Thread: Constant pop ups- vundo, winfixer, generic AdClicker.d
View Single Post
Old 08-12-2007, 07:15 PM   #10 (permalink)
cranium5000
Registered User
 
Join Date: Aug 2007
Posts: 11
OS: xp


Re: Constant pop ups- vundo, winfixer, generic AdClicker.d
i ran the combo fix and submitted the maleware to bleeping computer. The filepath is:C:\DOCUME~1\Jason\Desktop.\[4]-Submit_2007-08-12_205152.07.zip
When I tried to click on the online scan nothing happened.

This is catch me Log:
file zipped: C:\WINDOWS\system32\qwuusbxm.exe -> catchme.zip -> qwuusbxm.exe ( 75328 bytes )
file "C:\WINDOWS\system32\qwuusbxm.exe" replaced successfully
file zipped: C:\WINDOWS\system32\ueypaxpg.exe -> catchme.zip -> ueypaxpg.exe ( 75328 bytes )
file "C:\WINDOWS\system32\ueypaxpg.exe" replaced successfully
file zipped: C:\WINDOWS\system32\ihhbthsj.exe -> catchme.zip -> ihhbthsj.exe ( 75328 bytes )
file "C:\WINDOWS\system32\ihhbthsj.exe" replaced successfully
http://www.techsupportforum.com/secu...clicker-d.html


Deckard's System Scanner v20070807.62
Run by Jason on 2007-08-12 at 21:14:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Jason.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:16:43 PM, on 8/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Support.com\bin\tgcmd.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jason\Desktop\dss.exe
C:\DOCUME~1\Jason\Desktop\Jason.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://winantispyware.com/download/2...ax=0&ex=0&ed=0
O2 - BHO: (no name) - 0=˜ - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - °<˜ - (no file)
O2 - BHO: (no name) - à<˜ - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\Jason\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\Jason\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\MANSION.exe
O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\MANSION.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...92/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


-- Files created between 2007-07-12 and 2007-08-12 -----------------------------

2007-08-12 18:54:22 0 d-------- C:\Program Files\Trend Micro
2007-08-11 03:02:57 0 d-------- C:\WINDOWS\System32\PreInstall
2007-08-11 03:02:39 0 d--h----- C:\WINDOWS\$hf_mig$
2007-08-09 17:43:38 0 d-------- C:\WINDOWS\ServicePackFiles
2007-08-09 17:43:38 0 d-------- C:\WINDOWS\ehome
2007-08-09 1723 0 d-------- C:\Program Files\SpywareBlaster
2007-08-09 16:24:30 0 d-------- C:\ie-spyad
2007-08-09 16:20:08 118784 --a------ C:\WINDOWS\System32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-08-09 13:24:04 75328 --a------ C:\WINDOWS\System32\emfifnqs.exe <Not Verified; ; DDC>
2007-08-09 13:17:58 75328 --a------ C:\WINDOWS\System32\omddjajv.exe <Not Verified; ; DDC>
2007-08-09 13:04:44 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-08-09 02:49:56 75328 --a------ C:\WINDOWS\System32\hcaqhhaq.exe <Not Verified; ; DDC>
2007-08-09 02:33:15 75328 --a------ C:\WINDOWS\System32\xthrqinw.exe <Not Verified; ; DDC>
2007-08-09 02:13:58 2278 --a------ C:\WINDOWS\System32\tmp.reg
2007-08-09 01:37:52 75328 --a------ C:\WINDOWS\System32\uvuwtile.exe <Not Verified; ; DDC>
2007-08-09 0105 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2007-08-08 23:47:59 75328 --a------ C:\WINDOWS\System32\qrdhofyc.exe <Not Verified; ; DDC>
2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-08 23:33:56 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-08 23:33:56 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-08 23:33:56 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-08 23:33:56 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-08-08 23:33:56 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-08 23:33:56 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-08 23:23:12 0 d-------- C:\WINDOWS\pss
2007-08-08 21:41:51 75328 --a------ C:\WINDOWS\System32\vcacahty.exe <Not Verified; ; DDC>
2007-08-08 19:44:32 0 d-------- C:\Program Files\RegCure
2007-08-08 19:43:42 75328 --a------ C:\WINDOWS\System32\lojcvksf.exe <Not Verified; ; DDC>
2007-08-08 18:41:04 0 d-------- C:\Program Files\XoftSpySE
2007-08-08 18:37:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-08-08 18:35:54 0 d-------- C:\Documents and Settings\Jason\Application Data\GetRightToGo
2007-08-08 18:32:17 0 d-------- C:\Program Files\CyberScrub AntiVirus
2007-08-08 18:32:17 0 d-------- C:\Program Files\Common Files\Kaspersky Lab
2007-08-08 16:28:19 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-08 16:28:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-08-08 15:09:32 75328 --a------ C:\WINDOWS\System32\gxwtlscd.exe <Not Verified; ; DDC>
2007-08-08 13:54:53 0 d-------- C:\Program Files\Lavasoft
2007-08-08 13:54:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-08 12:05:10 75328 --a------ C:\WINDOWS\System32\vmhkyoad.exe <Not Verified; ; DDC>
2007-08-08 00:18:26 0 d-------- C:\WINDOWS\McAfee.com
2007-08-07 2049 0 d-------- C:\Documents and Settings\Jason\Application Data\McAfee
2007-08-07 15:11:49 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-08-07 15:11:31 78336 --a------ C:\WINDOWS\System32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper>
2007-08-07 15:11:30 102912 --a------ C:\WINDOWS\System32\islzma.dll
2007-08-07 15:11:18 0 d-------- C:\Program Files\Webroot
2007-08-07 15:11:18 0 d-------- C:\Documents and Settings\Jason\Application Data\Webroot
2007-07-24 11:20:13 0 d-------- C:\Documents and Settings\Jason\Contacts
2007-07-24 11:19:12 0 d------c- C:\WINDOWS\System32\DRVSTORE
2007-07-24 11:18:50 0 d-------- C:\Program Files\MSN Messenger
2007-07-12 15:37:46 0 d-------- C:\Program Files\UBNet


-- Find3M Report ---------------------------------------------------------------

2007-08-12 20:57:05 0 d-------- C:\Documents and Settings\Jason\Application Data\ComcastToolbar
2007-08-09 17:46:56 0 d-------- C:\Program Files\Messenger
2007-08-09 17:43:20 0 d-------- C:\Program Files\Movie Maker
2007-08-09 14:45:30 0 d-------- C:\Program Files\QuickTime
2007-08-09 14:39:40 0 d-------- C:\Program Files\iTunes
2007-08-09 14:34:21 0 d-------- C:\Program Files\Google
2007-08-09 14:32:48 0 d-------- C:\Program Files\ComcastToolbar
2007-08-08 21:40:16 0 d-------- C:\Program Files\Common Files
2007-08-08 18:42:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-08 16:41:02 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-08 13:53:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-07 19:44:30 0 d-------- C:\Program Files\Common Files\Scanner
2007-08-07 15:57:33 0 d-------- C:\Program Files\Absolute Poker Basic
2007-07-29 18:49:23 0 d-------- C:\Documents and Settings\Jason\Application Data\U3
2007-07-10 00:25:06 0 d-------- C:\Program Files\Punch! Super Home
2007-06-29 21:32:54 0 d-------- C:\Documents and Settings\Jason\Application Data\Ulead Systems
2007-06-27 22:45:55 0 d-------- C:\Program Files\MANSION
2007-06-27 10:03:37 0 d-------- C:\Program Files\Yahoo!
2007-06-26 21:57:14 0 d-------- C:\Program Files\support.com
2007-06-23 09:42:12 0 d-------- C:\Documents and Settings\Jason\Application Data\Google
2007-06-22 21:25:35 0 d-------- C:\Program Files\Image-Line
2007-06-21 11:47:37 0 d-------- C:\Program Files\McAfee


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 04:23 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 11:54 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/02/2007 04:24 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [03/25/2003 10:19 PM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [12/17/2002 12:40 PM]
"Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [01/12/2004 09:40 PM]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [11/18/2003 06:20 PM]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/24/2005 07:51 AM]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [03/07/2007 10:58 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [11/16/2005 02:53 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" []

C:\Documents and Settings\Jason\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [5/23/2006 2:17:00 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-08-12 at 21:17:45 ---------






ComboFix 07-08-11 - "Jason" 2007-08-12 20:51:55.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.269 [GMT -7:00]
Command switches used :: C:\Documents and Settings\Jason\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ihhbthsj.exe
C:\WINDOWS\system32\qwuusbxm.exe
C:\WINDOWS\system32\ueypaxpg.exe


((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))


2007-08-12 18:54 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-11 03:02 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-11 03:02 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-11 03:02 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-08-11 01:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 18:04 <DIR> d-------- C:\Deckard
2007-08-09 17:46 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
2007-08-09 17:43 921,475 --a------ C:\WINDOWS\system32\ati3d2ag.dll
2007-08-09 17:43 844,675 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-08-09 17:43 63,663 --a------ C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-08-09 17:43 6,912 --a------ C:\WINDOWS\system32\drivers\hidir.sys
2007-08-09 17:43 56,591 --a------ C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-08-09 17:43 5,120 --a------ C:\WINDOWS\system32\hccoin.dll
2007-08-09 17:43 450,176 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-08-09 17:43 403,456 --a------ C:\WINDOWS\system32\winbrand.dll
2007-08-09 17:43 377,984 --a------ C:\WINDOWS\system32\ati2dvaa.dll
2007-08-09 17:43 36,463 --a------ C:\WINDOWS\system32\drivers\atintuxx.sys
2007-08-09 17:43 34,735 --a------ C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-08-09 17:43 327,040 --a------ C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-08-09 17:43 30,671 --a------ C:\WINDOWS\system32\drivers\atinraxx.sys
2007-08-09 17:43 3,584 --a------ C:\WINDOWS\system32\dsprpres.dll
2007-08-09 17:43 29,455 --a------ C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-08-09 17:43 26,367 --a------ C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-08-09 17:43 218,112 --a------ C:\WINDOWS\system32\sbe.dll
2007-08-09 17:43 21,343 --a------ C:\WINDOWS\system32\drivers\atinttxx.sys
2007-08-09 17:43 202,496 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-08-09 17:43 19,328 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2007-08-09 17:43 187,904 --a------ C:\WINDOWS\system32\xpsp1res.dll
2007-08-09 17:43 18,944 --a------ C:\WINDOWS\system32\faxpatch.exe
2007-08-09 17:43 172,032 --a------ C:\WINDOWS\system32\mssap.dll
2007-08-09 17:43 155,648 --a------ C:\WINDOWS\system32\encdec.dll
2007-08-09 17:43 13,056 --a------ C:\WINDOWS\system32\drivers\wacompen.sys
2007-08-09 17:43 12,288 --a------ C:\WINDOWS\system32\encapi.dll
2007-08-09 17:43 12,047 --a------ C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-08-09 17:43 110,080 --a------ C:\WINDOWS\system32\sbeio.dll
2007-08-09 17:43 11,904 --a------ C:\WINDOWS\system32\drivers\mutohpen.sys
2007-08-09 17:43 11,615 --a------ C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-08-09 17:43 1,677,312 --a------ C:\WINDOWS\system32\wmvcore2.dll
2007-08-09 17:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-08-09 17:43 <DIR> d-------- C:\WINDOWS\ehome
2007-08-09 17:42 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-08-09 17:42 94,720 --a------ C:\WINDOWS\system32\dmusic.dll
2007-08-09 17:42 91,648 --a------ C:\WINDOWS\system32\ahui.exe
2007-08-09 17:42 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2007-08-09 17:42 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
2007-08-09 17:42 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll
2007-08-09 17:42 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2007-08-09 17:42 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2007-08-09 17:42 786,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-08-09 17:42 77,312 --a------ C:\WINDOWS\system32\dmscript.dll
2007-08-09 17:42 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe
2007-08-09 17:42 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
2007-08-09 17:42 74,810 --a------ C:\WINDOWS\system32\atl.dll
2007-08-09 17:42 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2007-08-09 17:42 70,656 --a------ C:\WINDOWS\system32\defrag.exe
2007-08-09 17:42 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll
2007-08-09 17:42 66,560 --a------ C:\WINDOWS\system32\faultrep.dll
2007-08-09 17:42 64,512 --a------ C:\WINDOWS\system32\ciodm.dll
2007-08-09 17:42 62,976 --a------ C:\WINDOWS\system32\browselc.dll
2007-08-09 17:42 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2007-08-09 17:42 61,440 --a------ C:\WINDOWS\system32\dbnetlib.dll
2007-08-09 17:42 6,656 --a------ C:\WINDOWS\system32\batt.dll
2007-08-09 17:42 59,392 --a------ C:\WINDOWS\system32\iesetup.dll
2007-08-09 17:42 59,392 --a------ C:\WINDOWS\system32\6to4svc.dll
2007-08-09 17:42 58,368 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-08-09 17:42 57,344 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-08-09 17:42 56,320 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-08-09 17:42 55,296 --a------ C:\WINDOWS\system32\digest.dll
2007-08-09 17:42 54,272 --a------ C:\WINDOWS\system32\clusapi.dll
2007-08-09 17:42 53,248 --a------ C:\WINDOWS\system32\cryptsvc.dll
2007-08-09 17:42 5,120 --a------ C:\WINDOWS\system32\asferror.dll
2007-08-09 17:42 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2007-08-09 17:42 49,664 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-08-09 17:42 49,152 --a------ C:\WINDOWS\system32\eventlog.dll
2007-08-09 17:42 49,152 --a------ C:\WINDOWS\system32\browser.dll
2007-08-09 17:42 471,040 --a------ C:\WINDOWS\system32\cryptui.dll
2007-08-09 17:42 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
2007-08-09 17:42 41,984 --a------ C:\WINDOWS\system32\alg.exe
2007-08-09 17:42 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2007-08-09 17:42 380,445 --a------ C:\WINDOWS\system32\expsrv.dll
2007-08-09 17:42 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll
2007-08-09 17:42 37,888 --a------ C:\WINDOWS\system32\hhsetup.dll
2007-08-09 17:42 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2007-08-09 17:42 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
2007-08-09 17:42 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-08-09 17:42 31,744 --a------ C:\WINDOWS\system32\dmloader.dll
2007-08-09 17:42 307,712 --a------ C:\WINDOWS\system32\cscui.dll
2007-08-09 17:42 29,696 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-08-09 17:42 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2007-08-09 17:42 266,752 --a------ C:\WINDOWS\winhlp32.exe
2007-08-09 17:42 263,680 --a------ C:\WINDOWS\system32\duser.dll
2007-08-09 17:42 263,168 --a------ C:\WINDOWS\system32\devmgr.dll
2007-08-09 17:42 26,112 --a------ C:\WINDOWS\system32\dmband.dll
2007-08-09 17:42 253,440 --a------ C:\WINDOWS\system32\ddraw.dll
2007-08-09 17:42 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll
2007-08-09 17:42 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll
2007-08-09 17:42 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2007-08-09 17:42 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2007-08-09 17:42 24,576 --a------ C:\WINDOWS\system32\conime.exe
2007-08-09 17:42 239,616 --a------ C:\WINDOWS\system32\adsnt.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 20:24 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\ComcastToolbar
2007-08-09 17:46 --------- d-------- C:\Program Files\Messenger
2007-08-09 17:43 --------- d-------- C:\Program Files\Movie Maker
2007-08-09 14:45 --------- d-------- C:\Program Files\QuickTime
2007-08-09 14:39 --------- d-------- C:\Program Files\iTunes
2007-08-09 14:34 --------- d-------- C:\Program Files\Google
2007-08-09 14:32 --------- d-------- C:\Program Files\ComcastToolbar
2007-08-08 18:42 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-08 16:41 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-08 13:53 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-07 19:44 --------- d-------- C:\Program Files\Common Files\Scanner
2007-08-07 15:57 --------- d-------- C:\Program Files\Absolute Poker Basic
2007-07-29 18:49 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\U3
2007-07-10 00:25 --------- d-------- C:\Program Files\Punch! Super Home
2007-06-29 21:32 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\Ulead Systems
2007-06-27 22:45 --------- d-------- C:\Program Files\MANSION
2007-06-27 10:03 --------- d-------- C:\Program Files\Yahoo!
2007-06-26 21:57 --------- d-------- C:\Program Files\support.com
2007-06-23 09:42 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\Google
2007-06-22 21:25 --------- d-------- C:\Program Files\Image-Line
2007-06-21 11:47 --------- d-------- C:\Program Files\McAfee


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 16:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-25 22:19]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40]
"Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 21:40]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 18:20]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 10:58]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-11-16 14:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" []

C:\Documents and Settings\Jason\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2006-05-23 14:17:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 SSI;SSI;C:\WINDOWS\System32\Drivers\SSI.SYS
R3 ati2mpaa;ati2mpaa;C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys


Contents of the 'Scheduled Tasks' folder
2007-08-10 05:58:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-05-15 08:11:13 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-08-01 08:00:08 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-08-11 00:00:06 C:\WINDOWS\Tasks\RegCure Program Check.job
2007-08-09 10:00:39 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
2007-08-11 03:27:44 C:\WINDOWS\Tasks\XoftSpySE 2.job
2007-08-11 10:13:45 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 20:53:53
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 20:54:38
C:\ComboFix-quarantined-files.txt ... 2007-08-12 20:54
C:\ComboFix2.txt ... 2007-08-12 18:29

--- E O F ---
cranium5000 is offline