Tech Support Forum - View Single Post

feanaro · 06-23-2007, 11:00 AM

"Wendy" - 2007-06-23 9:43:40 - ComboFix 07-06-23.5 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Wendy\Desktop.\internet explorer.lnk

((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 )))))))))))))))))))))))))))))))

2007-06-23 09:42 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-23 09:37 <DIR> d-------- C:\WINDOWS\LastGood
2007-06-22 21:21 <DIR> d-------- C:\Deckard
2007-06-22 21:09 <DIR> d-------- C:\VundoFix Backups
2007-06-22 19:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-22 19:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-06-22 19:49 1,572,864 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-22 19:41 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-22 19:30 <DIR> d-------- C:\WINDOWS\pss
2007-06-22 12:11 24,128 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-06-22 12:11 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-06-22 12:11 160,320 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-06-22 12:11 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-06-22 12:10 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-06-22 12:10 1,521,216 --a------ C:\WINDOWS\WRSetup.dll
2007-06-22 12:10 <DIR> d-------- C:\Program Files\Webroot
2007-06-22 12:10 <DIR> d-------- C:\DOCUME~1\Wendy\APPLIC~1\Webroot
2007-06-22 12:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-06-22 12:09 164 --a------ C:\install.dat
2007-06-22 12:02 <DIR> d-------- C:\DOCUME~1\Wendy\APPLIC~1\SystemDoctor Free
2007-06-22 12:01 <DIR> d-------- C:\DOCUME~1\Wendy\APPLIC~1\CyberScrub
2007-06-22 12:00 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-06-22 11:52 <DIR> d-------- C:\Program Files\SystemDoctor Free
2007-06-22 11:52 <DIR> d-------- C:\Program Files\Common Files\SystemDoctor
2007-06-22 11:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free
2007-06-22 11:12 <DIR> d-------- C:\WINDOWS\privacy_danger
2007-06-22 10:00 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-22 09:58 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-06-22 09:55 90,112 --a------ C:\WINDOWS\expro.dll
2007-06-22 09:55 77,312 --a------ C:\WINDOWS\vpssup.dll
2007-06-22 09:55 204,800 --a------ C:\WINDOWS\vpsnetwork.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 20:59:30 -------- d-----w C:\DOCUME~1\Wendy\APPLIC~1\uTorrent
2007-06-22 17:30:41 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-22 17:29:15 -------- d-----w C:\Program Files\TELUS
2007-06-22 17:18:22 -------- d-----w C:\DOCUME~1\Wendy\APPLIC~1\AdobeUM
2007-06-19 00:20:04 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-13 16:41:43 -------- d-----w C:\Program Files\MSN Messenger
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 05:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-12 04:57:12 225 ----a-w C:\WINDOWS\freedom.backup.dat
2007-04-08 23:26:23 1,956 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-04-08 19:20:31 228 ----a-w C:\TEMP.REG

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{A1770FD6-A7CB-44DA-AD2C-692D2A2B521B}=C:\WINDOWS\vpsnetwork.dll [2007-06-22 09:22]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 23:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-22 10:09]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-06-15 13:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 05:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{E58A42DB-189A-47B5-A907-B8F65D3FD907}"="C:\WINDOWS\vpssup.dll" [2007-06-22 09:22]
"{8EFEFD10-1E06-47B9-A382-C12A7908030E}"="C:\WINDOWS\expro.dll" [2007-06-22 09:22]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D066UUtility]
C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C62 Series]
"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE" /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
"C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

Contents of the 'Scheduled Tasks' folder
2007-06-22 19:11:03 C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-23 09:47:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-23 9:50:07
C:\ComboFix-quarantined-files.txt ... 2007-06-23 09:50

--- E O F ---

06-23-2007, 11:00 AM	#3 (permalink)
feanaro Registered User Join Date: Jun 2007 Posts: 20 OS: Win XP	Re: infected system "Wendy" - 2007-06-23 9:43:40 - ComboFix 07-06-23.5 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Wendy\Desktop.\internet explorer.lnk ((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 ))))))))))))))))))))))))))))))) 2007-06-23 09:42 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-23 09:37 <DIR> d-------- C:\WINDOWS\LastGood 2007-06-22 21:21 <DIR> d-------- C:\Deckard 2007-06-22 21:09 <DIR> d-------- C:\VundoFix Backups 2007-06-22 19:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-22 19:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback 2007-06-22 19:49 1,572,864 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-06-22 19:41 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-06-22 19:30 <DIR> d-------- C:\WINDOWS\pss 2007-06-22 12:11 24,128 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-06-22 12:11 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys 2007-06-22 12:11 160,320 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-06-22 12:11 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot 2007-06-22 12:10 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-06-22 12:10 1,521,216 --a------ C:\WINDOWS\WRSetup.dll 2007-06-22 12:10 <DIR> d-------- C:\Program Files\Webroot 2007-06-22 12:10 <DIR> d-------- C:\DOCUME~1\Wendy\APPLIC~1\Webroot 2007-06-22 12:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot 2007-06-22 12:09 164 --a------ C:\install.dat 2007-06-22 12:02 <DIR> d-------- C:\DOCUME~1\Wendy\APPLIC~1\SystemDoctor Free 2007-06-22 12:01 <DIR> d-------- C:\DOCUME~1\Wendy\APPLIC~1\CyberScrub 2007-06-22 12:00 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2007-06-22 11:52 <DIR> d-------- C:\Program Files\SystemDoctor Free 2007-06-22 11:52 <DIR> d-------- C:\Program Files\Common Files\SystemDoctor 2007-06-22 11:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free 2007-06-22 11:12 <DIR> d-------- C:\WINDOWS\privacy_danger 2007-06-22 10:00 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-06-22 09:58 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2007-06-22 09:55 90,112 --a------ C:\WINDOWS\expro.dll 2007-06-22 09:55 77,312 --a------ C:\WINDOWS\vpssup.dll 2007-06-22 09:55 204,800 --a------ C:\WINDOWS\vpsnetwork.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-22 20:59:30 -------- d-----w C:\DOCUME~1\Wendy\APPLIC~1\uTorrent 2007-06-22 17:30:41 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-22 17:29:15 -------- d-----w C:\Program Files\TELUS 2007-06-22 17:18:22 -------- d-----w C:\DOCUME~1\Wendy\APPLIC~1\AdobeUM 2007-06-19 00:20:04 -------- d--h--w C:\Program Files\WindowsUpdate 2007-05-13 16:41:43 -------- d-----w C:\Program Files\MSN Messenger 2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-17 05:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2007-04-12 04:57:12 225 ----a-w C:\WINDOWS\freedom.backup.dat 2007-04-08 23:26:23 1,956 ----a-w C:\WINDOWS\system32\d3d8caps.dat 2007-04-08 19:20:31 228 ----a-w C:\TEMP.REG ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {A1770FD6-A7CB-44DA-AD2C-692D2A2B521B}=C:\WINDOWS\vpsnetwork.dll [2007-06-22 09:22] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 23:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-22 10:09] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] "My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-06-15 13:38] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 05:29] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "{E58A42DB-189A-47B5-A907-B8F65D3FD907}"="C:\WINDOWS\vpssup.dll" [2007-06-22 09:22] "{8EFEFD10-1E06-47B9-A382-C12A7908030E}"="C:\WINDOWS\expro.dll" [2007-06-22 09:22] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C62 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE" /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart] "C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc Contents of the 'Scheduled Tasks' folder 2007-06-22 19:11:03 C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job ************************************************************************ catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-23 09:47:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-06-23 9:50:07 C:\ComboFix-quarantined-files.txt ... 2007-06-23 09:50 --- E O F ---