Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Am Infected


  • Please log in to reply
3 replies to this topic

#1 Joeliony

Joeliony

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 12 February 2008 - 12:30 PM

I am New here I don't know where and How to post my problem Will you be kind please and help me slove this problem?
I thank you in advance
My problem is I got this core.cache.dsk
Will you please help me out?

BC AdBot (Login to Remove)

 


m

#2 Joeliony

Joeliony
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 12 February 2008 - 01:44 PM

I Just Scaned my Computer with Hijack This And here is the log I got

*************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:00 AM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Spotmau WinCares 2007\FolderProtectService.exe
C:\Program Files\Spotmau WinCares 2007\FolderProtect.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\fxssvc.exe
D:\PestPatrol\PPMemCheck.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wamu.com/personal/default.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: F2atv Forums Toolbar - {0ff9a677-542a-481d-a6d6-3fa32d8a806d} - C:\Program Files\F2atv_Forums\tbF2a1.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PPMemCheck] D:\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [hhctrl.ocx] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\hhctrl.ocx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SYSTRAN Lookup - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Translate - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_4.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} (Sony Network Camera Viewer Control) - http://70.107.225.103/program/SonyNetworkCameraViewer.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{DECC17E6-22A6-43BA-A36F-003B410F5E9B}: NameServer = 64.192.0.10,64.192.0.11
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfcno - igfcno.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCares 2007\FolderProtectService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 12772 bytes

#3 Joeliony

Joeliony
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 12 February 2008 - 05:18 PM

Dear Folks
I Sacn with with comboFix.exe and here is the result
Help Pleaseeeeeeee


ComboFix 08-02-13.1 - Joe 2008-02-12 13:29:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.708 [GMT -8:00]
Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\nmwcdd.sys
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\anonystat
C:\Program Files\anonystat\Anonystat-2.dll
C:\Program Files\anonystat\Anonystat.dat
C:\Program Files\anonystat\pcre3.dll
C:\Program Files\anonystat\uninstall.exe
C:\Program Files\Common Files\{2C711~1
C:\Program Files\Common Files\{2C711~2
C:\Program Files\Common Files\{3C711~1
C:\Program Files\Common Files\{3C711~1\Uninst.exe
C:\Program Files\Common Files\{3C711~2
C:\Program Files\Common Files\{3C711~2\Bar888.dll
C:\Program Files\Common Files\{3C711~2\UnInstall.exe
C:\Program Files\internet explorer\keygen.exe
C:\setup.exe
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\nmwcdd.sys
C:\WINDOWS\temp.exe

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupj+|C̛v+@J:NGD_DQ{zt һHG.X4qEBqsD<WU Client Download S-1-5-18 `HT4?? 6VwoQZCDHMXC:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\mainwwsp1.cab
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NMWCDD
-------\nmwcdd


((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-12 08:58 . 2008-02-12 08:58 250 --a------ C:\WINDOWS\gmer.ini
2008-02-11 17:54 . 2008-02-11 17:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-11 17:54 . 2008-02-11 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-11 16:00 . 2008-02-11 16:00 <DIR> d-------- C:\VundoFix Backups
2008-02-11 15:45 . 2008-02-11 15:45 <DIR> d-------- C:\Program Files\CCleaner
2008-02-10 12:01 . 2008-02-12 00:31 31,744 --a------ C:\WINDOWS\system32\perfs.exe
2008-02-09 17:42 . 2008-02-09 17:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-09 17:22 . 2008-02-09 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-02-09 16:18 . 2008-02-11 14:07 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-09 16:18 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-09 16:18 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-09 16:18 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-09 16:18 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-08 16:52 . 2008-02-08 17:00 5,680 --a------ C:\WINDOWS\system32\drivers\psntkd20.sys
2008-02-08 16:48 . 2008-02-08 16:56 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2008-02-08 15:57 . 2008-02-08 15:52 691,545 --a------ C:\WINDOWS\unins001.exe
2008-02-08 15:57 . 2008-02-08 15:57 3,450 --a------ C:\WINDOWS\unins001.dat
2008-02-08 11:31 . 2008-02-08 11:31 266,240 --a------ C:\WINDOWS\system32\andt.sys
2008-02-07 21:00 . 2008-02-08 23:02 45,056 --a------ C:\WINDOWS\system32\Indt2.sys
2008-02-07 13:43 . 2008-02-07 13:43 <DIR> d-------- C:\Program Files\Western Digital
2008-02-07 10:41 . 2008-02-07 10:41 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Grisoft
2008-02-07 10:34 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-07 10:24 . 2008-02-07 10:24 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-07 10:24 . 2008-02-10 13:48 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\AVG7
2008-02-07 10:20 . 2008-02-07 10:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-07 09:30 . 2008-02-07 09:30 31,744 --a------ C:\WINDOWS\system32\routing.exe
2008-02-07 09:30 . 2008-02-07 09:30 40 --a------ C:\WINDOWS\system32\drmgs.sys
2008-02-07 09:22 . 2008-02-07 10:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-31 09:45 . 2008-01-31 09:45 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 5.0
2008-01-31 09:44 . 2008-01-31 09:44 <DIR> d-------- C:\Program Files\Common Files\Palo Alto Software
2008-01-31 09:44 . 2008-01-31 09:44 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-01-31 09:44 . 2008-01-31 09:44 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Intuit
2008-01-31 09:44 . 2007-07-26 17:13 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll
2008-01-31 09:44 . 2007-07-26 17:13 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2008-01-31 09:43 . 2008-01-31 09:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-01-28 17:48 . 2008-01-28 17:48 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Microsoft Corporation
2008-01-28 17:48 . 2008-01-28 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-01-28 10:36 . 2008-01-28 10:36 <DIR> dr------- C:\Documents and Settings\Joe\Application Data\Brother
2008-01-28 10:35 . 2008-01-29 09:41 426 --a------ C:\WINDOWS\BRWMARK.INI
2008-01-28 10:35 . 2008-01-28 10:35 34 --a------ C:\WINDOWS\system32\BD7220.DAT
2008-01-21 09:31 . 2008-01-21 09:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-21 09:25 . 2008-01-21 09:31 <DIR> d-------- C:\Program Files\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 00:10 --------- d-----w C:\Documents and Settings\Joe\Application Data\Lavasoft
2008-02-11 22:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-11 00:58 --------- d-----w C:\Program Files\Google
2008-02-10 23:27 --------- d-----w C:\Documents and Settings\Joe\Application Data\U3
2008-02-10 22:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-10 01:22 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 01:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-03 22:00 --------- d-----w C:\Documents and Settings\Joe\Application Data\uTorrent
2008-02-03 02:00 --------- d-----w C:\Documents and Settings\Joe\Application Data\LimeWire
2008-01-31 19:19 --------- d-----w C:\Program Files\QUICKENW
2008-01-31 18:39 3,869 ----a-w C:\Program Files\QUICKENW.QIF
2008-01-25 23:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-25 21:10 --------- d-----w C:\Program Files\Broderbund
2008-01-22 20:11 --------- d-----w C:\Documents and Settings\Joe\Application Data\Datalayer
2008-01-22 20:02 --------- d-----w C:\Documents and Settings\Joe\Application Data\Nokia Multimedia Player
2008-01-21 17:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-09 23:18 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-09 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-09 23:00 --------- d-----w C:\Documents and Settings\Joe\Application Data\SUPERAntiSpyware.com
2008-01-09 16:24 --------- d-----w C:\Program Files\ErrorsTool
2008-01-03 20:44 --------- d-----w C:\Program Files\Microsoft Silverlight
2007-12-30 22:38 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-30 22:38 --------- d-----w C:\Program Files\Ahead
2007-12-29 19:22 --------- d-----w C:\Program Files\Spyware Nuker
2007-12-24 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-11-28 19:44 878,080 ----a-w C:\WINDOWS\system32\iconv.dll
2007-11-28 19:44 721,920 ----a-w C:\WINDOWS\system32\libxml2.dll
2007-11-28 19:44 51,200 ----a-w C:\WINDOWS\system32\libexslt.dll
2007-11-28 19:44 150,016 ----a-w C:\WINDOWS\system32\libxslt.dll
2007-11-06 19:58 3,126 ----a-w C:\Documents and Settings\Joe\Application Data\wklnhst.dat
2007-03-11 23:04 137,720 ----a-w C:\Documents and Settings\Joe\Application Data\GDIPFONTCACHEV1.DAT
2003-08-29 20:12 61,440 ----a-w C:\WINDOWS\inf\i386\Viz7300.dll
2003-08-29 20:12 17,376 ----a-w C:\WINDOWS\inf\i386\Gt680x.sys
2006-02-28 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2006-02-28 12:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2006-02-28 12:00 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2006-02-28 12:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2006-02-28 12:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2006-02-28 12:00 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2006-02-28 12:00 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{0FF9A677-542A-481D-A6D6-3FA32D8A806D}
{95DAA571-4DEF-4A6D-97D8-98A346672A24}

[HKEY_CLASSES_ROOT\clsid\{0ff9a677-542a-481d-a6d6-3fa32d8a806d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0FF9A677-542A-481D-A6D6-3FA32D8A806D}"= C:\Program Files\F2atv_Forums\tbF2a1.dll [2007-12-06 14:03 1502232]

[HKEY_CLASSES_ROOT\clsid\{0ff9a677-542a-481d-a6d6-3fa32d8a806d}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect0]
@={D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect1]
@={8A814C29-D3CD-4F9E-9770-DF8704503ACA}

[HKEY_CLASSES_ROOT\CLSID\{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}]
2006-12-22 15:30 57344 --a------ C:\Program Files\Spotmau WinCares 2007\FolderProtectShellExtension.dll

[HKEY_CLASSES_ROOT\CLSID\{8A814C29-D3CD-4F9E-9770-DF8704503ACA}]
2006-12-22 15:30 57344 --a------ C:\Program Files\Spotmau WinCares 2007\FolderProtectShellExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 04:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-16 09:09 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312]
"PPMemCheck"="D:\PestPatrol\PPMemCheck.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 17:34 5419008]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-07 10:23 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfcno]
igfcno.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet 5100 series) - 1.lnk]
backup=C:\WINDOWS\pss\HPAiODevice(hp officejet 5100 series) - 1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Joe^Start Menu^Programs^Startup^Morpheus Ultra.lnk]
backup=C:\WINDOWS\pss\Morpheus Ultra.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Joe^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 01:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-02-07 10:23 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-02-28 04:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
--a------ 2002-08-23 12:29 881718 C:\Program Files\Evidence Eliminator\ee.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-01-07 12:02 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2007-12-10 14:53 1103752 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-04-08 18:43 1953792 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 09:54 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
--a------ 2004-02-11 14:08 61440 C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2007-06-21 14:06 1318912 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-16 09:09 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWN2]
--a------ 2006-06-09 08:11 4060160 C:\Program Files\Spyware Nuker\swnxt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-07-23 12:14 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
--a------ 2004-04-09 07:33 184320 C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2007-09-06 14:27 1910040 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a------ 2007-05-23 13:03 8631840 C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-07-16 14:17 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

R2 FolderProtectService;FolderProtectService;C:\Program Files\Spotmau WinCares 2007\FolderProtectService.exe [2006-12-22 15:30]
R2 mrtRate;mrtRate;C:\WINDOWS\system32\drivers\mrtRate.sys [2001-02-28 10:42]
R2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe [2008-02-07 09:30]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-09-05 14:43]
R3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 13:12]
R3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 12:12]
R3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 13:12]
R3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2004-11-23 00:39]
R3 crtaud;Conexant Riptide WDM Audio Driver;C:\WINDOWS\system32\drivers\crtaud.sys [2001-08-17 04:19]
R3 FolderProtectDriver;FolderProtectDriver;C:\Program Files\Spotmau WinCares 2007\FolderProtectDriver.sys [2006-12-12 14:25]
R3 rpfun;Conexant Riptide Dummy Driver;C:\WINDOWS\system32\drivers\rpfun.sys [2001-08-17 04:19]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;C:\WINDOWS\system32\drivers\rthwcls.sys [2001-08-17 04:19]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 15:53]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 15:52]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 15:52]
S3 GT680xNT;Visioneer OneTouch 7300 Driver;C:\WINDOWS\system32\drivers\gt680x.sys [2003-08-29 12:12]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 15:53]
S3 RoxMediaDB10;RoxMediaDB10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 15:52]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2005-12-19 00:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19f38140-d5c3-11dc-94c3-0016e632c7b0}]
\Shell\AutoRun\command - autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{960d585f-4c5d-11dc-945a-0016e632c7b0}]
\Shell\AutoRun\command - F:\LaunchU3.exe

*Newly Created Service* - HTTPFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 21:00:00 C:\WINDOWS\Tasks\ADD4BD8392333787.job"
- c:\docume~1\joe\applic~1\sendsu~1\Mapi Link Cast.exe
"2008-02-09 03:34:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-06-27 02:03:00 C:\WINDOWS\Tasks\HPFRU Task #Hewlett-Packard#hp officejet 5100 series#1174960619.job"
- C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpqfrucl.exe:-I
"2008-02-13 21:38:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-12 21:26:27 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-15 20:26:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-01 18:39:19 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 13:37:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Spotmau WinCares 2007\FolderProtect.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
.
**************************************************************************
.
Completion time: 2008-02-13 13:43:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 21:43:38
.
2008-02-06 03:51:35 --- E O F ---

#4 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:08:37 AM

Posted 22 February 2008 - 12:20 PM

Hello Joeliony and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately. Running ComboFix without guided help is not suggested as you can seriously harm your pc if you use this tool incorrectly.

If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log.

Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users