Tech Support Forum - View Single Post - DSS wont complete-viruses,trojan downloaders and popups

hybritical · 10-05-2007, 10:54 AM

ok when i used it the first couple of times it had an error screen saying that it would need to shut down pop up about 5 or 6 times then finally it said im not an admin, which wasn't correct. i rebooted to see if that would do anything, same thing and then i tried just clicking the link on the desktop and it worked. I hope thats ok...if so heres the log

ComboFix 07-10-05.3 - Owner 2007-10-05 12:36:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.71 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TA_Start.lnk
C:\Temp\fse
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files.\xpreload.ocx
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\cbaxurnr.dll
C:\WINDOWS\system32\dbawkjix.dll
C:\WINDOWS\system32\digqbhbj.dll
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\fhktplvc.exe
C:\WINDOWS\system32\ghuwkrma.dll
C:\WINDOWS\system32\gomfiewh.exe
C:\WINDOWS\system32\ihrqoxkg.exe
C:\WINDOWS\system32\iyhwwqak.dll
C:\WINDOWS\system32\jbhbqgid.ini
C:\WINDOWS\system32\ovsuitxh.dll
C:\WINDOWS\system32\vpkacgkl.exe
C:\WINDOWS\system32\wjhxickh.exe
C:\WINDOWS\system32\xijkwabd.ini
C:\WINDOWS\system32\xuqyvttu.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 )))))))))))))))))))))))))))))))
.

2007-10-05 12:35 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 22:52 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-04 16:50 <DIR> d-------- C:\Deckard
2007-10-04 16:39 <DIR> d-------- C:\ie-spyad_zo
2007-10-04 16:14 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-04 15:55 6,628 ---hs---- C:\WINDOWS\system32\ppqss.ini2
2007-10-04 00:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-03 14:50 1,294,276 ---hs---- C:\WINDOWS\system32\ppqss.bak2
2007-10-02 15:37 6,465 ---hs---- C:\WINDOWS\system32\ppqss.bak1
2007-10-02 15:35 310,880 --a------ C:\WINDOWS\system32\ssqpp.dll
2007-10-02 15:30 36,352 --a------ C:\WINDOWS\system32\awtqrpn.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 02:03 --------- d-------- C:\Program Files\Google
2007-09-22 00:57 --------- d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-09-10 19:25 --------- dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo!
2007-09-06 01:45 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-09-05 21:44 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-09-05 21:40 --------- d-------- C:\Program Files\Yahoo!
2007-08-26 12:10 --------- d-------- C:\Program Files\Dell
2007-08-18 18:41 --------- d-------- C:\Program Files\Escape From Paradise
2007-08-14 12:33 --------- d-------- C:\Program Files\America Online 9.0
2007-08-14 12:24 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-08-14 12:23 --------- d-------- C:\Program Files\McAfee.com
2007-08-14 12:20 --------- d-------- C:\Program Files\Common Files\aol
2007-08-14 03:14 --------- d-------- C:\Program Files\Webroot
2007-08-14 03:06 --------- d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-08-14 03:06 --------- d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-08-14 01:49 --------- d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2007-08-13 03:21 --------- d-------- C:\Program Files\AVG2
2007-08-12 14:17 3638 --a------ C:\WINDOWS\5bydbzjy.exe
2007-08-12 13:42 --------- d-------- C:\Program Files\Burger Island
2007-08-10 14:37 --------- d-------- C:\Program Files\DivX
2007-08-10 01:09 --------- d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-08-10 01:08 --------- d-------- C:\Program Files\Cake Mania 2
2007-08-09 19:35 --------- d-------- C:\Documents and Settings\Owner\Application Data\Sandlot Games
2007-08-09 19:34 --------- d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-08-09 17:47 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-08-09 16:20 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-19 22:54 1521464 --a------ C:\WINDOWS\WRSetup.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F9C7C74-BD48-45B4-BB02-47C411790F14}]
2007-10-02 15:35 310880 --a------ C:\WINDOWS\System32\ssqpp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53B5F2B1-94DD-43E5-8187-EB4E31F00701}]
C:\WINDOWS\system32\l3acdb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
C:\WINDOWS\WebAssist.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}]
C:\Program Files\ISM\BndDrive.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98B822AD-6BE7-49BC-B773-97240B774080}]
C:\WINDOWS\system32\AClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"MCAgentExe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" []
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1176427498\ee\AOLSoftware.exe" []
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-12 21:27]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-13 12:52]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-05-08 23:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 14:51]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 06:17]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{178D4E6A-BA5A-4ECB-8521-F7B8393FDB97}"= C:\WINDOWS\System32\awtqrpn.dll [2007-10-02 15:30 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqrpn]
awtqrpn.dll 2007-10-02 15:30 36352 C:\WINDOWS\system32\awtqrpn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\ssqpp.dll

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\System32\Drivers\SSFS0BB8.SYS
S3 NaiFiltr;NaiFiltr;C:\WINDOWS\System32\DRIVERS\NaiFiltr.sys

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2007-10-04 04:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-08-26 13:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-08-26 14:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-01 15:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-05 16:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-01 17:00:00 C:\WINDOWS\Tasks\At14.job"
"2007-10-01 18:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-03 19:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-04 20:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-04 21:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-04 22:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-04 05:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-04 23:00:00 C:\WINDOWS\Tasks\At20.job"
"2007-10-05 00:00:00 C:\WINDOWS\Tasks\At21.job"
"2007-10-05 01:00:00 C:\WINDOWS\Tasks\At22.job"
"2007-10-05 02:00:00 C:\WINDOWS\Tasks\At23.job"
"2007-10-05 03:00:00 C:\WINDOWS\Tasks\At24.job"
"2007-10-04 06:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-04 07:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-09-15 08:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-09-06 09:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-09-03 10:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-09-03 11:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-09-03 12:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\System32\simYr384.exe
"2007-10-05 16:47:01 C:\WINDOWS\Tasks\McAfee.com Update Check (NEW-HARVEST-Owner).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-05 12:44:13
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-05 12:49:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-05 12:48
.
--- E O F ---

10-05-2007, 10:54 AM	#5 (permalink)
hybritical Registered User Join Date: Oct 2007 Posts: 28 OS: winxp	Re: DSS wont complete-viruses,trojan downloaders and popups ok when i used it the first couple of times it had an error screen saying that it would need to shut down pop up about 5 or 6 times then finally it said im not an admin, which wasn't correct. i rebooted to see if that would do anything, same thing and then i tried just clicking the link on the desktop and it worked. I hope thats ok...if so heres the log ComboFix 07-10-05.3 - Owner 2007-10-05 12:36:45.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.71 [GMT -4:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TA_Start.lnk C:\Temp\fse C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files.\xpreload.ocx C:\WINDOWS\Fonts\acrsecI.fon C:\WINDOWS\system32\cbaxurnr.dll C:\WINDOWS\system32\dbawkjix.dll C:\WINDOWS\system32\digqbhbj.dll C:\WINDOWS\system32\f02WtR C:\WINDOWS\system32\fhktplvc.exe C:\WINDOWS\system32\ghuwkrma.dll C:\WINDOWS\system32\gomfiewh.exe C:\WINDOWS\system32\ihrqoxkg.exe C:\WINDOWS\system32\iyhwwqak.dll C:\WINDOWS\system32\jbhbqgid.ini C:\WINDOWS\system32\ovsuitxh.dll C:\WINDOWS\system32\vpkacgkl.exe C:\WINDOWS\system32\wjhxickh.exe C:\WINDOWS\system32\xijkwabd.ini C:\WINDOWS\system32\xuqyvttu.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 ))))))))))))))))))))))))))))))) . 2007-10-05 12:35 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-04 22:52 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-04 16:50 <DIR> d-------- C:\Deckard 2007-10-04 16:39 <DIR> d-------- C:\ie-spyad_zo 2007-10-04 16:14 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-04 15:55 6,628 ---hs---- C:\WINDOWS\system32\ppqss.ini2 2007-10-04 00:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-03 14:50 1,294,276 ---hs---- C:\WINDOWS\system32\ppqss.bak2 2007-10-02 15:37 6,465 ---hs---- C:\WINDOWS\system32\ppqss.bak1 2007-10-02 15:35 310,880 --a------ C:\WINDOWS\system32\ssqpp.dll 2007-10-02 15:30 36,352 --a------ C:\WINDOWS\system32\awtqrpn.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-04 02:03 --------- d-------- C:\Program Files\Google 2007-09-22 00:57 --------- d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-09-10 19:25 --------- dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo! 2007-09-06 01:45 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-09-05 21:44 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2007-09-05 21:40 --------- d-------- C:\Program Files\Yahoo! 2007-08-26 12:10 --------- d-------- C:\Program Files\Dell 2007-08-18 18:41 --------- d-------- C:\Program Files\Escape From Paradise 2007-08-14 12:33 --------- d-------- C:\Program Files\America Online 9.0 2007-08-14 12:24 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL 2007-08-14 12:23 --------- d-------- C:\Program Files\McAfee.com 2007-08-14 12:20 --------- d-------- C:\Program Files\Common Files\aol 2007-08-14 03:14 --------- d-------- C:\Program Files\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\Owner\Application Data\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-08-14 03:06 --------- d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2007-08-14 01:49 --------- d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo 2007-08-13 03:21 --------- d-------- C:\Program Files\AVG2 2007-08-12 14:17 3638 --a------ C:\WINDOWS\5bydbzjy.exe 2007-08-12 13:42 --------- d-------- C:\Program Files\Burger Island 2007-08-10 14:37 --------- d-------- C:\Program Files\DivX 2007-08-10 01:09 --------- d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games 2007-08-10 01:08 --------- d-------- C:\Program Files\Cake Mania 2 2007-08-09 19:35 --------- d-------- C:\Documents and Settings\Owner\Application Data\Sandlot Games 2007-08-09 19:34 --------- d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2007-08-09 17:47 --------- d-------- C:\Program Files\Microsoft ActiveSync 2007-08-09 16:20 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-07-19 22:54 1521464 --a------ C:\WINDOWS\WRSetup.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F9C7C74-BD48-45B4-BB02-47C411790F14}] 2007-10-02 15:35 310880 --a------ C:\WINDOWS\System32\ssqpp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53B5F2B1-94DD-43E5-8187-EB4E31F00701}] C:\WINDOWS\system32\l3acdb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}] C:\WINDOWS\WebAssist.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}] C:\Program Files\ISM\BndDrive.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98B822AD-6BE7-49BC-B773-97240B774080}] C:\WINDOWS\system32\AClient.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@"="" [] "MCAgentExe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [] "HostManager"="C:\Program Files\Common Files\AOL\1176427498\ee\AOLSoftware.exe" [] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-12 21:27] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-13 12:52] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-05-08 23:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@"="" [] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 14:51] "AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 06:17] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{178D4E6A-BA5A-4ECB-8521-F7B8393FDB97}"= C:\WINDOWS\System32\awtqrpn.dll [2007-10-02 15:30 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqrpn] awtqrpn.dll 2007-10-02 15:30 36352 C:\WINDOWS\system32\awtqrpn.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\System32\ssqpp.dll R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\System32\Drivers\SSFS0BB8.SYS S3 NaiFiltr;NaiFiltr;C:\WINDOWS\System32\DRIVERS\NaiFiltr.sys Newly Created Service - ALG Newly Created Service - IPNAT Newly Created Service - SHAREDACCESS . Contents of the 'Scheduled Tasks' folder "2007-10-04 04:00:00 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\System32\simYr384.exe "2007-08-26 13:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\System32\simYr384.exe "2007-08-26 14:00:00 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-01 15:00:00 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-05 16:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-01 17:00:00 C:\WINDOWS\Tasks\At14.job" "2007-10-01 18:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-03 19:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 20:00:00 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 21:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 22:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 05:00:00 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 23:00:00 C:\WINDOWS\Tasks\At20.job" "2007-10-05 00:00:00 C:\WINDOWS\Tasks\At21.job" "2007-10-05 01:00:00 C:\WINDOWS\Tasks\At22.job" "2007-10-05 02:00:00 C:\WINDOWS\Tasks\At23.job" "2007-10-05 03:00:00 C:\WINDOWS\Tasks\At24.job" "2007-10-04 06:00:00 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-04 07:00:00 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\System32\simYr384.exe "2007-09-15 08:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\System32\simYr384.exe "2007-09-06 09:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\System32\simYr384.exe "2007-09-03 10:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\System32\simYr384.exe "2007-09-03 11:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\System32\simYr384.exe "2007-09-03 12:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\System32\simYr384.exe "2007-10-05 16:47:01 C:\WINDOWS\Tasks\McAfee.com Update Check (NEW-HARVEST-Owner).job" - C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-05 12:44:13 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-05 12:49:27 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-10-05 12:48 . --- E O F ---