Tech Support Forum - View Single Post

spazn · 10-07-2007, 08:16 PM

No, I didn't install that. It's my stepmom's laptop, so she probably did. I submitted the file, and here are the logs:

ComboFix 07-10-07.2 - ANA 2007-10-07 13:48:44.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.39 [GMT -4:00]
Running from: C:\Documents and Settings\ANA\desktop\ComboFix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\SystemDoctor Free
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
C:\Documents and Settings\ANA\Application Data\SystemDoctor Free
C:\Documents and Settings\ANA\Application Data\SystemDoctor Free\Logs\update.log
C:\Documents and Settings\ANA\Application Data\SystemDoctor Free\Logs\update.log
C:\Documents and Settings\ANA\err.log
C:\Documents and Settings\ANA\ResErrors.log
C:\Program Files\Common Files\SystemDoctor
C:\Program Files\Common Files\SystemDoctor\err.log
C:\WINDOWS\system32\autorun.ini

.
((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.

2007-10-07 13:47 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-24 19:31 <DIR> d-------- C:\Program Files\iPod
2007-09-24 19:30 <DIR> d-------- C:\Program Files\iTunes
2007-09-15 19:34 <DIR> d-------- C:\HJT
2007-09-15 18:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-09-15 17:40 <DIR> d--hs---- C:\FOUND.002
2007-09-15 14:51 <DIR> d-------- C:\Documents and Settings\ANA\Application Data\Lavasoft
2007-09-15 14:50 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-14 16:36 <DIR> d--hs---- C:\FOUND.001
2007-09-14 16:08 <DIR> d-------- C:\Program Files\SymNetDrv
2007-09-14 15:59 82,984 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-14 15:59 82,136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-14 15:59 2,397 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-09-14 15:59 <DIR> d-------- C:\Program Files\Symantec
2007-09-14 15:59 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-09-14 15:59 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-14 15:59 <DIR> d-------- C:\Documents and Settings\ANA\Application Data\Symantec
2007-09-14 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-14 14:09 <DIR> d-------- C:\Program Files\AVG
2007-09-14 13:07 <DIR> d--hs---- C:\UGA6PY
2007-09-14 13:06 <DIR> d-------- C:\Documents and Settings\ANA\Application Data\ElmejorAntivirus
2007-09-14 13:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-09-14 13:05 <DIR> d-------- C:\Program Files\ElmejorAntivirus
2007-09-14 13:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-03 13:54 --------- d-------- C:\Program Files\Realtek AC97
2007-09-02 09:25 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-09-02 08:52 --------- d-------- C:\Program Files\QuickTime
2007-09-02 08:51 --------- d-------- C:\Program Files\Common Files\Apple
2007-09-02 08:51 --------- d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-08-07 18:33 4108992 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 03:00 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 19:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-03-25 06:37 6980738 --a------ C:\Documents and Settings\ANA\HC4Installer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-11-10 09:30]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-14 16:08]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-03-07 12:07:26]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 18

54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b8ea5f37-7327-4923-9808-8fd3b6f0d529}"= C:\WINDOWS\system32\ddllup.dll [ ]

R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
S3 int15.sys;int15.sys;\??\C:\Program Files\acer\eRecovery\int15.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-07 17:37:26 C:\WINDOWS\Tasks\Symantec NetDetect.job"
"2007-10-06 00:02:42 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - ANA.job"
"2007-09-24 22:42:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-07 13:52:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-07 13:53:20
C:\ComboFix-quarantined-files.txt ... 2007-10-07 13:53
.
--- E O F ---

Uninstall List

Acer eManager for Notebook
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0
Agere Systems AC'97 Modem
Apple Mobile Device Support
Apple Software Update
Arcade 3.0
CC_ccStart
ccCommon
EAX Unified
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Launch Manager
LimeWire 4.12.6
LimeWire Accelerator 4.10
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Mozilla Firefox (2.0.0.6)
Mozilla Firefox (2.0.0.7)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
NTI Backup NOW! 4
NTI CD & DVD-Maker Gold
PowerProducer
QuickTime
Realtek AC'97 Audio
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver
Spybot - Search & Destroy 1.4
Symantec Script Blocking Installer
SymNet
Synaptics Pointing Device Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Toolbar

10-07-2007, 08:16 PM	#5 (permalink)
spazn Registered User Join Date: Oct 2007 Posts: 7 OS: Microsoft Windows XP Home Edition Version 2002 Service Pack 2	Re: Win32.Reson No, I didn't install that. It's my stepmom's laptop, so she probably did. I submitted the file, and here are the logs: ComboFix 07-10-07.2 - ANA 2007-10-07 13:48:44.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.39 [GMT -4:00] Running from: C:\Documents and Settings\ANA\desktop\ComboFix.exe Command switches used :: /killall * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\SystemDoctor Free C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode C:\Documents and Settings\ANA\Application Data\SystemDoctor Free C:\Documents and Settings\ANA\Application Data\SystemDoctor Free\Logs\update.log C:\Documents and Settings\ANA\Application Data\SystemDoctor Free\Logs\update.log C:\Documents and Settings\ANA\err.log C:\Documents and Settings\ANA\ResErrors.log C:\Program Files\Common Files\SystemDoctor C:\Program Files\Common Files\SystemDoctor\err.log C:\WINDOWS\system32\autorun.ini . ((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 ))))))))))))))))))))))))))))))) . 2007-10-07 13:47 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-24 19:31 <DIR> d-------- C:\Program Files\iPod 2007-09-24 19:30 <DIR> d-------- C:\Program Files\iTunes 2007-09-15 19:34 <DIR> d-------- C:\HJT 2007-09-15 18:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft 2007-09-15 17:40 <DIR> d--hs---- C:\FOUND.002 2007-09-15 14:51 <DIR> d-------- C:\Documents and Settings\ANA\Application Data\Lavasoft 2007-09-15 14:50 <DIR> d-------- C:\Program Files\Lavasoft 2007-09-14 16:36 <DIR> d--hs---- C:\FOUND.001 2007-09-14 16:08 <DIR> d-------- C:\Program Files\SymNetDrv 2007-09-14 15:59 82,984 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-09-14 15:59 82,136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-09-14 15:59 2,397 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2007-09-14 15:59 <DIR> d-------- C:\Program Files\Symantec 2007-09-14 15:59 <DIR> d-------- C:\Program Files\Norton AntiVirus 2007-09-14 15:59 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-14 15:59 <DIR> d-------- C:\Documents and Settings\ANA\Application Data\Symantec 2007-09-14 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-09-14 14:09 <DIR> d-------- C:\Program Files\AVG 2007-09-14 13:07 <DIR> d--hs---- C:\UGA6PY 2007-09-14 13:06 <DIR> d-------- C:\Documents and Settings\ANA\Application Data\ElmejorAntivirus 2007-09-14 13:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-09-14 13:05 <DIR> d-------- C:\Program Files\ElmejorAntivirus 2007-09-14 13:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-03 13:54 --------- d-------- C:\Program Files\Realtek AC97 2007-09-02 09:25 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-09-02 08:52 --------- d-------- C:\Program Files\QuickTime 2007-09-02 08:51 --------- d-------- C:\Program Files\Common Files\Apple 2007-09-02 08:51 --------- d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-08-07 18:33 4108992 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-19 03:00 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-12 19:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-03-25 06:37 6980738 --a------ C:\Documents and Settings\ANA\HC4Installer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-11-10 09:30] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-14 16:08] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-03-07 12:07:26] Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 1854] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{b8ea5f37-7327-4923-9808-8fd3b6f0d529}"= C:\WINDOWS\system32\ddllup.dll [ ] R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys S3 int15.sys;int15.sys;\??\C:\Program Files\acer\eRecovery\int15.sys Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-10-07 17:37:26 C:\WINDOWS\Tasks\Symantec NetDetect.job" "2007-10-06 00:02:42 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - ANA.job" "2007-09-24 22:42:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-07 13:52:15 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-07 13:53:20 C:\ComboFix-quarantined-files.txt ... 2007-10-07 13:53 . --- E O F --- Uninstall List Acer eManager for Notebook Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Reader 6.0 Agere Systems AC'97 Modem Apple Mobile Device Support Apple Software Update Arcade 3.0 CC_ccStart ccCommon EAX Unified HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) iTunes J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 Launch Manager LimeWire 4.12.6 LimeWire Accelerator 4.10 LiveReg (Symantec Corporation) LiveUpdate 1.90 (Symantec Corporation) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works 2002 Setup Launcher Microsoft Works 6.0 Mozilla Firefox (2.0.0.6) Mozilla Firefox (2.0.0.7) MSRedist MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Norton AntiVirus 2004 Norton AntiVirus 2004 (Symantec Corporation) Norton AntiVirus Parent MSI Norton AntiVirus SYMLT MSI NTI Backup NOW! 4 NTI CD & DVD-Maker Gold PowerProducer QuickTime Realtek AC'97 Audio Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938829) SiS 900 PCI Fast Ethernet Adapter Driver SiS VGA Utilities SiSAGP driver Spybot - Search & Destroy 1.4 Symantec Script Blocking Installer SymNet Synaptics Pointing Device Driver Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB938828) Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Yahoo! Messenger Yahoo! Search Protection Yahoo! Toolbar