|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
08-09-2007, 05:13 PM
|
#1 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 11
OS: xp
|
Constant pop ups- vundo, winfixer, generic AdClicker.d
I followed all five steps and have done everything you asked here is everything you wanted. Thank you so much, Josh
Vundo trojan Found in xoftspyse: [/b][/b][/b] REGKEY_FOUND" data="software\microsoft\juan" system-message="Only part of a ReadProcessMemory or WriteProcessMemory request was completed." malwareName="Vundo Trojan" /> Winfixer Foundin Mcafee: C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\YTWZ6P6X\WinAntiVirusPro2007FreeInstall[1].cab Generic AdClicker.d trojan Found in Mcafee: c:\documents and settings\jason\local settings\temporary internet files\content.ie5\s9k78v4n\masiyxanidi[1] Panda Activescan: Incident Status Location Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@drivecleaner[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Cookies\jason@errorsafe[1].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Jason\Cookies\jason@stats1.reliablestats[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Jason\Cookies\jason@statse.webtrendslive[1].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Jason\Cookies\jason@systemdoctor[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Jason\Cookies\jason@winantispyware[2].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Jason\Cookies\jason@winantivirus[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.errorsafe[1].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.systemdoctor[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.winantiviruspro[1].txt Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Jason\Desktop\SmitfraudFix\restart.exe Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\WP278XMV\ErrorSafeFreeInstallW[1].cab[UERS_9999_N91S1502NetInstaller.exe] Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\YTWZ6P6X\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.exe] Adware:Adware/WinAntivirus2006 Not disinfected C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\YTWZ6P6X\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.inf] Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Jason\My Documents\SmitfraudFix\restart.exe Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dc23.txt Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dc24.txt Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dc26.txt Spyware:Cookie/Winantivirus Not disinfected C:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dc6.txt Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\tgmwsgkr.exe Spyware:Cookie/2o7 Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@2o7[1].txt Spyware:Cookie/Advertising Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@advertising[2].txt Spyware:Cookie/Atlas DMT Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@atwola[1].txt Spyware:Cookie/CentrPort Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@centrport[2].txt Spyware:Cookie/DomainSponsor Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@domainsponsor[1].txt Spyware:Cookie/Doubleclick Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@doubleclick[2].txt Spyware:Cookie/FastClick Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@fastclick[2].txt Spyware:Cookie/DomainSponsor Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@landing.domainsponsor[1].txt Spyware:Cookie/QuestionMarket Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@questionmarket[1].txt Spyware:Cookie/Advertising Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@servedby.advertising[2].txt Spyware:Cookie/Tradedoubler Not disinfected D:\Documents and Settings\MIKE & MICHELLE\Application Data\Earthlink\6.0\mmczolgosz@earthlink.net\Cookies\mike & michelle@tradedoubler[1].txt Spyware:Spyware/PeoplePC Not disinfected D:\Program Files\ISP50\Bin\RAS.DLL Spyware:Cookie/YieldManager Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd10.txt Spyware:Cookie/Advertising Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd15.txt Spyware:Cookie/Apmebf Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd19.txt Spyware:Cookie/Atlas DMT Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd20.txt Spyware:Cookie/Atwola Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd21.txt Spyware:Cookie/Belnk Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd25.txt Spyware:Cookie/Bluestreak Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd26.txt Spyware:Cookie/BurstNet Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd28.txt Spyware:Cookie/Casalemedia Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd29.txt Spyware:Cookie/CentrPort Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd30.txt Spyware:Cookie/Bridgetrack Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd32.txt Spyware:Cookie/Belnk Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd36.txt Spyware:Cookie/Doubleclick Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd37.txt Spyware:Cookie/Adserver Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd5.txt Spyware:Cookie/Mediaplex Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd50.txt Spyware:Cookie/Zedo Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd6.txt Spyware:Cookie/QkSrv Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd61.txt Spyware:Cookie/QuestionMarket Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd62.txt Spyware:Cookie/Advertising Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd72.txt Spyware:Cookie/WebtrendsLive Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd74.txt Spyware:Cookie/Traffic Marketplace Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd75.txt Spyware:Cookie/BurstBeacon Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd79.txt Spyware:Cookie/2o7 Not disinfected D:\RECYCLER\S-1-5-21-484763869-117609710-725345543-1004\Dd93.txt Deckards Scan: Deckard's System Scanner v20070807.62 Run by Jason on 2007-08-09 at 18:04:43 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 3 Restore Point(s) -- 3: 2007-08-10 01:04:48 UTC - RP3 - Deckard's System Scanner Restore Point 2: 2007-08-10 00:37:03 UTC - RP2 - Installed Windows XP Service Pack 1. 1: 2007-08-09 20:27:18 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 511 MiB (512 MiB recommended). -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of HijackThis v1.99.1 Scan saved at 2007-08-09 18:08:25 Platform: Windows XP Service Pack 1 (5.01.2600) MSIE: Internet Explorer (6.00.2800.1106) Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\vmhkyoad.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\McAfee\MSC\mcmscsvc.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\Program Files\McAfee\VirusScan\mcods.exe C:\Program Files\McAfee\MSC\mcpromgr.exe C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe C:\Program Files\McAfee\VirusScan\Mcshield.exe C:\Program Files\McAfee\VirusScan\mcsysmon.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\McAfee\MSC\mcuimgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Jason\My Documents\dss.exe C:\Program Files\McAfee\MPF\MC\MpfAlert.exe C:\Program Files\support.com\bin\tgcmd.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://winantispyware.com/download/2...ax=0&ex=0&ed=0 R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ O2 - BHO: (no name) - 0=˜ - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {37188E3E-BB99-4B8C-8EC1-1A5B476929F8} - C:\WINDOWS\system32\jkhff.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\kegcaoxr.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O2 - BHO: (no name) - °<˜ - (no file) O2 - BHO: (no name) - à<˜ - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKEY_LOCAL_MACHINE\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKEY_LOCAL_MACHINE\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKEY_LOCAL_MACHINE\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\kxwskhbb.dll",forkonce O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\Jason\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\Jason\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\Mansion.exe O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\Mansion.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...92/mcfscan.cab O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\System32\WRLogonNTF.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\vmhkyoad.exe /service O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe -- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - "regedit.exe" "%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 SSI - c:\windows\system32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 aawservice (Ad-Aware 2007 Service) - c:\program files\lavasoft\ad-aware 2007\aawservice.exe <Not Verified; Lavasoft AB; Ad-Aware 2007 Service> R2 DomainService - c:\windows\system32\vmhkyoad.exe /service <Not Verified; ; DDC> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: Description: PCI Modem Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&37725873&0&48F0 Manufacturer: Name: PCI Modem PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&37725873&0&48F0 Service: -- Scheduled Tasks ------------------------------------------------------------- 2007-08-09 17:00:53 448 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job 2007-08-09 17:00:14 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job 2007-08-09 03:00:39 372 --a------ C:\WINDOWS\Tasks\RegCure.job 2007-08-08 20:48:32 360 --a------ C:\WINDOWS\Tasks\XoftSpySE.job 2007-08-02 22:58:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-08-01 01:00:08 352 --a------ C:\WINDOWS\Tasks\McQcTask.job 2007-05-15 01:11:13 350 --a------ C:\WINDOWS\Tasks\McDefragTask.job -- Files created between 2007-07-09 and 2007-08-09 ----------------------------- 2007-08-09 18:00:49 125504 --a------ C:\WINDOWS\System32\kxwskhbb.dll 2007-08-09 17:57:43 75328 --a------ C:\WINDOWS\System32\ihhbthsj.exe <Not Verified; ; DDC> 2007-08-09 17:43:38 0 d-------- C:\WINDOWS\ServicePackFiles 2007-08-09 17:43:38 0 d-------- C:\WINDOWS\ehome 2007-08-09 17  23 0 d-------- C:\Program Files\SpywareBlaster2007-08-09 16:24:30 0 d-------- C:\ie-spyad 2007-08-09 16:20:08 118784 --a------ C:\WINDOWS\System32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library> 2007-08-09 13:25:55 125504 -----n--- C:\WINDOWS\System32\tdexphvk.dll 2007-08-09 13:24:04 75328 --a------ C:\WINDOWS\System32\emfifnqs.exe <Not Verified; ; DDC> 2007-08-09 13:17:58 75328 --a------ C:\WINDOWS\System32\omddjajv.exe <Not Verified; ; DDC> 2007-08-09 13:04:44 0 d-------- C:\WINDOWS\System32\ActiveScan 2007-08-09 03:50:36 1732264 ---hs---- C:\WINDOWS\System32\ffhkj.ini2 2007-08-09 02:49:56 75328 --a------ C:\WINDOWS\System32\hcaqhhaq.exe <Not Verified; ; DDC> 2007-08-09 02:33:15 75328 --a------ C:\WINDOWS\System32\xthrqinw.exe <Not Verified; ; DDC> 2007-08-09 02:13:58 2278 --a------ C:\WINDOWS\System32\tmp.reg 2007-08-09 01:37:52 75328 --a------ C:\WINDOWS\System32\uvuwtile.exe <Not Verified; ; DDC> 2007-08-09 01:09:21 125504 --a------ C:\WINDOWS\System32\axjwysrm.dll 2007-08-09 01 05 0 d-------- C:\Documents and Settings\NetworkService\Start Menu2007-08-08 23:49:26 125504 --a------ C:\WINDOWS\System32\gldolqmr.dll 2007-08-08 23:47:59 75328 --a------ C:\WINDOWS\System32\qrdhofyc.exe <Not Verified; ; DDC> 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Templates 2007-08-08 23:33:56 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-08-08 23:33:56 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Recent 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2007-08-08 23:33:56 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\My Documents 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\Favorites 2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\Desktop 2007-08-08 23:33:56 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2007-08-08 23:33:56 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-08-08 23:33:56 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-08-08 23:23:12 0 d-------- C:\WINDOWS\pss 2007-08-08 21:47:53 125504 --a------ C:\WINDOWS\System32\fugdxpgl.dll 2007-08-08 21:41:51 75328 --a------ C:\WINDOWS\System32\vcacahty.exe <Not Verified; ; DDC> 2007-08-08 19:46:42 125504 --a------ C:\WINDOWS\System32\tqofsvpl.dll 2007-08-08 19:44:32 0 d-------- C:\Program Files\RegCure 2007-08-08 19:43:42 75328 --a------ C:\WINDOWS\System32\lojcvksf.exe <Not Verified; ; DDC> 2007-08-08 18:41:04 0 d-------- C:\Program Files\XoftSpySE 2007-08-08 18:37:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2007-08-08 18:35:54 0 d-------- C:\Documents and Settings\Jason\Application Data\GetRightToGo 2007-08-08 18:32:17 0 d-------- C:\Program Files\CyberScrub AntiVirus 2007-08-08 18:32:17 0 d-------- C:\Program Files\Common Files\Kaspersky Lab 2007-08-08 16:28:19 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-08-08 16:28:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-08-08 15:10:22 125504 --a------ C:\WINDOWS\System32\knkpypbd.dll 2007-08-08 15:09:32 75328 --a------ C:\WINDOWS\System32\gxwtlscd.exe <Not Verified; ; DDC> 2007-08-08 13:54:53 0 d-------- C:\Program Files\Lavasoft 2007-08-08 13:54:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-08-08 12:05:20 125504 --a------ C:\WINDOWS\System32\lnirkesd.dll 2007-08-08 12:05:10 75328 --a------ C:\WINDOWS\System32\vmhkyoad.exe <Not Verified; ; DDC> 2007-08-08 02:05:59 125504 --a------ C:\WINDOWS\System32\abtxashc.dll 2007-08-08 00:18:26 0 d-------- C:\WINDOWS\McAfee.com 2007-08-07 23:55:29 125504 --a------ C:\WINDOWS\System32\bjimgtqx.dll 2007-08-07 20 49 0 d-------- C:\Documents and Settings\Jason\Application Data\McAfee2007-08-07 16:19:15 125504 --a------ C:\WINDOWS\System32\jsrktewc.dll 2007-08-07 16:07:55 125504 --a------ C:\WINDOWS\System32\tsvhiisd.dll 2007-08-07 15:11:49 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-08-07 15:11:31 78336 --a------ C:\WINDOWS\System32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper> 2007-08-07 15:11:30 102912 --a------ C:\WINDOWS\System32\islzma.dll 2007-08-07 15:11:18 0 d-------- C:\Program Files\Webroot 2007-08-07 15:11:18 0 d-------- C:\Documents and Settings\Jason\Application Data\Webroot 2007-08-07 13:52:13 125504 --a------ C:\WINDOWS\System32\ergmupae.dll 2007-08-07 11:46:38 125504 --a------ C:\WINDOWS\System32\pauvthax.dll 2007-08-02 11:10:19 1734762 ---hs---- C:\WINDOWS\System32\ffhkj.bak2 2007-07-31 23:33:11 69184 --a------ C:\WINDOWS\System32\kegcaoxr.dll 2007-07-31 11:23:22 1731268 ---hs---- C:\WINDOWS\System32\ffhkj.bak1 2007-07-31 11:20:44 228960 --a------ C:\WINDOWS\System32\jkhff.dll 2007-07-24 11:20:13 0 d-------- C:\Documents and Settings\Jason\Contacts 2007-07-24 11:19:12 0 d------c- C:\WINDOWS\System32\DRVSTORE 2007-07-24 11:18:50 0 d-------- C:\Program Files\MSN Messenger 2007-07-12 15:37:46 0 d-------- C:\Program Files\UBNet -- Find3M Report --------------------------------------------------------------- 2007-08-09 18:02:32 0 d-------- C:\Documents and Settings\Jason\Application Data\ComcastToolbar 2007-08-09 17:46:56 0 d-------- C:\Program Files\Messenger 2007-08-09 17:43:20 0 d-------- C:\Program Files\Movie Maker 2007-08-09 14:45:30 0 d-------- C:\Program Files\QuickTime 2007-08-09 14:39:40 0 d-------- C:\Program Files\iTunes 2007-08-09 14:34:21 0 d-------- C:\Program Files\Google 2007-08-09 14:32:48 0 d-------- C:\Program Files\ComcastToolbar 2007-08-08 21:40:16 0 d-------- C:\Program Files\Common Files 2007-08-08 18:42:58 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-08 16:41:02 0 d-------- C:\Program Files\Common Files\InstallShield 2007-08-08 13:53:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-07 19:44:30 0 d-------- C:\Program Files\Common Files\Scanner 2007-08-07 15:57:33 0 d-------- C:\Program Files\Absolute Poker Basic 2007-07-29 18:49:23 0 d-------- C:\Documents and Settings\Jason\Application Data\U3 2007-07-10 00:25:06 0 d-------- C:\Program Files\Punch! Super Home 2007-06-29 21:32:54 0 d-------- C:\Documents and Settings\Jason\Application Data\Ulead Systems 2007-06-27 22:45:55 0 d-------- C:\Program Files\MANSION 2007-06-27 10:03:37 0 d-------- C:\Program Files\Yahoo! 2007-06-26 21:57:14 0 d-------- C:\Program Files\support.com 2007-06-23 09:42:12 0 d-------- C:\Documents and Settings\Jason\Application Data\Google 2007-06-22 21:25:35 0 d-------- C:\Program Files\Image-Line 2007-06-21 11:47:37 0 d-------- C:\Program Files\McAfee -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37188E3E-BB99-4B8C-8EC1-1A5B476929F8}] 07/31/2007 11:20 AM 228960 --a------ C:\WINDOWS\System32\jkhff.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}] 07/31/2007 11:33 PM 69184 --a------ C:\WINDOWS\System32\kegcaoxr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 04:23 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 11:54 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/02/2007 04:24 PM] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [03/25/2003 10:19 PM] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [12/17/2002 12:40 PM] "Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [01/12/2004 09:40 PM] "Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [11/18/2003 06:20 PM] "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/24/2005 07:51 AM] "tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [03/07/2007 10:58 AM] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [11/16/2005 02:53 PM] "SystemOptimizer"="C:\WINDOWS\System32\kxwskhbb.dll" [08/09/2007 06:00 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="1" [] C:\Documents and Settings\Jason\Start Menu\Programs\Startup\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [5/23/2006 2:17:00 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhff] C:\WINDOWS\System32\jkhff.dll 07/31/2007 11:20 AM 228960 C:\WINDOWS\system32\jkhff.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2007-08-09 at 18:14:42 --------- |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-10-2007, 06:07 PM
|
#3 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,326
OS: N/A
|
Re: Constant pop ups- vundo, winfixer, generic AdClicker.d
1. Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe
* IMPORTANT !!! Place combofix.exe on your Desktop  2. Go to  → Run → paste in the single line command & click OK"%userprofile%\desktop\combofix.exe" /killall3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
Question - what have you done for the community today? |
|
|
|
|
08-12-2007, 05:03 PM
|
#4 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 11
OS: xp
|
Re: Constant pop ups- vundo, winfixer, generic AdClicker.d
Thanks for helping me, I ran combo fix and hjt. After running hjt the first time it then asked to update hjt so i did. I will post both hjt logs the second one is the newer version of hjt. Thanks again Josh
ComboFix 07-08-11 - "Jason" 2007-08-12 18:26:08.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.284 [GMT -7:00] Command switches used :: /killall ((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 ))))))))))))))))))))))))))))))) 2007-08-12 18:01 <DIR> d-------- C:\WINDOWS\LastGood 2007-08-12 17:29 75,328 --a------ C:\WINDOWS\system32\qwuusbxm.exe 2007-08-11 03:02 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-08-11 03:02 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-08-11 03:02 <DIR> d-------- C:\WINDOWS\system32\PreInstall 2007-08-11 01:05 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-10 14:45 75,328 --a------ C:\WINDOWS\system32\ueypaxpg.exe 2007-08-09 18:04 <DIR> d-------- C:\Deckard 2007-08-09 17:57 75,328 --a------ C:\WINDOWS\system32\ihhbthsj.exe 2007-08-09 17:46 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll 2007-08-09 17:43 921,475 --a------ C:\WINDOWS\system32\ati3d2ag.dll 2007-08-09 17:43 844,675 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2007-08-09 17:43 63,663 --a------ C:\WINDOWS\system32\drivers\atinrvxx.sys 2007-08-09 17:43 6,912 --a------ C:\WINDOWS\system32\drivers\hidir.sys 2007-08-09 17:43 56,591 --a------ C:\WINDOWS\system32\drivers\atinbtxx.sys 2007-08-09 17:43 5,120 --a------ C:\WINDOWS\system32\hccoin.dll 2007-08-09 17:43 450,176 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-08-09 17:43 403,456 --a------ C:\WINDOWS\system32\winbrand.dll 2007-08-09 17:43 377,984 --a------ C:\WINDOWS\system32\ati2dvaa.dll 2007-08-09 17:43 36,463 --a------ C:\WINDOWS\system32\drivers\atintuxx.sys 2007-08-09 17:43 34,735 --a------ C:\WINDOWS\system32\drivers\atinxsxx.sys 2007-08-09 17:43 327,040 --a------ C:\WINDOWS\system32\drivers\ati2mtaa.sys 2007-08-09 17:43 30,671 --a------ C:\WINDOWS\system32\drivers\atinraxx.sys 2007-08-09 17:43 3,584 --a------ C:\WINDOWS\system32\dsprpres.dll 2007-08-09 17:43 29,455 --a------ C:\WINDOWS\system32\drivers\atinxbxx.sys 2007-08-09 17:43 26,367 --a------ C:\WINDOWS\system32\drivers\atinsnxx.sys 2007-08-09 17:43 218,112 --a------ C:\WINDOWS\system32\sbe.dll 2007-08-09 17:43 21,343 --a------ C:\WINDOWS\system32\drivers\atinttxx.sys 2007-08-09 17:43 202,496 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-08-09 17:43 19,328 --a------ C:\WINDOWS\system32\drivers\usbehci.sys 2007-08-09 17:43 187,904 --a------ C:\WINDOWS\system32\xpsp1res.dll 2007-08-09 17:43 18,944 --a------ C:\WINDOWS\system32\faxpatch.exe 2007-08-09 17:43 172,032 --a------ C:\WINDOWS\system32\mssap.dll 2007-08-09 17:43 155,648 --a------ C:\WINDOWS\system32\encdec.dll 2007-08-09 17:43 13,056 --a------ C:\WINDOWS\system32\drivers\wacompen.sys 2007-08-09 17:43 12,288 --a------ C:\WINDOWS\system32\encapi.dll 2007-08-09 17:43 12,047 --a------ C:\WINDOWS\system32\drivers\atinpdxx.sys 2007-08-09 17:43 110,080 --a------ C:\WINDOWS\system32\sbeio.dll 2007-08-09 17:43 11,904 --a------ C:\WINDOWS\system32\drivers\mutohpen.sys 2007-08-09 17:43 11,615 --a------ C:\WINDOWS\system32\drivers\atinmdxx.sys 2007-08-09 17:43 1,677,312 --a------ C:\WINDOWS\system32\wmvcore2.dll 2007-08-09 17:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2007-08-09 17:43 <DIR> d-------- C:\WINDOWS\ehome 2007-08-09 17:42 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-08-09 17:42 94,720 --a------ C:\WINDOWS\system32\dmusic.dll 2007-08-09 17:42 91,648 --a------ C:\WINDOWS\system32\ahui.exe 2007-08-09 17:42 9,216 --a------ C:\WINDOWS\system32\icaapi.dll 2007-08-09 17:42 9,216 --a------ C:\WINDOWS\system32\dumprep.exe 2007-08-09 17:42 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll 2007-08-09 17:42 8,832 --a------ C:\WINDOWS\system32\framebuf.dll 2007-08-09 17:42 8,192 --a------ C:\WINDOWS\system32\autolfn.exe 2007-08-09 17:42 786,432 --a------ C:\WINDOWS\system32\dxdiag.exe 2007-08-09 17:42 77,312 --a------ C:\WINDOWS\system32\dmscript.dll 2007-08-09 17:42 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe 2007-08-09 17:42 76,288 --a------ C:\WINDOWS\system32\avifil32.dll 2007-08-09 17:42 74,810 --a------ C:\WINDOWS\system32\atl.dll 2007-08-09 17:42 71,680 --a------ C:\WINDOWS\system32\browsewm.dll 2007-08-09 17:42 70,656 --a------ C:\WINDOWS\system32\defrag.exe 2007-08-09 17:42 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll 2007-08-09 17:42 66,560 --a------ C:\WINDOWS\system32\faultrep.dll 2007-08-09 17:42 64,512 --a------ C:\WINDOWS\system32\ciodm.dll 2007-08-09 17:42 62,976 --a------ C:\WINDOWS\system32\browselc.dll 2007-08-09 17:42 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll 2007-08-09 17:42 61,440 --a------ C:\WINDOWS\system32\dbnetlib.dll 2007-08-09 17:42 6,656 --a------ C:\WINDOWS\system32\batt.dll 2007-08-09 17:42 59,392 --a------ C:\WINDOWS\system32\iesetup.dll 2007-08-09 17:42 59,392 --a------ C:\WINDOWS\system32\6to4svc.dll 2007-08-09 17:42 58,368 --a------ C:\WINDOWS\system32\dpvsetup.exe 2007-08-09 17:42 57,344 --a------ C:\WINDOWS\system32\dmcompos.dll 2007-08-09 17:42 56,320 --a------ C:\WINDOWS\system32\dpnhupnp.dll 2007-08-09 17:42 55,296 --a------ C:\WINDOWS\system32\digest.dll 2007-08-09 17:42 54,272 --a------ C:\WINDOWS\system32\clusapi.dll 2007-08-09 17:42 53,248 --a------ C:\WINDOWS\system32\cryptsvc.dll 2007-08-09 17:42 5,120 --a------ C:\WINDOWS\system32\asferror.dll 2007-08-09 17:42 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll 2007-08-09 17:42 49,664 --a------ C:\WINDOWS\system32\dpwsockx.dll 2007-08-09 17:42 49,152 --a------ C:\WINDOWS\system32\eventlog.dll 2007-08-09 17:42 49,152 --a------ C:\WINDOWS\system32\browser.dll 2007-08-09 17:42 471,040 --a------ C:\WINDOWS\system32\cryptui.dll 2007-08-09 17:42 45,568 --a------ C:\WINDOWS\system32\docprop2.dll 2007-08-09 17:42 41,984 --a------ C:\WINDOWS\system32\alg.exe 2007-08-09 17:42 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe 2007-08-09 17:42 380,445 --a------ C:\WINDOWS\system32\expsrv.dll 2007-08-09 17:42 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll 2007-08-09 17:42 37,888 --a------ C:\WINDOWS\system32\hhsetup.dll 2007-08-09 17:42 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll 2007-08-09 17:42 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll 2007-08-09 17:42 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-08-09 17:42 31,744 --a------ C:\WINDOWS\system32\dmloader.dll 2007-08-09 17:42 307,712 --a------ C:\WINDOWS\system32\cscui.dll 2007-08-09 17:42 29,696 --a------ C:\WINDOWS\system32\dpnhpast.dll 2007-08-09 17:42 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll 2007-08-09 17:42 266,752 --a------ C:\WINDOWS\winhlp32.exe 2007-08-09 17:42 263,680 --a------ C:\WINDOWS\system32\duser.dll 2007-08-09 17:42 263,168 --a------ C:\WINDOWS\system32\devmgr.dll 2007-08-09 17:42 26,112 --a------ C:\WINDOWS\system32\dmband.dll 2007-08-09 17:42 253,440 --a------ C:\WINDOWS\system32\ddraw.dll 2007-08-09 17:42 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll 2007-08-09 17:42 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll 2007-08-09 17:42 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-11 00:57 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\ComcastToolbar 2007-08-09 17:46 --------- d-------- C:\Program Files\Messenger 2007-08-09 17:43 --------- d-------- C:\Program Files\Movie Maker 2007-08-09 14:45 --------- d-------- C:\Program Files\QuickTime 2007-08-09 14:39 --------- d-------- C:\Program Files\iTunes 2007-08-09 14:34 --------- d-------- C:\Program Files\Google 2007-08-09 14:32 --------- d-------- C:\Program Files\ComcastToolbar 2007-08-08 18:42 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-08 16:41 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-08-08 13:53 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-07 19:44 --------- d-------- C:\Program Files\Common Files\Scanner 2007-08-07 15:57 --------- d-------- C:\Program Files\Absolute Poker Basic 2007-07-29 18:49 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\U3 2007-07-10 00:25 --------- d-------- C:\Program Files\Punch! Super Home 2007-06-29 21:32 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\Ulead Systems 2007-06-27 22:45 --------- d-------- C:\Program Files\MANSION 2007-06-27 10:03 --------- d-------- C:\Program Files\Yahoo! 2007-06-26 21:57 --------- d-------- C:\Program Files\support.com 2007-06-23 09:42 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\Google 2007-06-22 21:25 --------- d-------- C:\Program Files\Image-Line 2007-06-21 11:47 --------- d-------- C:\Program Files\McAfee ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 16:24] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-25 22:19] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40] "Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 21:40] "Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 18:20] "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51] "tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 10:58] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-11-16 14:53] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="1" [] C:\Documents and Settings\Jason\Start Menu\Programs\Startup\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2006-05-23 14:17:00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R0 SSI;SSI;C:\WINDOWS\System32\Drivers\SSI.SYS R3 ati2mpaa;ati2mpaa;C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys Contents of the 'Scheduled Tasks' folder 2007-08-10 05:58:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-05-15 08:11:13 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe 2007-08-01 08:00:08 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe 2007-08-11 00:00:06 C:\WINDOWS\Tasks\RegCure Program Check.job 2007-08-09 10:00:39 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe 2007-08-11 03:27:44 C:\WINDOWS\Tasks\XoftSpySE 2.job 2007-08-11 10:13:45 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-12 18:28:15 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-12 18:29:09 C:\ComboFix-quarantined-files.txt ... 2007-08-12 18:29 --- E O F --- Deckard's System Scanner v20070807.62 Run by Jason on 2007-08-12 at 18:50:22 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 511 MiB (512 MiB recommended). -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of HijackThis v1.99.1 Scan saved at 2007-08-12 18:50:52 Platform: Windows XP Service Pack 1 (5.01.2600) MSIE: Internet Explorer (6.00.2800.1106) Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\McAfee\MSC\mcmscsvc.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\Program Files\McAfee\VirusScan\mcods.exe C:\Program Files\McAfee\MSC\mcpromgr.exe C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe C:\Program Files\McAfee\VirusScan\Mcshield.exe C:\Program Files\McAfee\VirusScan\mcsysmon.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\McAfee\VirusScan\mcvsshld.exe C:\Documents and Settings\Jason\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://winantispyware.com/download/2...ax=0&ex=0&ed=0 R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch O2 - BHO: (no name) - 0=˜ - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O2 - BHO: (no name) - °<˜ - (no file) O2 - BHO: (no name) - à<˜ - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKEY_LOCAL_MACHINE\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKEY_LOCAL_MACHINE\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\Jason\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\Jason\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\Mansion.exe O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\Mansion.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...92/mcfscan.cab O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\System32\WRLogonNTF.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe -- Files created between 2007-07-12 and 2007-08-12 ----------------------------- 2007-08-12 18:01:10 0 d-------- C:\WINDOWS\LastGood 2007-08-12 17:29:15 75328 --a------ C:\WINDOWS\System32\qwuusbxm.exe <Not Verified; ; DDC> 2007-08-11 03:02:57 0 d-------- C:\WINDOWS\System32\PreInstall 2007-08-11 03:02:39 0 d--h----- C:\WINDOWS\$hf_mig$ 2007-08-10 14:45:26 75328 --a------ C:\WINDOWS\System32\ueypaxpg.exe <Not Verified; ; DDC> 2007-08-09 17:57:43 75328 --a------ C:\WINDOWS\System32\ihhbthsj.exe <Not Verified; ; DDC> 2007-08-09 17:43:38 0 d-------- C:\WINDOWS\ServicePackFiles 2007-08-09 17:43:38 0 d-------- C:\WINDOWS\ehome 2007-08-09 17 23 0 d-------- C:\Program Files\SpywareBlaster2007-08-09 16:24:30 0 d-------- C:\ie-spyad 2007-08-09 16:20:08 118784 --a------ C:\WINDOWS\System32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library> 2007-08-09 13:24:04 75328 --a------ C:\WINDOWS\System32\emfifnqs.exe <Not Verified; ; DDC> 2007-08-09 13:17:58 75328 --a------ C:\WINDOWS\System32\omddjajv.exe <Not Verified; ; DDC> 2007-08-09 13:04:44 0 d-------- C:\WINDOWS\System32\ActiveScan 2007-08-09 02:49:56 75328 --a------ C:\WINDOWS\System32\hcaqhhaq.exe <Not Verified; ; DDC> 2007-08-09 02:33:15 75328 --a------ C:\WINDOWS\System32\xthrqinw.exe <Not Verified; ; DDC> 2007-08-09 02:13:58 2278 --a------ C:\WINDOWS\System32\tmp.reg 2007-08-09 01:37:52 75328 --a------ C:\WINDOWS\System32\uvuwtile.exe <Not Verified; ; DDC> 2007-08-09 01 05 0 d-------- C:\Documents and Settings\NetworkService\Start Menu2007-08-08 23:47:59 75328 --a------ C:\WINDOWS\System32\qrdhofyc.exe <Not Verified; ; DDC> 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Templates 2007-08-08 23:33:56 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-08-08 23:33:56 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Recent 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2007-08-08 23:33:56 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\My Documents 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\Favorites 2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\Desktop 2007-08-08 23:33:56 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2007-08-08 23:33:56 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-08-08 23:33:56 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-08-08 23:23:12 0 d-------- C:\WINDOWS\pss 2007-08-08 21:41:51 75328 --a------ C:\WINDOWS\System32\vcacahty.exe <Not Verified; ; DDC> 2007-08-08 19:44:32 0 d-------- C:\Program Files\RegCure 2007-08-08 19:43:42 75328 --a------ C:\WINDOWS\System32\lojcvksf.exe <Not Verified; ; DDC> 2007-08-08 18:41:04 0 d-------- C:\Program Files\XoftSpySE 2007-08-08 18:37:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2007-08-08 18:35:54 0 d-------- C:\Documents and Settings\Jason\Application Data\GetRightToGo 2007-08-08 18:32:17 0 d-------- C:\Program Files\CyberScrub AntiVirus 2007-08-08 18:32:17 0 d-------- C:\Program Files\Common Files\Kaspersky Lab 2007-08-08 16:28:19 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-08-08 16:28:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-08-08 15:09:32 75328 --a------ C:\WINDOWS\System32\gxwtlscd.exe <Not Verified; ; DDC> 2007-08-08 13:54:53 0 d-------- C:\Program Files\Lavasoft 2007-08-08 13:54:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-08-08 12:05:10 75328 --a------ C:\WINDOWS\System32\vmhkyoad.exe <Not Verified; ; DDC> 2007-08-08 00:18:26 0 d-------- C:\WINDOWS\McAfee.com 2007-08-07 20 49 0 d-------- C:\Documents and Settings\Jason\Application Data\McAfee2007-08-07 15:11:49 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-08-07 15:11:31 78336 --a------ C:\WINDOWS\System32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper> 2007-08-07 15:11:30 102912 --a------ C:\WINDOWS\System32\islzma.dll 2007-08-07 15:11:18 0 d-------- C:\Program Files\Webroot 2007-08-07 15:11:18 0 d-------- C:\Documents and Settings\Jason\Application Data\Webroot 2007-07-24 11:20:13 0 d-------- C:\Documents and Settings\Jason\Contacts 2007-07-24 11:19:12 0 d------c- C:\WINDOWS\System32\DRVSTORE 2007-07-24 11:18:50 0 d-------- C:\Program Files\MSN Messenger 2007-07-12 15:37:46 0 d-------- C:\Program Files\UBNet -- Find3M Report --------------------------------------------------------------- 2007-08-12 18:48:21 0 d-------- C:\Documents and Settings\Jason\Application Data\ComcastToolbar 2007-08-09 17:46:56 0 d-------- C:\Program Files\Messenger 2007-08-09 17:43:20 0 d-------- C:\Program Files\Movie Maker 2007-08-09 14:45:30 0 d-------- C:\Program Files\QuickTime 2007-08-09 14:39:40 0 d-------- C:\Program Files\iTunes 2007-08-09 14:34:21 0 d-------- C:\Program Files\Google 2007-08-09 14:32:48 0 d-------- C:\Program Files\ComcastToolbar 2007-08-08 21:40:16 0 d-------- C:\Program Files\Common Files 2007-08-08 18:42:58 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-08 16:41:02 0 d-------- C:\Program Files\Common Files\InstallShield 2007-08-08 13:53:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-07 19:44:30 0 d-------- C:\Program Files\Common Files\Scanner 2007-08-07 15:57:33 0 d-------- C:\Program Files\Absolute Poker Basic 2007-07-29 18:49:23 0 d-------- C:\Documents and Settings\Jason\Application Data\U3 2007-07-10 00:25:06 0 d-------- C:\Program Files\Punch! Super Home 2007-06-29 21:32:54 0 d-------- C:\Documents and Settings\Jason\Application Data\Ulead Systems 2007-06-27 22:45:55 0 d-------- C:\Program Files\MANSION 2007-06-27 10:03:37 0 d-------- C:\Program Files\Yahoo! 2007-06-26 21:57:14 0 d-------- C:\Program Files\support.com 2007-06-23 09:42:12 0 d-------- C:\Documents and Settings\Jason\Application Data\Google 2007-06-22 21:25:35 0 d-------- C:\Program Files\Image-Line 2007-06-21 11:47:37 0 d-------- C:\Program Files\McAfee -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 04:23 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 11:54 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/02/2007 04:24 PM] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [03/25/2003 10:19 PM] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [12/17/2002 12:40 PM] "Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [01/12/2004 09:40 PM] "Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [11/18/2003 06:20 PM] "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/24/2005 07:51 AM] "tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [03/07/2007 10:58 AM] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [11/16/2005 02:53 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="1" [] C:\Documents and Settings\Jason\Start Menu\Programs\Startup\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [5/23/2006 2:17:00 PM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2007-08-12 at 18:53:22 --------- Deckard's System Scanner v20070807.62 Run by Jason on 2007-08-12 at 18:53:52 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 511 MiB (512 MiB recommended). -- HijackThis (run as Jason.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:56:51 PM, on 8/12/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\notepad.exe C:\Documents and Settings\Jason\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Jason.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://winantispyware.com/download/2...ax=0&ex=0&ed=0 O2 - BHO: (no name) - 0=˜ - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O2 - BHO: (no name) - °<˜ - (no file) O2 - BHO: (no name) - à<˜ - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\Jason\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\Jason\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\MANSION.exe O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\MANSION.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...92/mcfscan.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe -- End of file - 6978 bytes -- Files created between 2007-07-12 and 2007-08-12 ----------------------------- 2007-08-12 18:54:22 0 d-------- C:\Program Files\Trend Micro 2007-08-12 18:01:10 0 d-------- C:\WINDOWS\LastGood 2007-08-12 17:29:15 75328 --a------ C:\WINDOWS\System32\qwuusbxm.exe <Not Verified; ; DDC> 2007-08-11 03:02:57 0 d-------- C:\WINDOWS\System32\PreInstall 2007-08-11 03:02:39 0 d--h----- C:\WINDOWS\$hf_mig$ 2007-08-10 14:45:26 75328 --a------ C:\WINDOWS\System32\ueypaxpg.exe <Not Verified; ; DDC> 2007-08-09 17:57:43 75328 --a------ C:\WINDOWS\System32\ihhbthsj.exe <Not Verified; ; DDC> 2007-08-09 17:43:38 0 d-------- C:\WINDOWS\ServicePackFiles 2007-08-09 17:43:38 0 d-------- C:\WINDOWS\ehome 2007-08-09 17 23 0 d-------- C:\Program Files\SpywareBlaster2007-08-09 16:24:30 0 d-------- C:\ie-spyad 2007-08-09 16:20:08 118784 --a------ C:\WINDOWS\System32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library> 2007-08-09 13:24:04 75328 --a------ C:\WINDOWS\System32\emfifnqs.exe <Not Verified; ; DDC> 2007-08-09 13:17:58 75328 --a------ C:\WINDOWS\System32\omddjajv.exe <Not Verified; ; DDC> 2007-08-09 13:04:44 0 d-------- C:\WINDOWS\System32\ActiveScan 2007-08-09 02:49:56 75328 --a------ C:\WINDOWS\System32\hcaqhhaq.exe <Not Verified; ; DDC> 2007-08-09 02:33:15 75328 --a------ C:\WINDOWS\System32\xthrqinw.exe <Not Verified; ; DDC> 2007-08-09 02:13:58 2278 --a------ C:\WINDOWS\System32\tmp.reg 2007-08-09 01:37:52 75328 --a------ C:\WINDOWS\System32\uvuwtile.exe <Not Verified; ; DDC> 2007-08-09 01 05 0 d-------- C:\Documents and Settings\NetworkService\Start Menu2007-08-08 23:47:59 75328 --a------ C:\WINDOWS\System32\qrdhofyc.exe <Not Verified; ; DDC> 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Templates 2007-08-08 23:33:56 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-08-08 23:33:56 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Recent 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2007-08-08 23:33:56 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\My Documents 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\Favorites 2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\Desktop 2007-08-08 23:33:56 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2007-08-08 23:33:56 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-08-08 23:33:56 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-08-08 23:23:12 0 d-------- C:\WINDOWS\pss 2007-08-08 21:41:51 75328 --a------ C:\WINDOWS\System32\vcacahty.exe <Not Verified; ; DDC> 2007-08-08 19:44:32 0 d-------- C:\Program Files\RegCure 2007-08-08 19:43:42 75328 --a------ C:\WINDOWS\System32\lojcvksf.exe <Not Verified; ; DDC> 2007-08-08 18:41:04 0 d-------- C:\Program Files\XoftSpySE 2007-08-08 18:37:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2007-08-08 18:35:54 0 d-------- C:\Documents and Settings\Jason\Application Data\GetRightToGo 2007-08-08 18:32:17 0 d-------- C:\Program Files\CyberScrub AntiVirus 2007-08-08 18:32:17 0 d-------- C:\Program Files\Common Files\Kaspersky Lab 2007-08-08 16:28:19 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-08-08 16:28:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-08-08 15:09:32 75328 --a------ C:\WINDOWS\System32\gxwtlscd.exe <Not Verified; ; DDC> 2007-08-08 13:54:53 0 d-------- C:\Program Files\Lavasoft 2007-08-08 13:54:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-08-08 12:05:10 75328 --a------ C:\WINDOWS\System32\vmhkyoad.exe <Not Verified; ; DDC> 2007-08-08 00:18:26 0 d-------- C:\WINDOWS\McAfee.com 2007-08-07 20 49 0 d-------- C:\Documents and Settings\Jason\Application Data\McAfee2007-08-07 15:11:49 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-08-07 15:11:31 78336 --a------ C:\WINDOWS\System32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper> 2007-08-07 15:11:30 102912 --a------ C:\WINDOWS\System32\islzma.dll 2007-08-07 15:11:18 0 d-------- C:\Program Files\Webroot 2007-08-07 15:11:18 0 d-------- C:\Documents and Settings\Jason\Application Data\Webroot 2007-07-24 11:20:13 0 d-------- C:\Documents and Settings\Jason\Contacts 2007-07-24 11:19:12 0 d------c- C:\WINDOWS\System32\DRVSTORE 2007-07-24 11:18:50 0 d-------- C:\Program Files\MSN Messenger 2007-07-12 15:37:46 0 d-------- C:\Program Files\UBNet -- Find3M Report --------------------------------------------------------------- 2007-08-12 18:48:21 0 d-------- C:\Documents and Settings\Jason\Application Data\ComcastToolbar 2007-08-09 17:46:56 0 d-------- C:\Program Files\Messenger 2007-08-09 17:43:20 0 d-------- C:\Program Files\Movie Maker 2007-08-09 14:45:30 0 d-------- C:\Program Files\QuickTime 2007-08-09 14:39:40 0 d-------- C:\Program Files\iTunes 2007-08-09 14:34:21 0 d-------- C:\Program Files\Google 2007-08-09 14:32:48 0 d-------- C:\Program Files\ComcastToolbar 2007-08-08 21:40:16 0 d-------- C:\Program Files\Common Files 2007-08-08 18:42:58 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-08 16:41:02 0 d-------- C:\Program Files\Common Files\InstallShield 2007-08-08 13:53:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-07 19:44:30 0 d-------- C:\Program Files\Common Files\Scanner 2007-08-07 15:57:33 0 d-------- C:\Program Files\Absolute Poker Basic 2007-07-29 18:49:23 0 d-------- C:\Documents and Settings\Jason\Application Data\U3 2007-07-10 00:25:06 0 d-------- C:\Program Files\Punch! Super Home 2007-06-29 21:32:54 0 d-------- C:\Documents and Settings\Jason\Application Data\Ulead Systems 2007-06-27 22:45:55 0 d-------- C:\Program Files\MANSION 2007-06-27 10:03:37 0 d-------- C:\Program Files\Yahoo! 2007-06-26 21:57:14 0 d-------- C:\Program Files\support.com 2007-06-23 09:42:12 0 d-------- C:\Documents and Settings\Jason\Application Data\Google 2007-06-22 21:25:35 0 d-------- C:\Program Files\Image-Line 2007-06-21 11:47:37 0 d-------- C:\Program Files\McAfee -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 04:23 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 11:54 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/02/2007 04:24 PM] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [03/25/2003 10:19 PM] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [12/17/2002 12:40 PM] "Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [01/12/2004 09:40 PM] "Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [11/18/2003 06:20 PM] "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/24/2005 07:51 AM] "tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [03/07/2007 10:58 AM] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [11/16/2005 02:53 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="1" [] C:\Documents and Settings\Jason\Start Menu\Programs\Startup\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [5/23/2006 2:17:00 PM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2007-08-12 at 18:57:43 --------- |
|
|
|
|
08-12-2007, 05:10 PM
|
#5 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,326
OS: N/A
|
Re: Constant pop ups- vundo, winfixer, generic AdClicker.d
Do a HijackThis scan & place a check next to these items and select "Fix checked":
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://winantispyware.com/download/2...ax=0&ex=0&ed=0 O2 - BHO: (no name) - 0=~ - (no file) O2 - BHO: (no name) - ø<~ - (no file) O2 - BHO: (no name) - …<~ - (no file) O4 - HKCU\..\Run: [Yahoo! Pager] 1 --------------- Open notepad and copy/paste the text in the quotebox below into it: Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/173270-constant-pop-ups-vundo-winfixer-generic-adclicker-d.html Collect:: C:\WINDOWS\system32\qwuusbxm.exe C:\WINDOWS\system32\ueypaxpg.exe C:\WINDOWS\system32\ihhbthsj.exe  Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip Please submit this file before proceeding to the next step. --------------- Click here perform an online scan >> Online Scanner --------------- In your next post, please include fresh logs from:
__________________
Question - what have you done for the community today? |
|
|
|
|
08-12-2007, 06:27 PM
|
#6 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 11
OS: xp
|
Re: Constant pop ups- vundo, winfixer, generic AdClicker.d
I tried to do hjt scan to place a check to those items. But when it is doing the scan it stops at trusted zone enumeration. Then the program doen't respond. thanks josh
|
|
|
|
|
08-12-2007, 06:28 PM
|
#7 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,326
OS: N/A
|
Re: Constant pop ups- vundo, winfixer, generic AdClicker.d
Give it some time. It only appears to have stalled.
__________________
Question - what have you done for the community today? |
|
|
|
|
08-12-2007, 06:41 PM
|
#8 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 11
OS: xp
|
Re: Constant pop ups- vundo, winfixer, generic AdClicker.d
I have done this numerous times and it still stops on trusted zone enumeration. Before when i would get a log i would run dss.exe and it would give me the hjt log. This is the first time i have clicked on hjt as a desktop item to run a scan and it keeps doing the same thing. Any ideas? thanks josh
|
|
|
|
|
08-12-2007, 06:42 PM
|
#9 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,326
OS: N/A
|
Re: Constant pop ups- vundo, winfixer, generic AdClicker.d
In that case, skip HJT for the moment. I'll try working around it in the next pass
__________________
Question - what have you done for the community today? |
|
|
|
|
08-12-2007, 07:15 PM
|
#10 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 11
OS: xp
|
Re: Constant pop ups- vundo, winfixer, generic AdClicker.d
i ran the combo fix and submitted the maleware to bleeping computer. The filepath is:C:\DOCUME~1\Jason\Desktop.\[4]-Submit_2007-08-12_205152.07.zip
When I tried to click on the online scan nothing happened. This is catch me Log: file zipped: C:\WINDOWS\system32\qwuusbxm.exe -> catchme.zip -> qwuusbxm.exe ( 75328 bytes ) file "C:\WINDOWS\system32\qwuusbxm.exe" replaced successfully file zipped: C:\WINDOWS\system32\ueypaxpg.exe -> catchme.zip -> ueypaxpg.exe ( 75328 bytes ) file "C:\WINDOWS\system32\ueypaxpg.exe" replaced successfully file zipped: C:\WINDOWS\system32\ihhbthsj.exe -> catchme.zip -> ihhbthsj.exe ( 75328 bytes ) file "C:\WINDOWS\system32\ihhbthsj.exe" replaced successfully http://www.techsupportforum.com/secu...clicker-d.html Deckard's System Scanner v20070807.62 Run by Jason on 2007-08-12 at 21:14:13 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 511 MiB (512 MiB recommended). -- HijackThis (run as Jason.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 9:16:43 PM, on 8/12/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Support.com\bin\tgcmd.exe c:\program files\mcafee\msc\mcuimgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Jason\Desktop\dss.exe C:\DOCUME~1\Jason\Desktop\Jason.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://winantispyware.com/download/2...ax=0&ex=0&ed=0 O2 - BHO: (no name) - 0=˜ - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O2 - BHO: (no name) - °<˜ - (no file) O2 - BHO: (no name) - à<˜ - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\Jason\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\Jason\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\MANSION.exe O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\MANSION.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...92/mcfscan.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe -- Files created between 2007-07-12 and 2007-08-12 ----------------------------- 2007-08-12 18:54:22 0 d-------- C:\Program Files\Trend Micro 2007-08-11 03:02:57 0 d-------- C:\WINDOWS\System32\PreInstall 2007-08-11 03:02:39 0 d--h----- C:\WINDOWS\$hf_mig$ 2007-08-09 17:43:38 0 d-------- C:\WINDOWS\ServicePackFiles 2007-08-09 17:43:38 0 d-------- C:\WINDOWS\ehome 2007-08-09 17 23 0 d-------- C:\Program Files\SpywareBlaster2007-08-09 16:24:30 0 d-------- C:\ie-spyad 2007-08-09 16:20:08 118784 --a------ C:\WINDOWS\System32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library> 2007-08-09 13:24:04 75328 --a------ C:\WINDOWS\System32\emfifnqs.exe <Not Verified; ; DDC> 2007-08-09 13:17:58 75328 --a------ C:\WINDOWS\System32\omddjajv.exe <Not Verified; ; DDC> 2007-08-09 13:04:44 0 d-------- C:\WINDOWS\System32\ActiveScan 2007-08-09 02:49:56 75328 --a------ C:\WINDOWS\System32\hcaqhhaq.exe <Not Verified; ; DDC> 2007-08-09 02:33:15 75328 --a------ C:\WINDOWS\System32\xthrqinw.exe <Not Verified; ; DDC> 2007-08-09 02:13:58 2278 --a------ C:\WINDOWS\System32\tmp.reg 2007-08-09 01:37:52 75328 --a------ C:\WINDOWS\System32\uvuwtile.exe <Not Verified; ; DDC> 2007-08-09 01 05 0 d-------- C:\Documents and Settings\NetworkService\Start Menu2007-08-08 23:47:59 75328 --a------ C:\WINDOWS\System32\qrdhofyc.exe <Not Verified; ; DDC> 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Templates 2007-08-08 23:33:56 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-08-08 23:33:56 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Recent 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2007-08-08 23:33:56 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\My Documents 2007-08-08 23:33:56 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\Favorites 2007-08-08 23:33:56 0 d-------- C:\Documents and Settings\Administrator\Desktop 2007-08-08 23:33:56 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2007-08-08 23:33:56 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-08-08 23:33:56 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-08-08 23:23:12 0 d-------- C:\WINDOWS\pss 2007-08-08 21:41:51 75328 --a------ C:\WINDOWS\System32\vcacahty.exe <Not Verified; ; DDC> 2007-08-08 19:44:32 0 d-------- C:\Program Files\RegCure 2007-08-08 19:43:42 75328 --a------ C:\WINDOWS\System32\lojcvksf.exe <Not Verified; ; DDC> 2007-08-08 18:41:04 0 d-------- C:\Program Files\XoftSpySE 2007-08-08 18:37:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2007-08-08 18:35:54 0 d-------- C:\Documents and Settings\Jason\Application Data\GetRightToGo 2007-08-08 18:32:17 0 d-------- C:\Program Files\CyberScrub AntiVirus 2007-08-08 18:32:17 0 d-------- C:\Program Files\Common Files\Kaspersky Lab 2007-08-08 16:28:19 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-08-08 16:28:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-08-08 15:09:32 75328 --a------ C:\WINDOWS\System32\gxwtlscd.exe <Not Verified; ; DDC> 2007-08-08 13:54:53 0 d-------- C:\Program Files\Lavasoft 2007-08-08 13:54:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-08-08 12:05:10 75328 --a------ C:\WINDOWS\System32\vmhkyoad.exe <Not Verified; ; DDC> 2007-08-08 00:18:26 0 d-------- C:\WINDOWS\McAfee.com 2007-08-07 20 49 0 d-------- C:\Documents and Settings\Jason\Application Data\McAfee2007-08-07 15:11:49 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-08-07 15:11:31 78336 --a------ C:\WINDOWS\System32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper> 2007-08-07 15:11:30 102912 --a------ C:\WINDOWS\System32\islzma.dll 2007-08-07 15:11:18 0 d-------- C:\Program Files\Webroot 2007-08-07 15:11:18 0 d-------- C:\Documents and Settings\Jason\Application Data\Webroot 2007-07-24 11:20:13 0 d-------- C:\Documents and Settings\Jason\Contacts 2007-07-24 11:19:12 0 d------c- C:\WINDOWS\System32\DRVSTORE 2007-07-24 11:18:50 0 d-------- C:\Program Files\MSN Messenger 2007-07-12 15:37:46 0 d-------- C:\Program Files\UBNet -- Find3M Report --------------------------------------------------------------- 2007-08-12 20:57:05 0 d-------- C:\Documents and Settings\Jason\Application Data\ComcastToolbar 2007-08-09 17:46:56 0 d-------- C:\Program Files\Messenger 2007-08-09 17:43:20 0 d-------- C:\Program Files\Movie Maker 2007-08-09 14:45:30 0 d-------- C:\Program Files\QuickTime 2007-08-09 14:39:40 0 d-------- C:\Program Files\iTunes 2007-08-09 14:34:21 0 d-------- C:\Program Files\Google 2007-08-09 14:32:48 0 d-------- C:\Program Files\ComcastToolbar 2007-08-08 21:40:16 0 d-------- C:\Program Files\Common Files 2007-08-08 18:42:58 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-08 16:41:02 0 d-------- C:\Program Files\Common Files\InstallShield 2007-08-08 13:53:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-07 19:44:30 0 d-------- C:\Program Files\Common Files\Scanner 2007-08-07 15:57:33 0 d-------- C:\Program Files\Absolute Poker Basic 2007-07-29 18:49:23 0 d-------- C:\Documents and Settings\Jason\Application Data\U3 2007-07-10 00:25:06 0 d-------- C:\Program Files\Punch! Super Home 2007-06-29 21:32:54 0 d-------- C:\Documents and Settings\Jason\Application Data\Ulead Systems 2007-06-27 22:45:55 0 d-------- C:\Program Files\MANSION 2007-06-27 10:03:37 0 d-------- C:\Program Files\Yahoo! 2007-06-26 21:57:14 0 d-------- C:\Program Files\support.com 2007-06-23 09:42:12 0 d-------- C:\Documents and Settings\Jason\Application Data\Google 2007-06-22 21:25:35 0 d-------- C:\Program Files\Image-Line 2007-06-21 11:47:37 0 d-------- C:\Program Files\McAfee -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 04:23 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 11:54 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/02/2007 04:24 PM] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [03/25/2003 10:19 PM] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [12/17/2002 12:40 PM] "Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [01/12/2004 09:40 PM] "Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [11/18/2003 06:20 PM] "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/24/2005 07:51 AM] "tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [03/07/2007 10:58 AM] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [11/16/2005 02:53 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="1" [] C:\Documents and Settings\Jason\Start Menu\Programs\Startup\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [5/23/2006 2:17:00 PM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2007-08-12 at 21:17:45 --------- ComboFix 07-08-11 - "Jason" 2007-08-12 20:51:55.7 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.269 [GMT -7:00] Command switches used :: C:\Documents and Settings\Jason\Desktop\CFScript.txt * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ihhbthsj.exe C:\WINDOWS\system32\qwuusbxm.exe C:\WINDOWS\system32\ueypaxpg.exe ((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 ))))))))))))))))))))))))))))))) 2007-08-12 18:54 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-11 03:02 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-08-11 03:02 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-08-11 03:02 <DIR> d-------- C:\WINDOWS\system32\PreInstall 2007-08-11 01:05 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-09 18:04 <DIR> d-------- C:\Deckard 2007-08-09 17:46 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll 2007-08-09 17:43 921,475 --a------ C:\WINDOWS\system32\ati3d2ag.dll 2007-08-09 17:43 844,675 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2007-08-09 17:43 63,663 --a------ C:\WINDOWS\system32\drivers\atinrvxx.sys 2007-08-09 17:43 6,912 --a------ C:\WINDOWS\system32\drivers\hidir.sys 2007-08-09 17:43 56,591 --a------ C:\WINDOWS\system32\drivers\atinbtxx.sys 2007-08-09 17:43 5,120 --a------ C:\WINDOWS\system32\hccoin.dll 2007-08-09 17:43 450,176 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-08-09 17:43 403,456 --a------ C:\WINDOWS\system32\winbrand.dll 2007-08-09 17:43 377,984 --a------ C:\WINDOWS\system32\ati2dvaa.dll 2007-08-09 17:43 36,463 --a------ C:\WINDOWS\system32\drivers\atintuxx.sys 2007-08-09 17:43 34,735 --a------ C:\WINDOWS\system32\drivers\atinxsxx.sys 2007-08-09 17:43 327,040 --a------ C:\WINDOWS\system32\drivers\ati2mtaa.sys 2007-08-09 17:43 30,671 --a------ C:\WINDOWS\system32\drivers\atinraxx.sys 2007-08-09 17:43 3,584 --a------ C:\WINDOWS\system32\dsprpres.dll 2007-08-09 17:43 29,455 --a------ C:\WINDOWS\system32\drivers\atinxbxx.sys 2007-08-09 17:43 26,367 --a------ C:\WINDOWS\system32\drivers\atinsnxx.sys 2007-08-09 17:43 218,112 --a------ C:\WINDOWS\system32\sbe.dll 2007-08-09 17:43 21,343 --a------ C:\WINDOWS\system32\drivers\atinttxx.sys 2007-08-09 17:43 202,496 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-08-09 17:43 19,328 --a------ C:\WINDOWS\system32\drivers\usbehci.sys 2007-08-09 17:43 187,904 --a------ C:\WINDOWS\system32\xpsp1res.dll 2007-08-09 17:43 18,944 --a------ C:\WINDOWS\system32\faxpatch.exe 2007-08-09 17:43 172,032 --a------ C:\WINDOWS\system32\mssap.dll 2007-08-09 17:43 155,648 --a------ C:\WINDOWS\system32\encdec.dll 2007-08-09 17:43 13,056 --a------ C:\WINDOWS\system32\drivers\wacompen.sys 2007-08-09 17:43 12,288 --a------ C:\WINDOWS\system32\encapi.dll 2007-08-09 17:43 12,047 --a------ C:\WINDOWS\system32\drivers\atinpdxx.sys 2007-08-09 17:43 110,080 --a------ C:\WINDOWS\system32\sbeio.dll 2007-08-09 17:43 11,904 --a------ C:\WINDOWS\system32\drivers\mutohpen.sys 2007-08-09 17:43 11,615 --a------ C:\WINDOWS\system32\drivers\atinmdxx.sys 2007-08-09 17:43 1,677,312 --a------ C:\WINDOWS\system32\wmvcore2.dll 2007-08-09 17:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2007-08-09 17:43 <DIR> d-------- C:\WINDOWS\ehome 2007-08-09 17:42 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-08-09 17:42 94,720 --a------ C:\WINDOWS\system32\dmusic.dll 2007-08-09 17:42 91,648 --a------ C:\WINDOWS\system32\ahui.exe 2007-08-09 17:42 9,216 --a------ C:\WINDOWS\system32\icaapi.dll 2007-08-09 17:42 9,216 --a------ C:\WINDOWS\system32\dumprep.exe 2007-08-09 17:42 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll 2007-08-09 17:42 8,832 --a------ C:\WINDOWS\system32\framebuf.dll 2007-08-09 17:42 8,192 --a------ C:\WINDOWS\system32\autolfn.exe 2007-08-09 17:42 786,432 --a------ C:\WINDOWS\system32\dxdiag.exe 2007-08-09 17:42 77,312 --a------ C:\WINDOWS\system32\dmscript.dll 2007-08-09 17:42 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe 2007-08-09 17:42 76,288 --a------ C:\WINDOWS\system32\avifil32.dll 2007-08-09 17:42 74,810 --a------ C:\WINDOWS\system32\atl.dll 2007-08-09 17:42 71,680 --a------ C:\WINDOWS\system32\browsewm.dll 2007-08-09 17:42 70,656 --a------ C:\WINDOWS\system32\defrag.exe 2007-08-09 17:42 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll 2007-08-09 17:42 66,560 --a------ C:\WINDOWS\system32\faultrep.dll 2007-08-09 17:42 64,512 --a------ C:\WINDOWS\system32\ciodm.dll 2007-08-09 17:42 62,976 --a------ C:\WINDOWS\system32\browselc.dll 2007-08-09 17:42 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll 2007-08-09 17:42 61,440 --a------ C:\WINDOWS\system32\dbnetlib.dll 2007-08-09 17:42 6,656 --a------ C:\WINDOWS\system32\batt.dll 2007-08-09 17:42 59,392 --a------ C:\WINDOWS\system32\iesetup.dll 2007-08-09 17:42 59,392 --a------ C:\WINDOWS\system32\6to4svc.dll 2007-08-09 17:42 58,368 --a------ C:\WINDOWS\system32\dpvsetup.exe 2007-08-09 17:42 57,344 --a------ C:\WINDOWS\system32\dmcompos.dll 2007-08-09 17:42 56,320 --a------ C:\WINDOWS\system32\dpnhupnp.dll 2007-08-09 17:42 55,296 --a------ C:\WINDOWS\system32\digest.dll 2007-08-09 17:42 54,272 --a------ C:\WINDOWS\system32\clusapi.dll 2007-08-09 17:42 53,248 --a------ C:\WINDOWS\system32\cryptsvc.dll 2007-08-09 17:42 5,120 --a------ C:\WINDOWS\system32\asferror.dll 2007-08-09 17:42 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll 2007-08-09 17:42 49,664 --a------ C:\WINDOWS\system32\dpwsockx.dll 2007-08-09 17:42 49,152 --a------ C:\WINDOWS\system32\eventlog.dll 2007-08-09 17:42 49,152 --a------ C:\WINDOWS\system32\browser.dll 2007-08-09 17:42 471,040 --a------ C:\WINDOWS\system32\cryptui.dll 2007-08-09 17:42 45,568 --a------ C:\WINDOWS\system32\docprop2.dll 2007-08-09 17:42 41,984 --a------ C:\WINDOWS\system32\alg.exe 2007-08-09 17:42 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe 2007-08-09 17:42 380,445 --a------ C:\WINDOWS\system32\expsrv.dll 2007-08-09 17:42 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll 2007-08-09 17:42 37,888 --a------ C:\WINDOWS\system32\hhsetup.dll 2007-08-09 17:42 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll 2007-08-09 17:42 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll 2007-08-09 17:42 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-08-09 17:42 31,744 --a------ C:\WINDOWS\system32\dmloader.dll 2007-08-09 17:42 307,712 --a------ C:\WINDOWS\system32\cscui.dll 2007-08-09 17:42 29,696 --a------ C:\WINDOWS\system32\dpnhpast.dll 2007-08-09 17:42 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll 2007-08-09 17:42 266,752 --a------ C:\WINDOWS\winhlp32.exe 2007-08-09 17:42 263,680 --a------ C:\WINDOWS\system32\duser.dll 2007-08-09 17:42 263,168 --a------ C:\WINDOWS\system32\devmgr.dll 2007-08-09 17:42 26,112 --a------ C:\WINDOWS\system32\dmband.dll 2007-08-09 17:42 253,440 --a------ C:\WINDOWS\system32\ddraw.dll 2007-08-09 17:42 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll 2007-08-09 17:42 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll 2007-08-09 17:42 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll 2007-08-09 17:42 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll 2007-08-09 17:42 24,576 --a------ C:\WINDOWS\system32\conime.exe 2007-08-09 17:42 239,616 --a------ C:\WINDOWS\system32\adsnt.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-12 20:24 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\ComcastToolbar 2007-08-09 17:46 --------- d-------- C:\Program Files\Messenger 2007-08-09 17:43 --------- d-------- C:\Program Files\Movie Maker 2007-08-09 14:45 --------- d-------- C:\Program Files\QuickTime 2007-08-09 14:39 --------- d-------- C:\Program Files\iTunes 2007-08-09 14:34 --------- d-------- C:\Program Files\Google 2007-08-09 14:32 --------- d-------- C:\Program Files\ComcastToolbar 2007-08-08 18:42 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-08 16:41 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-08-08 13:53 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-07 19:44 --------- d-------- C:\Program Files\Common Files\Scanner 2007-08-07 15:57 --------- d-------- C:\Program Files\Absolute Poker Basic 2007-07-29 18:49 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\U3 2007-07-10 00:25 --------- d-------- C:\Program Files\Punch! Super Home 2007-06-29 21:32 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\Ulead Systems 2007-06-27 22:45 --------- d-------- C:\Program Files\MANSION 2007-06-27 10:03 --------- d-------- C:\Program Files\Yahoo! 2007-06-26 21:57 --------- d-------- C:\Program Files\support.com 2007-06-23 09:42 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\Google 2007-06-22 21:25 --------- d-------- C:\Program Files\Image-Line 2007-06-21 11:47 --------- d-------- C:\Program Files\McAfee ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 16:24] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-25 22:19] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40] "Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 21:40] "Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 18:20] "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51] "tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 10:58] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-11-16 14:53] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="1" [] C:\Documents and Settings\Jason\Start Menu\Programs\Startup\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2006-05-23 14:17:00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R0 SSI;SSI;C:\WINDOWS\System32\Drivers\SSI.SYS R3 ati2mpaa;ati2mpaa;C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys Contents of the 'Scheduled Tasks' folder 2007-08-10 05:58:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-05-15 08:11:13 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe 2007-08-01 08:00:08 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe 2007-08-11 00:00:06 C:\WINDOWS\Tasks\RegCure Program Check.job 2007-08-09 10:00:39 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe 2007-08-11 03:27:44 C:\WINDOWS\Tasks\XoftSpySE 2.job 2007-08-11 10:13:45 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-12 20:53:53 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-12 20:54:38 C:\ComboFix-quarantined-files.txt ... 2007-08-12 20:54 C:\ComboFix2.txt ... 2007-08-12 18:29 --- E O F --- |
|
|
|
|
08-12-2007, 07:24 PM
|
#11 (permalink) | |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,326
OS: N/A
|
Re: Constant pop ups- vundo, winfixer, generic AdClicker.d
Quote:
Then restart the browser & try Kaspersky again
__________________
Question - what have you done for the community today? |
|
|
|
|
|
08-12-2007, 10:45 PM
|
#12 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 11
OS: xp
|
Re: Constant pop ups- vundo, winfixer, generic AdClicker.d
Here is KAS, The computer seems to running a little better. While online the last 6 hours no pop ups yet. Josh
------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, August 13, 2007 12:43:43 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 13/08/2007 Kaspersky Anti-Virus database records: 379096 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 88757 Number of viruses found: 31 Number of infected objects: 85 Number of suspicious objects: 0 Duration of the scan process: 02:54:56 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\20070812185017\backup\DOCUME~1\Jason\LOCALS~1\Temp\xrun.exe Infected: Trojan-Downloader.Win32.Agent.brq skipped C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\logout.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{9EBF61CE-9DCD-4499-A1D5-F15C3E02E61A}.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR4.tmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Support.com\profiles\Jason\triggers.log Object is locked skipped C:\Documents and Settings\Jason\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Jason\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Jason\My Documents\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Jason\My Documents\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Jason\My Documents\SmitfraudFix.exe RarSFX: infected - 2 skipped C:\Documents and Settings\Jason\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Jason\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS011FA060-8CC8-4DBA-B609-D2F3177DAB82.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS051BD986-AE74-47EF-9F0D-5EFDA5ACC112.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0C2216D4-09B7-4A52-A427-37F2B1EF1AD4.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS10FD619E-72D0-4023-A4AC-C9854A56ED08.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS12DFB8CC-94C4-4537-AD2D-12C2A7A1D845.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS14348A3B-C76D-47AF-93B9-6746B1666EB4.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS17A0C29E-EB53-4BE6-BC35-AA6679A529A8.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS18E6F351-92C1-4166-A977-E4FCDE634A96.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1B57EC16-58D0-4D2B-8D94-E86128484075.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1BE3BFF7-400E-4063-B436-914139B106CA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1DCDD1F2-CC5A-4B54-B2E8-53545A3ADBC2.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1EB9743E-2606-421F-88F3-A194A2D77A7B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2083D135-B244-4AE0-8019-2671CC2011C1.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS24BD32DA-CA9F-473D-8BEA-D62C60570CCA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS25E48D6D-33EC-4EA4-BB41-28A86E06DDAE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS28CFD45B-077C-4B8B-941A-EB2039F61E3F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3166ACF6-3C81-47EB-8141-E0E503604E4D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS32B31D8A-AA5F-48DD-8856-11DAB746BDA5.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS38605E66-5041-433C-B4AF-E5C3158D159C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS430070D3-27E1-4834-9DD9-450AE3B52260.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS43FB0478-EAAF-4588-9774-5ED0EF9A9185.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS46E15165-9F9B-4B71-9887-87B020A104D3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS49AA5AEA-E0D4-4836-8F00-840A838AD1A9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4FBA87D2-009D-4D69-A93E-99496CEE3C01.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4FF972FD-6019-4AB4-B66F-CBDC76090B4B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS54495832-F0C9-4C1F-9A6E-ACF29E6A2987.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS57973698-A442-4A94-A42A-CB66A400C704.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS59F01759-CA74-4885-9218-9C9EC46CADB6.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5A5608C4-83A6-4E49-8BB1-BED105B312B5.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS69248D68-1F9A-4AB0-B7CE-89DA699B5708.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS72C3EF15-8007-4E8D-BEBD-8BD768D37ABE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7509193B-2D62-42AA-B34C-3B4E7B55E94D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS776F8118-F541-4001-9E00-079EDC1BE65F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS77EE9749-9F29-4E16-A74D-8E17F436B5CB.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS781D5C67-1688-4A3D-A0A1-D0CA9EBBC8FA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS851DED79-FA20-4B18-9F59-812409D64319.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8BA3BA6F-49A9-49F6-A308-4F76611A2B38.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8CB03C34-5458-4374-ABD2-564773F4636F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8CC5EB27-F396-40F5-BC8B-0FA76841889D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS914BE4B7-4426-4C89-B54E-4A8662D0DE86.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9240E294-C990-4302-AC00-CADA90C025A2.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS96D587EF-F369-4266-8D72-1EC6DE11A5B2.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS99051EA0-8B23-496C-9126-8573CF1CAA93.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS99695B08-26BF-4E20-B3B7-A09847ED2583.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9A17D689-9721-4A81-8A07-50748CE08CAE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9C0336FB-F7B4-412F-8201-C4B545817707.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9CB7746F-3F96-4295-9A28-248252EB5F02.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9ED271B2-C65E-4CD1-97BF-FA5F499B96BA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA0FF0974-854B-4B62-9972-B7ABA7DDE608.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA4156356-36B8-413A-9BAC-0603048BE77D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA5134E6F-9729-4C5C-B4F9-D100E5D62556.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA5D5A65A-C28E-4545-B941-A8CBE6C06283.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA9527359-B96B-4D4A-A866-5C97D66406C4.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA98AE227-2A9A-4A8C-A776-A85AFA8D11ED.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAACF10C8-F950-4B1E-BE16-F0994A801C9F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAD36538F-AB6E-4935-AA05-9DA7080E355E.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB21779B1-27DC-4D35-83F7-A58D2BD99C85.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB735D833-349D-4F5C-A258-8B1F8FED7847.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB980D83B-1E0C-4D0E-9307-3EB3EB69F529.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC0D84B7-B385-40A8-A227-AFF131ADE8E9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCACF59B9-BE32-489E-8F38-55B7A1F20FBF.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCBF37A04-B8F0-49A6-9B29-D9C02477A90C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD001A755-B212-4EA6-97E1-3B930DB32E9D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD06E2FE8-504B-45D6-B6FF-7FA39A3BF341.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD86A57EE-05BB-43A9-B2F2-292B40ADE031.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE5528E35-2830-4432-A917-BC48431888FF.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEA1E9001-32DA-4BB4-A4CA-641FECA381D7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEC9380D0-7F3D-4E98-B514-455667A58F11.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEDC0C228-B262-47C6-8DD5-AE9D6C0830E3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\SBC Self Support Tool\SmartBridge\AlertFilter.log Object is locked skipped C:\Program Files\SBC Self Support Tool\SmartBridge\log\httpclient.log Object is locked skipped C:\Program Files\SBC Self Support Tool\SmartBridge\SmartBridge.log Object is locked skipped C:\QooBox\Quarantine\C\WINDOWS\system32\gjeudkmx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped C:\QooBox\Quarantine\C\WINDOWS\system32\kxwskhbb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lh skipped C:\System Volume Information\_restore{5DB03AA4-4636-42D2-8EBD-8A98CBE88F7E}\RP1\A0000005.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\System Volume Information\_restore{5DB03AA4-4636-42D2-8EBD-8A98CBE88F7E}\RP18\A0006446.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\System Volume Information\_restore{5DB03AA4-4636-42D2-8EBD-8A98CBE88F7E}\RP2\A0004001.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lh skipped C:\System Volume Information\_restore{5DB03AA4-4636-42D2-8EBD-8A98CBE88F7E}\RP21\A0006641.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped C:\System Volume Information\_restore{5DB03AA4-4636-42D2-8EBD-8A98CBE88F7E}\RP21\A0006646.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lh skipped C:\System Volume Information\_restore{5DB03AA4-4636-42D2-8EBD-8A98CBE88F7E}\RP21\A0007781.exe Infected: Trojan-Downloader.Win32.VB.axa skipped C:\System Volume Information\_restore{5DB03AA4-4636-42D2-8EBD-8A98CBE88F7E}\RP22\change.log Object is locked skipped C:\System Volume Information\_restore{5DB03AA4-4636-42D2-8EBD-8A98CBE88F7E}\RP3\A0005205.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lh skipped C:\WINDOWS\Debug\oakley.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{C1C66639-BD01-436B-9C5F-7DE30A75AF34}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\Temp\mcafee_c6x9HU4eFM0ktZO Object is locked skipped C:\WINDOWS\Temp\mcafee_zBaZnGvwXBcuui1 Object is locked skipped C:\WINDOWS\Temp\mcmsc_DTRmsaSoRaB75kz Object is locked skipped C:\WINDOWS\Temp\mcmsc_iZ0zoc0e05EUJnH Object is locked skipped C:\WINDOWS\Temp\mcmsc_Ph0hFG65nRNumdU Object is locked skipped C:\WINDOWS\Temp\mcmsc_tCMSXz1Dg8OV09U Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ae26b51745b903014fd058db144d18e_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped D:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\02C7238A Infected: Trojan.Java.ClassLoader.k skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A483939 Infected: Trojan-Dropper.Java.Beyond.c skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0E585F88 Infected: Trojan-Dropper.Java.Beyond.c skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0F720F30 Infected: Trojan-Downloader.Win32.Dyfuca.dp skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0F75392C Infected: Trojan-Downloader.Win32.Dyfuca.ds skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1080704C Infected: Trojan-Dropper.Win32.Delf.z skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\120C13C0.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\13B23DC4 Infected: Trojan-Downloader.Win32.Small.xo skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\178E01E0 Infected: Trojan-Downloader.Win32.Dyfuca.dc skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\185869A0/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\185869A0/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\185869A0/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\185869A0/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\185869A0 ZIP: infected - 4 skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\185869A0 CryptFF: infected - 4 skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\19E47ADB Infected: Trojan-Downloader.Win32.Dyfuca.de skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25E11C44/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25E11C44/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25E11C44/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25E11C44/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25E11C44 ZIP: infected - 4 skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25E11C44 CryptFF: infected - 4 skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2EA07BAE Infected: Exploit.Java.ByteVerify skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32C5672A Infected: Exploit.Java.ByteVerify skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34123646/stream/data0006 Infected: not-a-virus:AdWare.Win32.Relevance.a skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34123646/stream Infected: not-a-virus:AdWare.Win32.Relevance.a skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34123646 NSIS: infected - 2 skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34123646 CryptFF: infected - 2 skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38453BC8 Infected: Trojan-Downloader.Win32.Dyfuca.de skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\39B31A8C Infected: Trojan.Java.ClassLoader.i skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3CFF458A Infected: Trojan.Java.ClassLoader.k skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45533C6C/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45533C6C/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45533C6C/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45533C6C/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45533C6C ZIP: infected - 4 skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45533C6C CryptFF: infected - 4 skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\488F0189 Infected: Trojan.Java.ClassLoader.j skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58224C85 Infected: Trojan.Java.ClassLoader.k skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5FAC58DA Infected: Trojan-Downloader.Win32.Dyfuca.dk skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\60904B1F Infected: Trojan-Downloader.Win32.Dyfuca.ds skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\61FD29E3 Infected: Trojan.Java.ClassLoader.i skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6B3C14D9 Infected: not-a-virus:AdWare.Win32.WinAD.b skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77B8558F Infected: Trojan-Clicker.Win32.Delf.r skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77BB7F8B Infected: Trojan-Downloader.Win32.Dyfuca.dp skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77BF2988 Infected: Trojan-Downloader.Win32.IstBar.gen skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77C25384 Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77C57D81 Infected: not-a-virus:AdWare.Win32.WinAD.b skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77C9277D Infected: not-a-virus:AdWare.Win32.WinAD.f skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77CC5179 Infected: not-a-virus:AdWare.Win32.WinAD.b skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7B831F8B/Beyond.class Infected: Exploit.Java.ByteVerify skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7B831F8B/BlackBox.class Infected: Trojan.Java.ClassLoader.r skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7B831F8B/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7B831F8B ZIP: infected - 3 skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7B831F8B CryptFF: infected - 3 skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7EE51582.class Infected: Exploit.Java.ByteVerify skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F265051/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F265051/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F265051/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F265051/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F265051 ZIP: infected - 4 skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F265051 CryptFF: infected - 4 skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F5B0329 Infected: Exploit.Java.ByteVerify skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F682B1B Infected: Trojan.Java.ClassLoader.i skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F6B5517 Infected: Trojan.Java.ClassLoader.k skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F6E7F14/Beyond.class Infected: Exploit.Java.ByteVerify skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F6E7F14/BlackBox.class Infected: Exploit.Java.ByteVerify skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F6E7F14/VerifierBug.class Infected: Trojan.Java.Needy.c skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F6E7F14 ZIP: infected - 3 skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F6E7F14 CryptFF: infected - 3 skipped D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F722910 Infected: Trojan.Java.ClassLoader.j skipped D:\System Volume Information\_restore{5DB03AA4-4636-42D2-8EBD-8A98CBE88F7E}\RP22\change.log Object is locked skipped D:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS Infected: Trojan.Win32.Qhost.av skipped Scan process completed. |
|
|
|
|
08-13-2007, 05:20 AM
|
#13 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,326
OS: N/A
|
Re: Constant pop ups- vundo, winfixer, generic AdClicker.d
D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\ is your antivirus program's quarantine cache. You should delete the contents. Please use Symantec's guide to remove the files from quarantine. http://service1.symantec.com/SUPPORT...on=1#_Section1
-------------- Open NOTEPAD.exe and copy/paste the text in the quotebox below into it: Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"
for %%g in (
"C:\Documents and Settings\Jason\My Documents\SmitfraudFix.exe"
D:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
for %%g in (
"%systemdrive%\VundoFix Backups"
%systemdrive%\Deckard
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Disable("")>SR.vbs
echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Enable("")>>SR.vbs
wscript SR.vbs
(
echo.REGEDIT4&echo.
echo.[hkey_current_user\software\microsoft\windows\currentversion\explorer\advanced]
echo."hidden"=dword:00000002
echo."hidefileext"=dword:00000001
echo."showsuperhidden"=dword:00000000
)>rehide.reg
regedit /s rehide.reg
del rehide.reg SR.vbs
nircmd wait 7000
del %0
It should look like this:  Double click on fix.bat & allow it to run Post back to tell me what it says
__________________
Question - what have you done for the community today? |
|
|
|
|
08-13-2007, 01:35 PM
|
#15 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,326
OS: N/A
|
Re: Constant pop ups- vundo, winfixer, generic AdClicker.d
Your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:
Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html After doing all these, your system will be optimised against future threats. It's okay to delete the Hijack This folder in a couple weeks if everything is working okay. Have a safe & happy computing day.  Kindly respond to this thread once more so we can mark this thread as resolved.
__________________
Question - what have you done for the community today? |
|
|
|
|
08-15-2007, 11:30 AM
|
#16 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 11
OS: xp
|
Re: Constant pop ups- vundo, winfixer, generic AdClicker.d
Hey thank you so much for helping me with my pc problems, the computer is running great! I also have a laptop that is having the same problems. I have internet explorer on the laptop but it isn't working through the net, only netscape. I know that you need ie to run through the 5 steps to start and fix these problems. Can you do anything without ie? If not, could you help me get ie running so that we could fix the big problems with the laptop. I really appericate it and if we can the laptop working also I will for sure donate to the site. Thanks so much again, Josh
|
|
|
|
|
08-15-2007, 07:08 PM
|
#17 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,326
OS: N/A
|
Re: Constant pop ups- vundo, winfixer, generic AdClicker.d
Please start a new thread for the other machine
__________________
Question - what have you done for the community today? |
|
|
|
| Thread Tools | |
|
|
