe - 06-12-08 13:32:29.95 Service Pack 2
ComboFix 06.12.01W - Running from: "D:\Documents and Settings\joe\My Documents\antivirus"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{37c1e73f-4d4e-4fc9-8dd6-62bfbbbbf37a}]Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{8e01da4f-a085-43f7-9b3e-0171a9eddf53}]
@=""

[HKEY_CLASSES_ROOT\clsid\{8e01da4f-a085-43f7-9b3e-0171a9eddf53}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{8e01da4f-a085-43f7-9b3e-0171a9eddf53}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{8e01da4f-a085-43f7-9b3e-0171a9eddf53}\InprocServer32]
@="D:\\WINDOWS\\system32\\mwexch40.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{0d40182e-9981-4feb-86d7-60095d65e237}]
@=""

[HKEY_CLASSES_ROOT\clsid\{0d40182e-9981-4feb-86d7-60095d65e237}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{0d40182e-9981-4feb-86d7-60095d65e237}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{0d40182e-9981-4feb-86d7-60095d65e237}\InprocServer32]
@="D:\\WINDOWS\\system32\\dId8thk.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *




(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\Documents and Settings\joe\Desktop\Internet Explorer.lnk
D:\WINDOWS\system32\aamd532.dll
D:\WINDOWS\system32\vbzip11.dll

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

D:\qoobox\purity\WINDOWS\system32\ICROSO~1.NET
D:\qoobox\purity\WINDOWS\system32\STEM32~1
D:\qoobox\purity\WINDOWS\system32\STEM~1


((((((((((((((((((((((((((((((( Files Created from 2006-11-08 to 2006-12-08 ))))))))))))))))))))))))))))))))))


2006-12-08 13:46 <DIR> d-------- D:\WINDOWS\erdnt
2006-12-07 15:54 3,968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-06 04:14 <DIR> d-------- D:\Documents and Settings\joe\Application Data\BitTorrent
2006-12-06 02:48 <DIR> d-------- D:\WINDOWS\SxsCaPendDel
2006-12-05 03:07 <DIR> dr-h----- D:\Documents and Settings\joe\Recent
2006-12-04 19:07 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Upload 64 active style
2006-12-04 19:06 <DIR> d-------- D:\Program Files\part inside license
2006-12-04 19:06 <DIR> d-------- D:\Documents and Settings\joe\Application Data\part inside license
2006-12-04 19:06 <DIR> d-------- D:\Documents and Settings\joe\Application Data\BitRoll
2006-12-04 19:02 <DIR> d-------- D:\Documents and Settings\joe\Application Data\ESTsoft
2006-12-04 19:01 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ESTsoft
2006-12-04 19:00 <DIR> d-------- D:\Program Files\ESTsoft
2006-12-04 18:45 <DIR> d-------- D:\Documents and Settings\joe\Application Data\UseNeXT
2006-12-03 01:06 <DIR> d-------- D:\Program Files\3DGroove
2006-11-28 12:00 <DIR> d-------- D:\Documents and Settings\joe\Application Data\funkitron
2006-11-27 21:34 <DIR> d-------- D:\Program Files\Encore
2006-11-27 19:33 <DIR> d-------- D:\Documents and Settings\joe\Application Data\EA
2006-11-27 19:33 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\EA
2006-11-27 17:44 389,120 --a------ D:\WINDOWS\system32\Adventure Inlay.scr
2006-11-27 16:16 <DIR> d-------- D:\Program Files\SolSuite
2006-11-27 01:01 <DIR> d-------- D:\Program Files\GameHouse
2006-11-25 22:26 <DIR> d-------- D:\Program Files\DivX
2006-11-20 14:41 <DIR> d-------- D:\WINDOWS\vbSkinner
2006-11-20 04:34 <DIR> d-------- D:\torrents
2006-11-20 04:01 <DIR> d-------- D:\Program Files\uTorrent
2006-11-20 03:59 <DIR> d-------- D:\Program Files\Project64 1.6
2006-11-19 03:12 <DIR> d-------- D:\b0dd943a41fa55085f
2006-11-17 13:18 86,016 --a------ D:\WINDOWS\unvise32.exe
2006-11-17 06:45 <DIR> d-------- D:\Documents and Settings\joe\Application Data\LimeWire
2006-11-17 06:36 <DIR> d-------- D:\Program Files\LimeWire
2006-11-17 03:44 <DIR> d-------- D:\Documents and Settings\joe\Application Data\AdobeAUM
2006-11-13 22:15 <DIR> d-------- D:\Program Files\Microsoft Games
2006-11-12 16:33 <DIR> d-------- D:\Documents and Settings\joe\Application Data\SoundSpectrum
2006-11-12 16:27 <DIR> d-------- D:\Documents and Settings\joe\WhiteCap
2006-11-12 16:25 <DIR> d-------- D:\Program Files\SoundSpectrum
2006-11-12 15:19 <DIR> d-------- D:\Program Files\Windows Media Connect 2
2006-11-12 15:17 <DIR> d-------- D:\WINDOWS\system32\LogFiles
2006-11-12 15:17 <DIR> d-------- D:\WINDOWS\system32\drivers\UMDF
2006-11-12 13:19 <DIR> d-------- D:\Shortcuts
2006-11-12 13:19 <DIR> d-------- D:\Program Files\Duke Nukem - Manhattan Project
2006-11-08 06:42 <DIR> d-------- D:\Program Files\RamBooster 2.0


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-07 19:26 -------- d-------- D:\Program Files\Yahoo!
2006-12-07 15:54 -------- d-------- D:\Program Files\Grisoft
2006-12-06 18:02 -------- d-------- D:\Documents and Settings\joe\Application Data\uTorrent
2006-12-06 03:52 -------- d-------- D:\Program Files\WildTangent
2006-12-05 22:47 -------- d-------- D:\Documents and Settings\joe\Application Data\Lavasoft
2006-12-05 20:09 -------- d-------- D:\Program Files\QuickTime
2006-12-05 19:49 -------- d-------- D:\Program Files\Internet Explorer
2006-12-04 07:57 3448 --a------ D:\Documents and Settings\joe\Application Data\QuickZip45.ini
2006-12-03 21:17 -------- d-------- D:\Program Files\Ricochet Lost Worlds Recharged
2006-11-27 21:34 -------- d--h----- D:\Program Files\InstallShield Installation Information
2006-11-27 13:07 -------- d-------- D:\Documents and Settings\joe\Application Data\AVG7
2006-11-27 01:16 737280 --a------ D:\WINDOWS\iun6002.exe
2006-11-26 00:03 -------- d-------- D:\Program Files\QuickZip4
2006-11-18 16:47 -------- d-------- D:\Program Files\Common Files\Adobe
2006-11-17 06:41 -------- d-------- D:\Program Files\Java
2006-11-17 06:33 -------- d-------- D:\Program Files\BearShare
2006-11-17 03:46 -------- d-------- D:\Documents and Settings\joe\Application Data\Adobe
2006-11-12 15:19 -------- d-------- D:\Program Files\Windows Media Player
2006-11-09 05:02 -------- d-------- D:\Documents and Settings\joe\Application Data\AdobeUM
2006-11-09 03:01 -------- d-------- D:\Program Files\Common Files\Gibinsoft Shared
2006-11-06 03:04 -------- d-------- D:\Program Files\InterVideo
2006-11-04 14:24 -------- d---s---- D:\Documents and Settings\joe\Application Data\Microsoft
2006-11-04 14:22 -------- d-------- D:\Program Files\Common Files\ODBC
2006-11-04 14:22 -------- d-------- D:\Program Files\Common Files
2006-11-04 14:14 1245696 --a------ D:\WINDOWS\system32\msxml4.dll
2006-11-04 13:14 -------- d-------- D:\Documents and Settings\joe\Application Data\OfficeUpdate12
2006-11-02 01:49 -------- d-------- D:\Program Files\Microsoft Visual Studio
2006-11-02 01:49 -------- d-------- D:\Program Files\Microsoft ActiveSync
2006-11-02 01:49 -------- d-------- D:\Program Files\Common Files\Microsoft Shared
2006-11-02 01:49 -------- d-------- D:\Program Files\Common Files\Designer
2006-11-02 01:48 -------- d-------- D:\Program Files\Microsoft Office
2006-11-02 01:48 -------- d-------- D:\Program Files\Common Files\L&H
2006-11-01 13:25 816672 --a------ D:\WINDOWS\system32\drivers\avg7core.sys
2006-10-31 17:11 2449 --a------ D:\Documents and Settings\joe\Application Data\AdobeDLM.log
2006-10-31 17:11 0 --a--c--- D:\Documents and Settings\joe\Application Data\dm.ini
2006-10-31 16:12 -------- d-------- D:\Program Files\Common Files\3DO Shared
2006-10-31 16:09 -------- d-------- D:\Program Files\3DO
2006-10-30 23:34 -------- d-------- D:\Program Files\WindowsUpdate
2006-10-30 22:13 -------- d-------- D:\Program Files\Nero
2006-10-30 22:13 -------- d-------- D:\Program Files\Common Files\Ahead
2006-10-30 21:40 -------- d-------- D:\Program Files\PopCap Games
2006-10-30 21:32 28352 --a------ D:\WINDOWS\system32\drivers\MxlW2k.sys
2006-10-30 20:22 -------- d-------- D:\Program Files\Filzip
2006-10-30 18:52 -------- d-------- D:\Program Files\Outlook Express
2006-10-30 18:52 -------- d-------- D:\Program Files\Common Files\System
2006-10-30 18:45 4960 --a------ D:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-30 18:45 4224 --a------ D:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-30 18:45 3968 --a------ D:\WINDOWS\system32\drivers\avgclean.sys
2006-10-30 18:45 28416 --a------ D:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-30 17:44 -------- d-------- D:\Program Files\Online Services
2006-10-30 17:44 -------- d-------- D:\Program Files\NetMeeting
2006-10-30 17:43 -------- d-------- D:\Program Files\MSN
2006-10-30 17:43 -------- d-------- D:\Program Files\Mozilla Firefox
2006-10-30 17:43 -------- d-------- D:\Program Files\Movie Maker
2006-10-30 17:43 -------- d-------- D:\Program Files\menu
2006-10-30 17:43 -------- d-------- D:\Program Files\LG Software Innovations
2006-10-30 17:41 -------- d-------- D:\Program Files\Common Files\Wise Installation Wizard
2006-10-30 17:41 -------- d-------- D:\Program Files\Common Files\Services
2006-10-30 17:41 -------- d-------- D:\Program Files\Common Files\Scanner
2006-10-30 17:41 -------- d-------- D:\Program Files\Common Files\Motive
2006-10-30 17:40 -------- d-------- D:\Program Files\7-Zip
2006-10-26 15:16 -------- d-------- D:\Documents and Settings\joe\Application Data\Google
2006-10-23 11:43 98304 --a------ D:\WINDOWS\system32\CmdLineExt.dll
2006-10-23 11:43 -------- dr-h----- D:\Documents and Settings\joe\Application Data\SecuROM
2006-10-21 13:06 20480 --a------ D:\WINDOWS\system32\H@tKeysH@@k.DLL
2006-10-18 21:58 8704 --------- D:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --------- D:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --------- D:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --------- D:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --------- D:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --------- D:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- D:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --------- D:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --------- D:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- D:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --------- D:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- D:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- D:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --------- D:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --------- D:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- D:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- D:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --------- D:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --------- D:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --------- D:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --------- D:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --------- D:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --------- D:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --------- D:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --------- D:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --------- D:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --------- D:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --------- D:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- D:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --------- D:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --------- D:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --------- D:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --------- D:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --------- D:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --------- D:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- D:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --------- D:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- D:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- D:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --------- D:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --------- D:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- D:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- D:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- D:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ D:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --------- D:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --------- D:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --------- D:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ D:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- D:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --------- D:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --------- D:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- D:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --------- D:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --------- D:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- D:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --------- D:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- D:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --------- D:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --------- D:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- D:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- D:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- D:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --------- D:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- D:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- D:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --------- D:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --------- D:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- D:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --------- D:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 38528 --a------ D:\WINDOWS\system32\drivers\wpdusb.sys
2006-10-18 20:00 249856 --------- D:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- D:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-18 00:06 -------- d--h----- D:\Program Files\Uninstall Information
2006-10-17 13:33 6049280 --------- D:\WINDOWS\system32\ieframe.dll
2006-10-17 13:33 50688 --------- D:\WINDOWS\system32\msfeedsbs.dll
2006-10-17 13:33 458752 --------- D:\WINDOWS\system32\msfeeds.dll
2006-10-17 13:33 413696 --a------ D:\WINDOWS\system32\vbscript.dll
2006-10-17 13:33 231424 --a------ D:\WINDOWS\system32\webcheck.dll
2006-10-17 13:33 180736 --------- D:\WINDOWS\system32\ieui.dll
2006-10-17 13:33 156160 --a------ D:\WINDOWS\system32\msls31.dll
2006-10-17 13:06 78336 --a------ D:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ D:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- D:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ D:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ D:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ D:\WINDOWS\system32\corpol.dll
2006-10-17 13:01 71680 --a------ D:\WINDOWS\system32\admparse.dll
2006-10-17 13:01 55296 --a------ D:\WINDOWS\system32\iesetup.dll
2006-10-17 13:01 382976 --a------ D:\WINDOWS\system32\iedkcs32.dll
2006-10-17 13:01 229376 --a------ D:\WINDOWS\system32\ieaksie.dll
2006-10-17 13:01 152064 --a------ D:\WINDOWS\system32\ieakeng.dll
2006-10-17 13:01 13312 --a------ D:\WINDOWS\system32\ieudinit.exe
2006-10-17 13:00 54784 --a------ D:\WINDOWS\system32\ie4uinit.exe
2006-10-17 13:00 43008 --a------ D:\WINDOWS\system32\iernonce.dll
2006-10-17 13:00 123904 --a------ D:\WINDOWS\system32\advpack.dll
2006-10-17 12:58 61952 --------- D:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- D:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ D:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- D:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ D:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ D:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- D:\WINDOWS\system32\ieapfltr.dll
2006-10-17 12:23 161792 --a------ D:\WINDOWS\system32\ieakui.dll
2006-10-17 09:42 -------- d-------- D:\Program Files\MSXML 4.0
2006-10-15 22:41 -------- d-------- D:\Program Files\Shockwave.com
2006-10-15 16:23 -------- d-------- D:\Program Files\MARS
2006-10-13 07:35 142336 --------- D:\WINDOWS\system32\nwprovau.dll
2006-10-12 16:25 -------- d-------- D:\Documents and Settings\joe\Application Data\Wildfire
2006-10-11 21:31 25 --a------ D:\Documents and Settings\joe\Application Data\tcw_config.cfg
2006-10-02 15:28 312128 --------- D:\WINDOWS\system32\msdelta.dll
2006-09-30 09:18 524288 --a------ D:\WINDOWS\opuc.dll
2006-09-28 20:13 95344 --------- D:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- D:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --------- D:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --------- D:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- D:\WINDOWS\system32\WudfHost.exe
2006-09-25 17:58 23856 --a------ D:\WINDOWS\system32\spupdsvc.exe
2006-09-21 22:39 161 --a------ D:\Delme.bat
2006-09-13 00:01 1084416 --a------ D:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PhotoShow Deluxe Media Manager"="D:\\PROGRA~1\\Ahead\\NEROPH~1\\data\\Xtras\\mssysmgr.exe"
"NBJ"="\"D:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"D:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"ctfmon.exe"="D:\\WINDOWS\\system32\\ctfmon.exe"
"bendbook"="D:\\DOCUME~1\\joe\\APPLIC~1\\PARTIN~1\\internetremotedart.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"p2pnetwork"="p2pnetwork.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Microsoft Works Update Detection"="D:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"MimBoot"="D:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mimboot.exe"
"BJCFD"="D:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"UpdateManager"="\"D:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"NeroFilterCheck"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"HPDJ Taskbar Utility"="D:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"D:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"D:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"AVG7_CC"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"OneCareUI"="\"D:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""
"pccguide.exe"="\"D:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"RealTray"="D:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"SAClient"="\"C:\\Program Files\\Mediacom\\BBClient\\Programs\\RegCon.exe\" /admincheck"
"MMTray"="D:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"Active style noun thunk"="D:\\Documents and Settings\\All Users\\Application Data\\Upload 64 active style\\mp3 help.exe"
"!AVG Anti-Spyware"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000002

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"HoxtRkZtg"="vdmkey.exe"
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"DWQueuedReporting"="\"D:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\
  • 0

Advertisements

#2
Crustyoldbloke
Posted 10 December 2006 - 05:02 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Please abide by the rules of the forum and do not duplicate posts or multipost. This post is similar to this one: http://www.geekstogo...s...st&p=856455

This post is now closed.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP