Hijackthis log please someone look at this

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Sunday 9.3.2025 / 09:16

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hijackthis log please someone look at this

Browse by topic

Forums

Start a new thread

Hijackthis log please someone look at this

Jump to:

Posted

Message

dumbme

Newbie

27. March 2008 @ 16:29

Link to this message

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:48 PM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O21 - SSODL: bokpkov - {7F0B9F44-AEF4-4FCC-B0DE-61E4F1935576} - C:\WINDOWS\bokpkov.dll
O21 - SSODL: RomCD - {820c6481-a3e3-4cbb-9d52-4dfbb0db5ef7} - C:\WINDOWS\Installer\{820c6481-a3e3-4cbb-9d52-4dfbb0db5ef7}\RomCD.dll
O21 - SSODL: altvxvm - {CDD29452-8B2D-40DE-9946-68F1D60B759E} - C:\WINDOWS\altvxvm.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 2698 bytes

[ + quote]

dumbme

Newbie

27. March 2008 @ 16:41

Link to this message

ComboFix 08-03-26.3 - Paul 2008-03-27 15:35:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.174 [GMT -5:00]
Running from: C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\QD3VOWRJ\ComboFix[1].exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Paul\Application Data\AntispywareBot
C:\Documents and Settings\Paul\Application Data\AntispywareBot\Log\2008 Mar 21 - 11_38_32 AM_765.log
C:\Documents and Settings\Paul\Application Data\AntispywareBot\Log\2008 Mar 21 - 11_38_48 AM_562.log
C:\Documents and Settings\Paul\Application Data\AntispywareBot\rs.dat
C:\Documents and Settings\Paul\Application Data\AntispywareBot\Settings\ScanResults.pie
C:\Documents and Settings\Paul\Desktop\Error Cleaner.url
C:\Documents and Settings\Paul\Desktop\Privacy Protector.url
C:\Documents and Settings\Paul\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Paul\Favorites\Error Cleaner.url
C:\Documents and Settings\Paul\Favorites\Privacy Protector.url
C:\Documents and Settings\Paul\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\ATHPRXY(2).DLL
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job

.
((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))
.

2008-03-26 14:04 . 2008-03-26 14:04 <DIR> d-------- C:\Program Files\Acesoft
2008-03-26 14:04 . 2007-01-23 00:43 277,504 --a------ C:\WINDOWS\system32\oestore.dll
2008-03-26 14:04 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\TabCtl32.ocx
2008-03-26 14:04 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\msinet.ocx
2008-03-26 14:03 . 2008-03-26 14:03 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-26 13:55 . 2008-03-26 13:57 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-03-26 09:25 . 2008-03-26 09:27 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\AdwareAlert
2008-03-26 07:57 . 2008-03-26 12:26 <DIR> d-------- C:\Program Files\MSN Games
2008-03-25 22:14 . 2008-03-25 22:14 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-25 18:38 . 2008-03-25 18:38 <DIR> d-------- C:\Program Files\CCleaner
2008-03-25 16:09 . 2008-03-25 16:09 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Uniblue
2008-03-25 11:58 . 2008-03-25 11:59 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Antispyware
2008-03-25 11:17 . 2008-03-26 15:48 <DIR> d-------- C:\SDFix
2008-03-23 23:12 . 2008-03-23 23:12 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Grisoft
2008-03-23 23:08 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-23 22:40 . 2008-03-23 22:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-23 22:27 . 2008-03-23 22:30 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\RegClean
2008-03-23 22:26 . 2008-03-23 22:32 <DIR> d-------- C:\Program Files\RegClean
2008-03-23 22:21 . 2008-03-23 22:31 <DIR> d-------- C:\Program Files\IEpal
2008-03-22 15:55 . 2008-03-22 15:55 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-03-21 18:33 . 2008-03-22 21:18 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-03-21 13:06 . 2008-03-21 13:28 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\IDM
2008-03-21 13:06 . 2008-03-21 13:28 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\DMCache
2008-03-20 16:48 . 2008-03-20 16:48 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-20 14:20 . 2008-03-25 22:39 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Symantec
2008-03-20 14:20 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-03-20 14:18 . 2008-03-20 14:18 <DIR> d-------- C:\Program Files\PerformanceTest
2008-03-20 13:30 . 2008-03-26 09:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-20 13:25 . 2008-03-20 13:25 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-20 12:08 . 2008-03-20 16:58 <DIR> d-------- C:\Program Files\MySpace
2008-03-20 09:39 . 2008-03-20 09:39 98,304 --a------ C:\WINDOWS\system32\klnhmvyi.exe
2008-03-20 09:39 . 2008-03-20 09:39 38,912 --a------ C:\WINDOWS\upwxazmf.exe
2008-03-20 09:38 . 2008-03-20 05:07 249,856 --a------ C:\WINDOWS\altvxvm.dll
2008-03-20 09:38 . 2008-03-20 05:07 217,088 --a------ C:\WINDOWS\bokpkov.dll
2008-03-20 07:31 . 2008-03-20 07:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-03-20 07:31 . 2008-03-20 07:31 22 --a------ C:\WINDOWS\iexplore.ini
2008-03-17 16:37 . 2008-03-17 16:37 <DIR> d-------- C:\Program Files\ImTOO
2008-03-17 16:36 . 2008-03-17 16:36 <DIR> d-------- C:\Program Files\STOPzilla!
2008-03-17 16:27 . 2008-03-17 16:27 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\AVG7
2008-03-17 16:27 . 2008-03-17 16:27 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-17 16:27 . 2008-03-23 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-17 16:27 . 2008-03-17 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-15 18:51 . 2008-03-15 18:51 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\MySpace
2008-03-13 23:42 . 2008-03-17 16:25 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\AVG7(2)
2008-03-13 23:30 . 2008-03-17 16:25 <DIR> d-------- C:\Program Files\Grisoft(2)
2008-03-13 23:30 . 2008-03-17 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2008-03-13 15:58 . 2008-03-13 19:46 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\CallingID
2008-03-13 12:19 . 2008-03-13 12:42 <DIR> d-------- C:\Program Files\Lexmark 1200 Series
2008-03-13 12:19 . 2008-03-13 12:42 3,718 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-03-13 12:19 . 2007-02-08 17:44 1,851 --a------ C:\WINDOWS\system32\lxcz.loc
2008-03-13 00:00 . 2008-03-26 20:05 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-12 23:09 . 2008-03-17 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7(2)
2008-03-10 17:16 . 2008-03-10 17:16 22,448 --a------ C:\Documents and Settings\Paul\Application Data\GDIPFONTCACHEV1.DAT
2008-03-08 20:23 . 2008-03-08 20:23 1,024 --a------ C:\.rnd
2008-03-08 20:21 . 2008-03-08 20:21 <DIR> d-------- C:\Program Files\demoxi(2)
2008-03-08 20:21 . 2008-03-08 20:21 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\demoxi
2008-03-08 19:00 . 2008-03-20 16:56 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-03-05 23:53 . 2008-03-17 16:29 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\ArcSoft
2008-03-04 22:43 . 2008-03-17 16:29 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-03-04 13:00 . 2008-03-04 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-03-04 12:47 . 2008-03-04 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-03-04 12:44 . 2008-03-04 13:00 72 ---hs---- C:\WINDOWS\S124C91C5.tmp
2008-03-03 20:01 . 2008-03-03 20:01 1,110,016 --------- C:\WINDOWS\system32\ieframe.dll.mui
2008-03-03 20:01 . 2008-03-03 20:01 142,848 --------- C:\WINDOWS\system32\IESetting.dll
2008-03-03 20:00 . 2008-03-03 20:00 10,240 --------- C:\WINDOWS\system32\advpack.dll.mui
2008-02-29 17:26 . 2008-02-29 17:26 <DIR> d-------- C:\WINDOWS\Cache
2008-02-27 17:21 . 2008-03-17 16:31 <DIR> d-------- C:\Program Files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 17:08 --------- d-----w C:\Documents and Settings\Paul\Application Data\LimeWire
2008-03-19 15:49 --------- d-----w C:\Program Files\LimeWire
2008-03-17 22:01 --------- d-----w C:\Program Files\Java
2008-03-17 21:43 --------- d-----w C:\Program Files\LIVEUPDATE
2008-03-17 21:37 --------- d-----w C:\Program Files\QuickTime
2008-03-17 21:36 --------- d-----w C:\Program Files\Disc2Phone
2008-03-17 21:36 --------- d-----w C:\Documents and Settings\Paul\Application Data\dvdcss
2008-03-17 21:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 21:27 --------- d-----w C:\Documents and Settings\Paul\Application Data\GetRightToGo
2008-03-14 03:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-04 01:01 830,464 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-04 01:01 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-03-04 01:01 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-03-04 00:53 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2008-03-04 00:52 41,984 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-03-04 00:52 17,920 ----a-w C:\WINDOWS\system32\corpol.dll
2008-03-04 00:51 69,120 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-03-04 00:51 69,120 ----a-w C:\WINDOWS\system32\admparse.dll
2008-03-04 00:50 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-03-04 00:50 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-03-04 00:50 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-02-27 04:33 --------- d-----w C:\Documents and Settings\Paul\Application Data\MozillaControl
2008-02-25 15:56 --------- d-----w C:\Program Files\Rocket Division Software
2008-02-17 14:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-02-03 20:12 --------- d-----w C:\Documents and Settings\Paul\Application Data\Apple Computer
2008-02-03 20:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-28 12:14 --------- d-----w C:\Program Files\Real
2008-01-28 11:56 --------- d-----w C:\Program Files\Common Files\Real
2008-01-19 17:09 753,664 --sha-w C:\Program Files\ehthumbs.db
2008-01-11 16:35 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
2008-01-11 16:35 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
2008-01-11 16:35 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
"Tracks Eraser Pro"="C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe" [2008-03-18 19:13 1363816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bokpkov"= {7F0B9F44-AEF4-4FCC-B0DE-61E4F1935576} - C:\WINDOWS\bokpkov.dll [2008-03-20 05:07 217088]
"RomCD"= {820c6481-a3e3-4cbb-9d52-4dfbb0db5ef7} - C:\WINDOWS\Installer\{820c6481-a3e3-4cbb-9d52-4dfbb0db5ef7}\RomCD.dll [2008-03-20 09:37 14378]
"altvxvm"= {CDD29452-8B2D-40DE-9946-68F1D60B759E} - C:\WINDOWS\altvxvm.dll [2008-03-20 05:07 249856]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 14:47 57344 C:\WINDOWS\Alcxmntr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
C:\Program Files\antiviirus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 14:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 20:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6d631ba-bb02-11dc-8dba-0015f2913e6a}]
\Shell\AutoRun\command - E:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-26 14:26:26 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-03-26 08:00:00 C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.ex
- C:\Program Files\AntiSpywareApp
"2008-03-27 19:02:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-26 08:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 15:36:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-27 15:37:26
ComboFix-quarantined-files.txt 2008-03-27 20:37:12
Pre-Run: 61,930,356,736 bytes free
Post-Run: 61,920,288,768 bytes free
.
2008-03-18 01:38:01 --- E O F ---

[ + quote]

Start a new thread


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.