Thread: Constant pop ups- vundo, winfixer, generic AdClicker.d
View Single Post
Old 08-09-2007, 05:13 PM   #1 (permalink)
cranium5000
Registered User
 
Join Date: Aug 2007
Posts: 11
OS: xp


Constant pop ups- vundo, winfixer, generic AdClicker.d
I followed all five steps and have done everything you asked here is everything you wanted. Thank you so much, Josh


Vundo trojan Found in xoftspyse: [/b][/b][/b] REGKEY_FOUND" data="software\microsoft\juan" system-message="Only part of a ReadProcessMemory or WriteProcessMemory request was completed." malwareName="Vundo Trojan" />


Winfixer Foundin Mcafee:
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\YTWZ6P6X\WinAntiVirusPro2007FreeInstall[1].cab

Generic AdClicker.d trojan Found in Mcafee:
c:\documents and settings\jason\local settings\temporary internet files\content.ie5\s9k78v4n\masiyxanidi[1]


Panda Activescan:

Incident Status Location

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Cookies\jason@errorsafe[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Jason\Cookies\jason@stats1.reliablestats[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Jason\Cookies\jason@statse.webtrendslive[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Jason\Cookies\jason@systemdoctor[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Jason\Cookies\jason@winantispyware[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Jason\Cookies\jason@winantivirus[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.errorsafe[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.systemdoctor[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.winantiviruspro[1].txt
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Jason\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\WP278XMV\ErrorSafeFreeInstallW[1].cab[UERS_9999_N91S1502NetInstaller.exe]
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\YTWZ6P6X\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.exe]
Adware:Adware/WinAntivirus2006 Not disinfected C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\YTWZ6P6X\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.inf]
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Jason\My Documents\SmitfraudFix\restart.exe
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dc23.txt
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dc24.txt
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dc26.txt
Spyware:Cookie/Winantivirus Not disinfected C:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dc6.txt
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\tgmwsgkr.exe
Spyware:Cookie/2o7 Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@atwola[1].txt
Spyware:Cookie/CentrPort Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@centrport[2].txt
Spyware:Cookie/DomainSponsor Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@domainsponsor[1].txt
Spyware:Cookie/Doubleclick Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@fastclick[2].txt
Spyware:Cookie/DomainSponsor Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@landing.domainsponsor[1].txt
Spyware:Cookie/QuestionMarket Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@questionmarket[1].txt
Spyware:Cookie/Advertising Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@servedby.advertising[2].txt
Spyware:Cookie/Tradedoubler Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@tradedoubler[1].txt
Spyware:Spyware/PeoplePC Not disinfected D:\Program Files\ISP50\Bin\RAS.DLL
Spyware:Cookie/YieldManager Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd10.txt
Spyware:Cookie/Advertising Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd15.txt
Spyware:Cookie/Apmebf Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd19.txt
Spyware:Cookie/Atlas DMT Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd20.txt
Spyware:Cookie/Atwola Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd21.txt
Spyware:Cookie/Belnk Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd25.txt
Spyware:Cookie/Bluestreak Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd26.txt
Spyware:Cookie/BurstNet Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd28.txt
Spyware:Cookie/Casalemedia Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd29.txt
Spyware:Cookie/CentrPort Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd30.txt
Spyware:Cookie/Bridgetrack Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd32.txt
Spyware:Cookie/Belnk Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd36.txt
Spyware:Cookie/Doubleclick Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd37.txt
Spyware:Cookie/Adserver Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd5.txt
Spyware:Cookie/Mediaplex Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd50.txt
Spyware:Cookie/Zedo Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd6.txt
Spyware:Cookie/QkSrv Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd61.txt
Spyware:Cookie/QuestionMarket Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd62.txt
Spyware:Cookie/Advertising Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd72.txt
Spyware:Cookie/WebtrendsLive Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd74.txt
Spyware:Cookie/Traffic Marketplace Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd75.txt
Spyware:Cookie/BurstBeacon Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd79.txt
Spyware:Cookie/2o7 Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd93.txt
Deckards Scan:
Deckard's System Scanner v20070807.62
Run by Jason on 2007-08-09 at 18:04:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-08-10 01:04:48 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2007-08-10 00:37:03 UTC - RP2 - Installed Windows XP Service Pack 1.
1: 2007-08-09 20:27:18 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-09 18:08:25
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\vmhkyoad.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Jason\My Documents\dss.exe
C:\Program Files\McAfee\MPF\MC\MpfAlert.exe
C:\Program Files\support.com\bin\tgcmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://winantispyware.com/download/2...ax=0&ex=0&ed=0
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
O2 - BHO: (no name) - 0=˜ - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {37188E3E-BB99-4B8C-8EC1-1A5B476929F8} - C:\WINDOWS\system32\jkhff.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\kegcaoxr.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - °<˜ - (no file)
O2 - BHO: (no name) - à<˜ - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKEY_LOCAL_MACHINE\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKEY_LOCAL_MACHINE\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\kxwskhbb.dll",forkonce
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\Jason\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\Jason\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\Mansion.exe
O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\Mansion.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...92/mcfscan.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\System32\WRLogonNTF.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\vmhkyoad.exe /service
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe


-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SSI - c:\windows\system32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - c:\program files\lavasoft\ad-aware 2007\aawservice.exe <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 DomainService - c:\windows\system32\vmhkyoad.exe /service <Not Verified; ; DDC>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&37725873&0&48F0
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&37725873&0&48F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-08-09 17:00:53 448 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2007-08-09 17:00:14 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2007-08-09 03:00:39 372 --a------ C:\WINDOWS\Tasks\RegCure.job
2007-08-08 20:48:32 360 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2007-08-02 22:58:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-01 01:00:08 352 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-05-15 01:11:13 350 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2007-07-09 and 2007-08-09 -----------------------------

2007-08-09 18:00:49 125504 --a------ C:\WINDOWS\System32\kxwskhbb.dll
2007-08-09 17:57:43 75328 --a------ C:\WINDOWS\System32\ihhbthsj.exe <Not Verified; ; DDC>
2007-08-09 17:43:38 0 d-------- C:\WINDOWS\ServicePackFiles
2007-08-09 17:43:38 0 d-------- C:\WINDOWS\ehome
2007-08-09 1723 0 d-------- C:\Program Files\SpywareBlaster
2007-08-09 16:24:30 0 d-------- C:\ie-spyad
2007-08-09 16:20:08 118784 --a------ C:\WINDOWS\System32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-08-09 13:25:55 125504 -----n--- C:\WINDOWS\System32\tdexphvk.dll
2007-08-09 13:24:04 75328 --a------ C:\WINDOWS\System32\emfifnqs.exe <Not Verified; ; DDC>
2007-08-09 13:17:58 75328 --a------ C:\WINDOWS\System32\omddjajv.exe <Not Verified; ; DDC>
2007-08-09 13:04:44 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-08-09 03:50:36 1732264 ---hs---- C:\WINDOWS\System32\ffhkj.ini2
2007-08-09 02:49:56 75328 --a------ C:\WINDOWS\System32\hcaqhhaq.exe <Not Verified; ; DDC>
2007-08-09 02:33:15 75328 --a------ C:\WINDOWS\System32\xthrqinw.exe <Not Verified; ; DDC>
2007-08-09 02:13:58 2278 --a------ C:\WINDOWS\System32\tmp.reg
2007-08-09 01:37:52 75328 --a------ C:\WINDOWS\System32\uvuwtile.exe <Not Verified; ; DDC>
2007-08-09 01:09:21 125504 --a------ C:\WINDOWS\System32\axjwysrm.dll
2007-08-09 0105 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2007-08-08 23:49:26 125504 --a------ C:\WINDOWS\System32\gldolqmr.dll
2007-08-08 23:47:59 75328 --a------ C:\WINDOWS\System32\qrdhofyc.exe <Not Verified; ; DDC>
2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-08 23:33:56 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-08 23:33:56 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-08 23:33:56 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-08 23:33:56 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-08-08 23:33:56 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-08 23:33:56 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-08 23:23:12 0 d-------- C:\WINDOWS\pss
2007-08-08 21:47:53 125504 --a------ C:\WINDOWS\System32\fugdxpgl.dll
2007-08-08 21:41:51 75328 --a------ C:\WINDOWS\System32\vcacahty.exe <Not Verified; ; DDC>
2007-08-08 19:46:42 125504 --a------ C:\WINDOWS\System32\tqofsvpl.dll
2007-08-08 19:44:32 0 d-------- C:\Program Files\RegCure
2007-08-08 19:43:42 75328 --a------ C:\WINDOWS\System32\lojcvksf.exe <Not Verified; ; DDC>
2007-08-08 18:41:04 0 d-------- C:\Program Files\XoftSpySE
2007-08-08 18:37:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-08-08 18:35:54 0 d-------- C:\Documents and Settings\Jason\Application Data\GetRightToGo
2007-08-08 18:32:17 0 d-------- C:\Program Files\CyberScrub AntiVirus
2007-08-08 18:32:17 0 d-------- C:\Program Files\Common Files\Kaspersky Lab
2007-08-08 16:28:19 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-08 16:28:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-08-08 15:10:22 125504 --a------ C:\WINDOWS\System32\knkpypbd.dll
2007-08-08 15:09:32 75328 --a------ C:\WINDOWS\System32\gxwtlscd.exe <Not Verified; ; DDC>
2007-08-08 13:54:53 0 d-------- C:\Program Files\Lavasoft
2007-08-08 13:54:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-08 12:05:20 125504 --a------ C:\WINDOWS\System32\lnirkesd.dll
2007-08-08 12:05:10 75328 --a------ C:\WINDOWS\System32\vmhkyoad.exe <Not Verified; ; DDC>
2007-08-08 02:05:59 125504 --a------ C:\WINDOWS\System32\abtxashc.dll
2007-08-08 00:18:26 0 d-------- C:\WINDOWS\McAfee.com
2007-08-07 23:55:29 125504 --a------ C:\WINDOWS\System32\bjimgtqx.dll
2007-08-07 2049 0 d-------- C:\Documents and Settings\Jason\Application Data\McAfee
2007-08-07 16:19:15 125504 --a------ C:\WINDOWS\System32\jsrktewc.dll
2007-08-07 16:07:55 125504 --a------ C:\WINDOWS\System32\tsvhiisd.dll
2007-08-07 15:11:49 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-08-07 15:11:31 78336 --a------ C:\WINDOWS\System32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper>
2007-08-07 15:11:30 102912 --a------ C:\WINDOWS\System32\islzma.dll
2007-08-07 15:11:18 0 d-------- C:\Program Files\Webroot
2007-08-07 15:11:18 0 d-------- C:\Documents and Settings\Jason\Application Data\Webroot
2007-08-07 13:52:13 125504 --a------ C:\WINDOWS\System32\ergmupae.dll
2007-08-07 11:46:38 125504 --a------ C:\WINDOWS\System32\pauvthax.dll
2007-08-02 11:10:19 1734762 ---hs---- C:\WINDOWS\System32\ffhkj.bak2
2007-07-31 23:33:11 69184 --a------ C:\WINDOWS\System32\kegcaoxr.dll
2007-07-31 11:23:22 1731268 ---hs---- C:\WINDOWS\System32\ffhkj.bak1
2007-07-31 11:20:44 228960 --a------ C:\WINDOWS\System32\jkhff.dll
2007-07-24 11:20:13 0 d-------- C:\Documents and Settings\Jason\Contacts
2007-07-24 11:19:12 0 d------c- C:\WINDOWS\System32\DRVSTORE
2007-07-24 11:18:50 0 d-------- C:\Program Files\MSN Messenger
2007-07-12 15:37:46 0 d-------- C:\Program Files\UBNet


-- Find3M Report ---------------------------------------------------------------

2007-08-09 18:02:32 0 d-------- C:\Documents and Settings\Jason\Application Data\ComcastToolbar
2007-08-09 17:46:56 0 d-------- C:\Program Files\Messenger
2007-08-09 17:43:20 0 d-------- C:\Program Files\Movie Maker
2007-08-09 14:45:30 0 d-------- C:\Program Files\QuickTime
2007-08-09 14:39:40 0 d-------- C:\Program Files\iTunes
2007-08-09 14:34:21 0 d-------- C:\Program Files\Google
2007-08-09 14:32:48 0 d-------- C:\Program Files\ComcastToolbar
2007-08-08 21:40:16 0 d-------- C:\Program Files\Common Files
2007-08-08 18:42:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-08 16:41:02 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-08 13:53:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-07 19:44:30 0 d-------- C:\Program Files\Common Files\Scanner
2007-08-07 15:57:33 0 d-------- C:\Program Files\Absolute Poker Basic
2007-07-29 18:49:23 0 d-------- C:\Documents and Settings\Jason\Application Data\U3
2007-07-10 00:25:06 0 d-------- C:\Program Files\Punch! Super Home
2007-06-29 21:32:54 0 d-------- C:\Documents and Settings\Jason\Application Data\Ulead Systems
2007-06-27 22:45:55 0 d-------- C:\Program Files\MANSION
2007-06-27 10:03:37 0 d-------- C:\Program Files\Yahoo!
2007-06-26 21:57:14 0 d-------- C:\Program Files\support.com
2007-06-23 09:42:12 0 d-------- C:\Documents and Settings\Jason\Application Data\Google
2007-06-22 21:25:35 0 d-------- C:\Program Files\Image-Line
2007-06-21 11:47:37 0 d-------- C:\Program Files\McAfee


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37188E3E-BB99-4B8C-8EC1-1A5B476929F8}]
07/31/2007 11:20 AM 228960 --a------ C:\WINDOWS\System32\jkhff.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
07/31/2007 11:33 PM 69184 --a------ C:\WINDOWS\System32\kegcaoxr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 04:23 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 11:54 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/02/2007 04:24 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [03/25/2003 10:19 PM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [12/17/2002 12:40 PM]
"Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [01/12/2004 09:40 PM]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [11/18/2003 06:20 PM]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/24/2005 07:51 AM]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [03/07/2007 10:58 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [11/16/2005 02:53 PM]
"SystemOptimizer"="C:\WINDOWS\System32\kxwskhbb.dll" [08/09/2007 06:00 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" []

C:\Documents and Settings\Jason\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [5/23/2006 2:17:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhff]
C:\WINDOWS\System32\jkhff.dll 07/31/2007 11:20 AM 228960 C:\WINDOWS\system32\jkhff.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-08-09 at 18:14:42 ---------
cranium5000 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here