"Jason1" - 2007-05-24 1:49:03 Service Pack 2
ComboFix 07-05.24.4.V - Running from: "C:\Documents and Settings\Jason1\Desktop\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
"C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"
"C:\Program Files\Common Files\Yazzle1396OinUninstaller.exe"
"C:\Program Files\Common Files\{38C84~1\Bar888.dll"
"C:\Program Files\Common Files\{38C84~1\UnInstall.exe"
"C:\Program Files\Common Files\{F8C84~1\Update.exe.lzma"
"C:\Temp\tn3"
"C:\Program Files\Common Files\{38C84~1"
"C:\Program Files\Common Files\{F8C84~1"
Purity Folders:
C:\WINDOWS\system32\MBOLS~1
C:\Program Files\Common Files\CROSOF~1
C:\Program Files\WNSXS~1
C:\DOCUME~1\Jason1\APPLIC~1\STEM~1
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\core
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))
2007-05-24 01:17 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-05-24 01:17 <DIR> d-------- C:\WINDOWS\nview
2007-05-24 01:10 <DIR> d-------- C:\DOCUME~1\Jason1\APPLIC~1\VersionTracker Pro
2007-05-24 00:55 28,160 -ra------ C:\WINDOWS\system32\nvmdcoi.dll
2007-05-24 00:55 20,224 -ra------ C:\WINDOWS\system32\drivers\nvidesm.sys
2007-05-23 23:33 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-05-22 13:55 <DIR> d-------- C:\d0306f02d7d2751ab2
2007-05-22 05:37 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-05-21 07:29 630,464 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-05-21 07:29 108,656 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-05-21 07:22 99,904 --a------ C:\WINDOWS\system32\isafeif.dll
2007-05-21 07:22 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2007-05-21 07:22 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2007-05-21 07:22 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-05-21 07:22 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-05-21 07:22 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-05-21 07:22 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-05-21 07:21 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-05-21 07:21 <DIR> d-------- C:\Program Files\CA
2007-05-21 07:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-05-21 02:51 <DIR> d-------- C:\VundoFix Backups
2007-05-20 00:28 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-05-15 16:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-30 18:39 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-04-28 23:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-28 13:40 <DIR> d-------- C:\WINDOWS\qqir
2007-04-28 13:40 <DIR> d-------- C:\Program Files\Common Files\qqir
2007-04-28 13:03 <DIR> d--hs---- C:\WINDOWS\SmFzb24
2007-04-28 12:42 167 --a------ C:\WINDOWS\system32\5665.bat
2007-04-28 12:41 94,021 --a------ C:\WINDOWS\system32\app.exe
2007-04-28 12:41 32,768 --a------ C:\WINDOWS\system32\setup9x.exe
2007-04-28 12:41 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-24 05:36:01 1,324 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-05-24 03:56:21 -------- d-----w C:\Program Files\Trillian
2007-05-22 16:41:42 -------- d-----w C:\Program Files\World of Warcraft
2007-05-22 04:29:54 -------- d-----w C:\DOCUME~1\Jason1\APPLIC~1\U3
2007-05-22 02:17:09 1,100 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-05-21 09:43:35 -------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2007-05-21 09:43:18 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-04 18:10:28 256,784 ----a-w C:\WINDOWS\system32\UmxSbxw.dll
2007-04-04 18:10:28 120,080 ----a-w C:\WINDOWS\system32\drivers\KmxCF.sys
2007-04-04 18:10:28 117,520 ----a-w C:\WINDOWS\system32\UmxSbxExw.dll
2007-03-27 14:32:10 93,968 ----a-w C:\WINDOWS\system32\drivers\KmxStart.sys
2007-03-27 14:32:10 116,496 ----a-w C:\WINDOWS\system32\drivers\KmxFw.sys
2007-03-26 19:48:41 -------- d-----w C:\Program Files\Musicmatch
2007-03-26 19:47:57 -------- d-----w C:\DOCUME~1\Jason1\APPLIC~1\Musicmatch
2007-03-26 06:36:28 -------- d--h--r C:\DOCUME~1\Jason1\APPLIC~1\SecuROM
2007-03-26 06:36:27 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-03-26 06:34:12 -------- d-----w C:\Program Files\Jade Empire
2007-03-26 06:29:57 82,774 ----a-w C:\WINDOWS\Uninstall Jade Empire.exe
2007-03-23 10:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 10:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 00:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-21 22:57:32 61,960 ----a-w C:\WINDOWS\system32\drivers\KmxAgent.sys
2007-03-21 20:31:20 63,496 ----a-w C:\WINDOWS\system32\drivers\KmxSbx.sys
2007-03-19 23:06:12 89,096 ----a-w C:\WINDOWS\system32\drivers\KmxCfg.sys
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 08:39:30 45,064 ----a-w C:\WINDOWS\system32\drivers\KmxFile.sys
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-06 16:27:46 -------- d-----w C:\Program Files\Ubisoft
2007-03-06 16:27:27 1 -c--a-w C:\WINDOWS\system32\SI.bin
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2005-07-22 18:01]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}=C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2005-04-15 18:01]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"HostManager"="C:\Program Files\Common Files\AOL\1165726069\ee\AOLSoftware.exe" [2006-09-25 20:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-26 22:06]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-05-21 07:28]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.8.0\QOELoader.exe" [2007-05-21 07:22]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-05-21 07:28]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2007-05-21 07:28]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2007-05-21 07:28]
"@"="" []
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2007-05-21 07:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-02-01 10:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
"WhenUSave"="C:\Program Files\Save\Save.exe"
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.EXE" -b
"PowerBar"=
"Dpho"="C:\PROGRA~1\COMMON~1\MANTEC~1\spoolsv.exe" -vt ndrv
"Mjg"="C:\Documents and Settings\Jason1\Application Data\??stem\l?gonui.exe"
"qqir"=C:\PROGRA~1\COMMON~1\qqir\qqirm.exe
"Owkcgim"="C:\Program Files\Common Files\??crosoft\r?ndll.exe"
"Jrv"=C:\WINDOWS\system32\??mbols\j?vaw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"nwiz"=nwiz.exe /install
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\autorun.exe -auto
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9679b442-4fdf-11d9-82a1-806d6172696f}]
AutoRun\command- D:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f34450c8-87a9-11db-9a0d-806d6172696f}]
AutoRun\command- E:\Autorun.exe
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20070523-001234-804
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????=??
backup-20070523-001234-772
O4 - HKCU\..\Policies\Explorer\Run: [{F8C8453C-0446-1033-0606-030807030001}] "C:\Program Files\Common Files\{F8C8453C-0446-1033-0606-030807030001}\Update.exe" mc-110-12-0000137
backup-20070523-001234-535
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
backup-20070523-001234-982
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{F8C8453C-0446-1033-0606-030807030001}] "C:\Program Files\Common Files\{F8C8453C-0446-1033-0606-030807030001}\Update.exe" mc-110-12-0000137 (User 'Default user')
backup-20070523-001234-167
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{F8C8453C-0446-1033-0606-030807030001}] "C:\Program Files\Common Files\{F8C8453C-0446-1033-0606-030807030001}\Update.exe" mc-110-12-0000137 (User 'SYSTEM')
Contents of the 'Scheduled Tasks' folder
2007-05-21 11:22:02 C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Jason1 at 7 22 AM.job
********************************************************************
catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-24 02:01:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-05-24 2:13:17 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-24 02:13
--- E O F ---
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
"C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"
"C:\Program Files\Common Files\Yazzle1396OinUninstaller.exe"
"C:\Program Files\Common Files\{38C84~1\Bar888.dll"
"C:\Program Files\Common Files\{38C84~1\UnInstall.exe"
"C:\Program Files\Common Files\{F8C84~1\Update.exe.lzma"
"C:\Temp\tn3"
"C:\Program Files\Common Files\{38C84~1"
"C:\Program Files\Common Files\{F8C84~1"
Purity Folders:
C:\WINDOWS\system32\MBOLS~1
C:\Program Files\Common Files\CROSOF~1
C:\Program Files\WNSXS~1
C:\DOCUME~1\Jason1\APPLIC~1\STEM~1
Purity Folders:
C:\WINDOWS\system32\MBOLS~1
C:\Program Files\Common Files\CROSOF~1
C:\Program Files\WNSXS~1
C:\DOCUME~1\Jason1\APPLIC~1\STEM~1
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\core
((((((((((((((((((((((((((((((( Files Created from 05/2-01-07 to 05/24/2007 ))))))))))))))))))))))))))))))))))