Foro de Spyware - Ver Mensaje Individual - Antivirus, Firewall desactivado

Tema: Antivirus, Firewall desactivado

Ver Mensaje Individual

post #3 (permalink)

27/02/08, 13:47:10

Mirjeshua

Usuario

Registrado: dic 2007

Ubicación: Mexico

Mensajes: 4

Re: Antivirus, Firewall desactivado

Ok de antemano gracias por la ayuda y disculpa la demora realice lo que me indicaste aunque entraron a la computadora y desinstalaron el antivirus aun asi lo hice este es el reporte pero ahora no puedo intalar ningun antivirus dice que se provoco un error y que para continuar debo reiniciar, el firewall ya se activo en fin espero me indiques que puedo hacer.

ComboFix 08-02-25.3 - HP_Administrator 2008-02-27 11:27:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.366 [GMT -6:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-25 20:29 . 2008-02-25 20:29 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ATI
2008-02-25 20:29 . 2008-02-25 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-02-25 20:29 . 2008-02-25 20:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-25 20:25 . 2008-01-22 14:42 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-02-25 20:02 . 2008-02-25 20:02 <DIR> d-------- C:\WINDOWS\Performance
2008-02-25 20:01 . 2008-02-25 20:01 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-02-25 20:01 . 2008-02-25 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-02-24 19:37 . 2008-02-27 10:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-24 19:37 . 2008-02-24 19:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-22 15:02 . 2008-02-22 15:02 <DIR> d-------- C:\Program Files\iTunes
2008-02-22 15:02 . 2008-02-22 15:02 <DIR> d-------- C:\Program Files\iPod
2008-02-21 18:05 . 2008-02-21 18:05 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-21 17:06 . 2008-02-21 17:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-20 19:30 . 2008-02-20 19:55 <DIR> d-------- C:\Program Files\3D Live Pool
2008-02-20 17:37 . 2008-02-20 17:38 <DIR> d-------- C:\Program Files\Project64 v1.5
2008-02-19 11:13 . 2008-02-19 11:13 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-18 13:12 . 2008-02-18 13:12 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-15 09:06 . 2008-02-26 15:42 <DIR> d-------- C:\Program Files\Panda Security
2008-02-11 12:04 . 2008-02-11 12:04 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\PCF-VLC
2008-02-07 19:01 . 2008-02-07 19:01 <DIR> d-------- C:\PC-Sync
2008-02-07 18:21 . 2008-02-07 18:57 <DIR> d-------- C:\Program Files\PC Sync Manager
2008-02-06 11:01 . 2008-02-21 07:07 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-06 11:01 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-06 10:53 . 2008-02-27 10:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-06 10:53 . 2008-02-06 10:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-06 10:53 . 2008-02-06 10:53 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-02-06 10:53 . 2008-02-06 10:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-06 10:52 . 2008-02-06 10:52 744,853 --a------ C:\PAVARK.exe
2008-02-05 13:07 . 2008-02-05 13:09 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-01 20:14 . 2008-02-01 20:14 <DIR> d-------- C:\MSNCleaner
2008-02-01 14:42 . 2008-02-01 14:42 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Printer Info Cache
2008-02-01 14:42 . 2008-02-01 14:42 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Image Zone Express
2008-02-01 11:17 . 2008-02-01 11:17 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
2008-02-01 10:56 . 2008-02-27 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-01 10:13 . 2008-02-01 10:13 <DIR> d-------- C:\IniRem 2.0.3
2008-02-01 10:02 . 2008-02-01 10:02 <DIR> d-------- C:\WinsockxpFix
2008-02-01 09:14 . 2008-02-01 09:12 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-01 09:14 . 2008-02-01 09:14 3,463 --a------ C:\WINDOWS\unins000.dat
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-31 22:04 . 2008-02-01 10:23 37 --a------ C:\WINDOWS\˜L
2008-01-31 15:30 . 2008-01-31 15:30 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-31 15:30 . 2008-01-31 15:30 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-30 17:34 . 2008-01-30 17:34 <DIR> d-------- C:\Program Files\CCleaner
2008-01-29 10:42 . 2008-01-29 10:42 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Template
2008-01-29 10:40 . 2008-01-29 10:40 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP
2008-01-29 10:34 . 2005-03-22 06:48 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-01-29 10:34 . 2007-01-19 11:46 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-01-29 10:34 . 2005-10-14 22:42 46,592 --a------ C:\WINDOWS\system32\hpzll43a.dll
2008-01-29 10:34 . 2007-01-19 11:46 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-01-29 10:34 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-29 10:34 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-29 10:31 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-29 10:31 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-29 10:27 . 2008-01-29 10:39 110,601 --a------ C:\WINDOWS\hpoins08.dat
2008-01-29 10:27 . 2006-01-24 00:15 7,577 --------- C:\WINDOWS\hpomdl08.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-27 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 15:56 --------- d-----w C:\Program Files\Windows Live
2008-02-26 02:27 --------- d-----w C:\Program Files\ATI Technologies
2008-02-23 01:44 --------- d-----w C:\Program Files\Bonjour
2008-02-23 01:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-22 21:00 --------- d-----w C:\Program Files\QT Lite
2008-02-20 14:16 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\.purple
2008-02-11 18:57 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2008-02-11 18:16 --------- d-----w C:\Program Files\Java
2008-02-11 18:10 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-11 18:10 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-02-11 18:02 118,784 ----a-w C:\WINDOWS\SeaMonkeyUninstall.exe
2008-02-11 18:02 118,784 ----a-w C:\WINDOWS\GREUninstall.exe
2008-02-11 17:58 --------- d-----w C:\Program Files\Songbird
2008-02-11 17:52 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-02-09 00:46 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Winamp
2008-02-06 00:34 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org2
2008-02-01 23:24 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-01 22:50 --------- d-----w C:\Program Files\HP
2008-02-01 15:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-01 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-31 01:27 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-30 01:47 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-01-25 00:45 --------- d-----w C:\Program Files\Microsoft Student
2008-01-25 00:41 --------- d-----w C:\Program Files\Learning Essentials
2008-01-24 18:45 --------- d-----w C:\Program Files\Badongo
2008-01-24 05:26 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\TuneUp Software
2008-01-23 17:37 --------- d-----w C:\Program Files\Reference Assemblies
2008-01-23 17:21 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-22 21:38 2,845,696 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-01-22 21:38 2,845,696 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-01-22 20:04 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-01-22 20:01 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-01-22 19:59 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-01-22 19:58 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-01-22 19:58 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-01-22 19:57 163,840 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-01-22 19:53 503,808 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-01-21 21:13 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\gtk-2.0
2008-01-21 00:29 --------- d-----w C:\Program Files\Unlocker
2008-01-21 00:07 --------- d-----w C:\Program Files\QuickSFV
2008-01-20 23:50 --------- d-----w C:\Program Files\Hacha
2008-01-20 23:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-20 22:56 --------- d-----w C:\Program Files\Microsoft Expression
2008-01-20 22:53 --------- d-----w C:\Program Files\MSECache
2008-01-20 22:46 --------- d-----w C:\Program Files\NAUTA
2008-01-20 22:45 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-20 22:32 --------- d-----w C:\Program Files\MSBuild
2008-01-20 22:32 --------- d-----w C:\Program Files\Microsoft Works
2008-01-20 22:31 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-20 21:48 --------- d-----w C:\Program Files\LimeWire
2008-01-20 21:32 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Wormux
2008-01-20 21:31 --------- d-----w C:\Program Files\Wormux
2008-01-20 20:45 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2008-01-20 20:23 --------- d-----w C:\Program Files\Google
2008-01-20 20:16 --------- d-----w C:\Program Files\Participatory Culture Foundation
2008-01-20 20:14 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-20 20:07 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Participatory Culture Foundation
2008-01-20 20:06 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-20 20:02 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-01-20 19:36 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\K-Meleon
2008-01-20 19:35 --------- d-----w C:\Program Files\K-Meleon
2008-01-20 19:31 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Thunderbird
2008-01-20 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-01-20 19:27 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Songbird1
2008-01-20 19:24 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-01-20 19:21 --------- d-----w C:\Program Files\Nvu
2008-01-20 19:21 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Nvu
2008-01-20 19:20 --------- d-----w C:\Program Files\mozilla.org
2008-01-20 19:20 --------- d-----w C:\Program Files\Common Files\mozilla.org
2008-01-20 19:16 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Talkback
2008-01-20 19:14 --------- d-----w C:\Program Files\Pidgin
2008-01-20 19:14 --------- d-----w C:\Program Files\Common Files\GTK
2008-01-20 19:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\FileZilla
2008-01-20 19:09 --------- d-----w C:\Program Files\WinSCP
2008-01-20 19:06 --------- d-----w C:\Program Files\FileZilla Client
2008-01-20 18:55 --------- d-----w C:\Program Files\Inkscape
2008-01-20 18:55 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Inkscape
2008-01-20 18:52 --------- d-----w C:\Program Files\Scribus 1.3.3.9
2008-01-20 18:49 --------- d-----w C:\Program Files\Dia
2008-01-20 18:48 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_78.exe
2008-01-20 18:48 15,094 ----a-w C:\Program Files\settings.dat
2008-01-20 18:48 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-01-20 18:48 --------- d-----w C:\Program Files\PDFCreator
2008-01-20 18:27 --------- d-----w C:\Program Files\AbiSuite2
2008-01-20 18:18 --------- d-----w C:\Program Files\Azemp
2008-01-20 18:14 --------- d-----w C:\Program Files\aMSN
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 22:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 15:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 00:19 77312 C:\WINDOWS\arpwrmsg.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 00:35 49152]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 08:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 17:18 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-11 18:13 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 03:57 16855552 C:\WINDOWS\RTHDCPL.EXE]
"PCDrProfiler"="" []
"QuickTime Task"="C:\Program Files\QT Lite\QTTask.exe" [2008-01-31 23:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 17:40:44 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 dontgo;Promise Removable Disk Control Driver;C:\WINDOWS\system32\DRIVERS\DontGo.sys [2004-06-29 14:25]
R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpi osys.sys [2004-11-30 12:10]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{374ae56a-cec1-11dc-adbe-0016ec9f4251}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 23:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-22 20:34:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 11:30:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-27 11:30:42
ComboFix-quarantined-files.txt 2008-02-27 17:30:39
.
2008-02-27 15:57:11 --- E O F ---