Tech Support Forum - View Single Post

noclmt · 06-28-2007, 05:50 PM

ok here goes. . . .
"ESTHER1" - 2007-06-28 19:40:17 - ComboFix 07-06-28.4 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\drivers\runtime2.sys

((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 )))))))))))))))))))))))))))))))

2007-06-28 12:41 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-20 12:56 <DIR> d-------- C:\VCOM
2007-06-18 13:17 31,232 --a------ C:\WINDOWS\system32\17279842ld.exe
2007-06-18 12:57 4,096 --a------ C:\WINDOWS\system32\57162502ld.exe
2007-06-18 12:57 31,232 --a------ C:\WINDOWS\system32\57187652ld.exe
2007-06-18 12:56 10,000 --a------ C:\WINDOWS\system32\dfgk94tu8d.dll
2007-06-06 09:26 <DIR> d-------- C:\DOCUME~1\ESTHER1\APPLIC~1\Avanquest
2007-06-05 22:56 <DIR> d--h----- C:\WINDOWS\PIF
2007-06-05 18:58 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-06-04 15:11 <DIR> d-------- C:\80d6c776dbaf9ff44e
2007-06-04 14:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-04 12:00 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\VCOM
2007-06-04 11:59 <DIR> dr-hs---- C:\_Backup.RC
2007-06-04 11:59 <DIR> d--h----- C:\_Backup
2007-06-04 11:57 <DIR> d-------- C:\Program Files\VCOM
2007-06-04 11:57 <DIR> d-------- C:\DOCUME~1\ESTHER1\APPLIC~1\VCOM
2007-06-04 11:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-30 12:44 <DIR> d-------- C:\223fc1301c156c7844b00b
2007-05-29 15:14 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-29 15:07 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-05-29 15:07 0 --a------ C:\CONFIG.SYS
2007-05-29 15:07 0 --a------ C:\AUTOEXEC.BAT
2007-05-29 15:05 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-05-29 15:05 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-05-29 15:05 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-05-29 15:02 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-05-29 15:02 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-05-29 14:49 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-29 14:49 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-28 14:30 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-05-28 13:47 <DIR> d-------- C:\42c3b3e3f34eb11ef796e5
2007-05-28 13:14 <DIR> d-------- C:\WINDOWS\setup.pss
2007-05-28 09:29 <DIR> d-------- C:\WINDOWS\Provisioning
2007-05-28 09:29 <DIR> d-------- C:\WINDOWS\PeerNet
2007-05-28 09:29 <DIR> d-------- C:\WINDOWS\ehome
2007-05-28 09:29 <DIR> d-------- C:\WINDOWS\dell

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-28 19:20:36 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-28 19:14:13 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-06-28 19:12:49 -------- d-----w C:\Program Files\Symantec
2007-06-19 16:45:30 -------- d-----w C:\DOCUME~1\ESTHER1\APPLIC~1\MSN6
2007-06-04 19:04:23 -------- d-----w C:\Program Files\Messenger
2007-05-29 19:05:18 -------- d-----w C:\Program Files\Movie Maker
2007-05-29 19:04:05 23,444 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-29 19:03:27 -------- d-----w C:\Program Files\Windows NT
2007-05-28 18:51:38 -------- d-----w C:\DOCUME~1\ESTHER1\APPLIC~1\Symantec
2007-05-28 16:48:55 -------- d-----w C:\Program Files\Norton AntiVirus
2007-05-28 16:45:00 -------- d-----w C:\Program Files\PCCW
2007-05-28 16:08:14 0 ----a-w C:\WINDOWS\ogx5r1bglo.dat
2007-05-28 13:07:23 4 ----a-w C:\WINDOWS\system32\libdmswm.dat
2007-05-25 13:22:40 28,160 ----a-w C:\WINDOWS\system32\install.exe
2007-05-25 13:04:55 16 ----a-w C:\WINDOWS\hfs.dat
2007-05-18 17:10:19 222 ----a-w C:\WINDOWS\system32\sysmwbt.exe7.exe
2007-05-18 13:09:53 16 ----a-w C:\WINDOWS\fdd.dat
2007-05-17 14:54:00 -------- d-----w C:\Program Files\CCleaner
2007-05-17 14:53:51 -------- d-----w C:\Program Files\Yahoo!
2007-05-16 16:52:55 62,802 ----a-w C:\WINDOWS\system32\wms7.exe
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-16 14:55:24 0 ----a-w C:\WINDOWS\pc3hid.exe
2007-05-15 13:17:56 16 ----a-w C:\WINDOWS\gdf.dat
2007-05-11 06:27:37 0 ----a-w C:\WINDOWS\vg8iqb.dll
2007-04-27 13:44:16 0 ----a-w C:\WINDOWS\pgdegfv.exe
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-19 14:01:28 16 ----a-w C:\WINDOWS\hpsys.dat
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 00:41:22 135,025 ----a-w C:\WINDOWS\btm32.exe
2007-04-16 14:04:43 0 ----a-w C:\WINDOWS\cdi1okj.dll
2007-04-11 19:24:55 0 ----a-w C:\WINDOWS\tcsrahrk2.reg
2007-03-29 05:30:24 0 ----a-w C:\WINDOWS\x0h7bh.reg

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 10:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 21:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 13:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-02 17:35]
"VirusScannerPro"="C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe" [2007-01-29 16:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"XP restart system"="h" []
"System update"="C:\WINDOWS\TEMP\5074.exe" [2007-05-15 16:20]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Stormer]
C:\Program Files\Spyware Stormer\SpywareStormer.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
C:\Cpqs\Scom\srmclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-28 19:40:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-28 19:41:33
C:\ComboFix-quarantined-files.txt ... 2007-06-28 19:41
C:\ComboFix2.txt ... 2007-06-28 14:19

--- E O F ---

06-28-2007, 05:50 PM	#3 (permalink)
noclmt Registered User Join Date: Jun 2007 Posts: 11 OS: XP	Re: Help ok here goes. . . . "ESTHER1" - 2007-06-28 19:40:17 - ComboFix 07-06-28.4 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\drivers\runtime2.sys ((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 ))))))))))))))))))))))))))))))) 2007-06-28 12:41 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-20 12:56 <DIR> d-------- C:\VCOM 2007-06-18 13:17 31,232 --a------ C:\WINDOWS\system32\17279842ld.exe 2007-06-18 12:57 4,096 --a------ C:\WINDOWS\system32\57162502ld.exe 2007-06-18 12:57 31,232 --a------ C:\WINDOWS\system32\57187652ld.exe 2007-06-18 12:56 10,000 --a------ C:\WINDOWS\system32\dfgk94tu8d.dll 2007-06-06 09:26 <DIR> d-------- C:\DOCUME~1\ESTHER1\APPLIC~1\Avanquest 2007-06-05 22:56 <DIR> d--h----- C:\WINDOWS\PIF 2007-06-05 18:58 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2007-06-04 15:11 <DIR> d-------- C:\80d6c776dbaf9ff44e 2007-06-04 14:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage 2007-06-04 12:00 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\VCOM 2007-06-04 11:59 <DIR> dr-hs---- C:\_Backup.RC 2007-06-04 11:59 <DIR> d--h----- C:\_Backup 2007-06-04 11:57 <DIR> d-------- C:\Program Files\VCOM 2007-06-04 11:57 <DIR> d-------- C:\DOCUME~1\ESTHER1\APPLIC~1\VCOM 2007-06-04 11:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-30 12:44 <DIR> d-------- C:\223fc1301c156c7844b00b 2007-05-29 15:14 <DIR> d-------- C:\WINDOWS\Prefetch 2007-05-29 15:07 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-05-29 15:07 0 --a------ C:\CONFIG.SYS 2007-05-29 15:07 0 --a------ C:\AUTOEXEC.BAT 2007-05-29 15:05 23,040 --a------ C:\WINDOWS\system32\fltmc.exe 2007-05-29 15:05 16,896 --a------ C:\WINDOWS\system32\fltlib.dll 2007-05-29 15:05 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2007-05-29 15:02 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-05-29 15:02 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-05-29 14:49 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-05-29 14:49 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-05-28 14:30 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-05-28 13:47 <DIR> d-------- C:\42c3b3e3f34eb11ef796e5 2007-05-28 13:14 <DIR> d-------- C:\WINDOWS\setup.pss 2007-05-28 09:29 <DIR> d-------- C:\WINDOWS\Provisioning 2007-05-28 09:29 <DIR> d-------- C:\WINDOWS\PeerNet 2007-05-28 09:29 <DIR> d-------- C:\WINDOWS\ehome 2007-05-28 09:29 <DIR> d-------- C:\WINDOWS\dell (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-28 19:20:36 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-28 19:14:13 -------- d-----w C:\Program Files\Windows Live Toolbar 2007-06-28 19:12:49 -------- d-----w C:\Program Files\Symantec 2007-06-19 16:45:30 -------- d-----w C:\DOCUME~1\ESTHER1\APPLIC~1\MSN6 2007-06-04 19:04:23 -------- d-----w C:\Program Files\Messenger 2007-05-29 19:05:18 -------- d-----w C:\Program Files\Movie Maker 2007-05-29 19:04:05 23,444 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-05-29 19:03:27 -------- d-----w C:\Program Files\Windows NT 2007-05-28 18:51:38 -------- d-----w C:\DOCUME~1\ESTHER1\APPLIC~1\Symantec 2007-05-28 16:48:55 -------- d-----w C:\Program Files\Norton AntiVirus 2007-05-28 16:45:00 -------- d-----w C:\Program Files\PCCW 2007-05-28 16:08:14 0 ----a-w C:\WINDOWS\ogx5r1bglo.dat 2007-05-28 13:07:23 4 ----a-w C:\WINDOWS\system32\libdmswm.dat 2007-05-25 13:22:40 28,160 ----a-w C:\WINDOWS\system32\install.exe 2007-05-25 13:04:55 16 ----a-w C:\WINDOWS\hfs.dat 2007-05-18 17:10:19 222 ----a-w C:\WINDOWS\system32\sysmwbt.exe7.exe 2007-05-18 13:09:53 16 ----a-w C:\WINDOWS\fdd.dat 2007-05-17 14:54:00 -------- d-----w C:\Program Files\CCleaner 2007-05-17 14:53:51 -------- d-----w C:\Program Files\Yahoo! 2007-05-16 16:52:55 62,802 ----a-w C:\WINDOWS\system32\wms7.exe 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-16 14:55:24 0 ----a-w C:\WINDOWS\pc3hid.exe 2007-05-15 13:17:56 16 ----a-w C:\WINDOWS\gdf.dat 2007-05-11 06:27:37 0 ----a-w C:\WINDOWS\vg8iqb.dll 2007-04-27 13:44:16 0 ----a-w C:\WINDOWS\pgdegfv.exe 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-19 14:01:28 16 ----a-w C:\WINDOWS\hpsys.dat 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-17 00:41:22 135,025 ----a-w C:\WINDOWS\btm32.exe 2007-04-16 14:04:43 0 ----a-w C:\WINDOWS\cdi1okj.dll 2007-04-11 19:24:55 0 ----a-w C:\WINDOWS\tcsrahrk2.reg 2007-03-29 05:30:24 0 ----a-w C:\WINDOWS\x0h7bh.reg ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 10:28] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 21:12] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 13:02] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-02 17:35] "VirusScannerPro"="C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe" [2007-01-29 16:02] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00] "XP restart system"="h" [] "System update"="C:\WINDOWS\TEMP\5074.exe" [2007-05-15 16:20] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean] C:\Cpqs\Scom\srmclean.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer ************************************************************************ catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-28 19:40:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-06-28 19:41:33 C:\ComboFix-quarantined-files.txt ... 2007-06-28 19:41 C:\ComboFix2.txt ... 2007-06-28 14:19 --- E O F ---