Foro de Spyware - Ver Mensaje Individual - Antivirus, Firewall desactivado

Tema: Antivirus, Firewall desactivado

Ver Mensaje Individual

post #7 (permalink)

07/03/08, 17:01:47

Mirjeshua

Usuario

Registrado: dic 2007

Ubicación: Mexico

Mensajes: 4

Re: Antivirus, Firewall desactivado

ComboFix 08-03-07.3 - HP_Administrator 2008-03-07 14:54:35.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.469 [GMT -6:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.

2008-03-07 14:48 . 2008-03-07 14:48 <DIR> d-------- C:\ComboFix(2)
2008-03-07 14:27 . 2008-03-07 14:27 244 --ah----- C:\sqmnoopt11.sqm
2008-03-07 14:27 . 2008-03-07 14:27 232 --ah----- C:\sqmdata11.sqm
2008-03-07 14:16 . 2008-03-07 14:16 244 --ah----- C:\sqmnoopt10.sqm
2008-03-07 14:16 . 2008-03-07 14:16 232 --ah----- C:\sqmdata10.sqm
2008-03-07 14:15 . 2008-03-07 14:15 244 --ah----- C:\sqmnoopt09.sqm
2008-03-07 14:15 . 2008-03-07 14:15 232 --ah----- C:\sqmdata09.sqm
2008-03-07 14:09 . 2008-03-07 14:09 244 --ah----- C:\sqmnoopt08.sqm
2008-03-07 14:09 . 2008-03-07 14:09 232 --ah----- C:\sqmdata08.sqm
2008-03-06 10:23 . 2008-03-06 10:23 244 --ah----- C:\sqmnoopt07.sqm
2008-03-06 10:23 . 2008-03-06 10:23 244 --ah----- C:\sqmnoopt06.sqm
2008-03-06 10:23 . 2008-03-06 10:23 232 --ah----- C:\sqmdata07.sqm
2008-03-06 10:23 . 2008-03-06 10:23 232 --ah----- C:\sqmdata06.sqm
2008-03-06 10:22 . 2008-03-06 10:22 244 --ah----- C:\sqmnoopt05.sqm
2008-03-06 10:22 . 2008-03-06 10:22 244 --ah----- C:\sqmnoopt04.sqm
2008-03-06 10:22 . 2008-03-06 10:22 232 --ah----- C:\sqmdata05.sqm
2008-03-06 10:22 . 2008-03-06 10:22 232 --ah----- C:\sqmdata04.sqm
2008-03-06 10:21 . 2008-03-06 10:21 244 --ah----- C:\sqmnoopt03.sqm
2008-03-06 10:21 . 2008-03-06 10:21 244 --ah----- C:\sqmnoopt02.sqm
2008-03-06 10:21 . 2008-03-06 10:21 244 --ah----- C:\sqmnoopt01.sqm
2008-03-06 10:21 . 2008-03-06 10:21 232 --ah----- C:\sqmdata03.sqm
2008-03-06 10:21 . 2008-03-06 10:21 232 --ah----- C:\sqmdata02.sqm
2008-03-06 10:21 . 2008-03-06 10:21 232 --ah----- C:\sqmdata01.sqm
2008-03-06 10:20 . 2008-03-06 10:20 244 --ah----- C:\sqmnoopt00.sqm
2008-03-06 10:20 . 2008-03-06 10:20 232 --ah----- C:\sqmdata00.sqm
2008-03-04 19:00 . 2008-03-07 14:09 37 --a------ C:\WINDOWS\ !Ï
2008-03-04 18:28 . 2008-03-04 19:06 <DIR> d-------- C:\WINDOWS\system32\PAV
2008-03-04 18:28 . 2008-03-04 18:28 <DIR> d-------- C:\Program Files\Prodigy Antivirus
2008-03-04 18:28 . 2007-01-23 18:49 71,680 --------- C:\WINDOWS\system32\drivers\PAVDRV51.SYS
2008-03-04 18:28 . 2006-05-02 09:40 49,152 --a------ C:\WINDOWS\system32\pavcpl.cpl
2008-03-04 18:28 . 2006-07-14 13:46 45,056 --a------ C:\WINDOWS\system32\avldr.dll
2008-03-04 18:28 . 2008-03-04 18:28 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-03-04 18:12 . 2008-03-04 18:12 37 --a------ C:\WINDOWS\ø'
2008-02-28 21:52 . 2008-02-28 21:59 110,548 --a------ C:\WINDOWS\hpoins08.dat
2008-02-28 21:52 . 2006-01-24 00:15 7,577 --------- C:\WINDOWS\hpomdl08.dat
2008-02-25 20:29 . 2008-02-25 20:29 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ATI
2008-02-25 20:29 . 2008-02-25 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-02-25 20:29 . 2008-02-25 20:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-25 20:25 . 2008-01-22 14:42 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-02-25 20:02 . 2008-02-25 20:02 <DIR> d-------- C:\WINDOWS\Performance
2008-02-25 20:01 . 2008-02-25 20:01 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-02-25 20:01 . 2008-02-25 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-02-24 19:37 . 2008-03-07 14:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-24 19:37 . 2008-02-24 19:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-22 15:02 . 2008-02-22 15:02 <DIR> d-------- C:\Program Files\iTunes
2008-02-22 15:02 . 2008-02-22 15:02 <DIR> d-------- C:\Program Files\iPod
2008-02-21 18:05 . 2008-02-21 18:05 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-21 17:06 . 2008-02-21 17:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-20 19:30 . 2008-02-20 19:55 <DIR> d-------- C:\Program Files\3D Live Pool
2008-02-20 17:37 . 2008-02-20 17:38 <DIR> d-------- C:\Program Files\Project64 v1.5
2008-02-19 11:13 . 2008-02-19 11:13 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-18 13:12 . 2008-02-18 13:12 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-15 09:06 . 2008-02-26 15:42 <DIR> d-------- C:\Program Files\Panda Security
2008-02-11 12:04 . 2008-02-11 12:04 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\PCF-VLC
2008-02-07 19:01 . 2008-02-07 19:01 <DIR> d-------- C:\PC-Sync
2008-02-07 18:21 . 2008-02-07 18:57 <DIR> d-------- C:\Program Files\PC Sync Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-05 00:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-27 16:27 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-27 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-27 15:56 --------- d-----w C:\Program Files\Windows Live
2008-02-26 02:27 --------- d-----w C:\Program Files\ATI Technologies
2008-02-23 01:44 --------- d-----w C:\Program Files\Bonjour
2008-02-22 21:00 --------- d-----w C:\Program Files\QT Lite
2008-02-21 13:07 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-20 14:16 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\.purple
2008-02-11 18:57 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2008-02-11 18:16 --------- d-----w C:\Program Files\Java
2008-02-11 18:10 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-11 18:10 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-02-11 18:02 118,784 ----a-w C:\WINDOWS\SeaMonkeyUninstall.exe
2008-02-11 18:02 118,784 ----a-w C:\WINDOWS\GREUninstall.exe
2008-02-11 17:58 --------- d-----w C:\Program Files\Songbird
2008-02-11 17:52 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-02-09 00:46 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Winamp
2008-02-06 16:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-06 16:53 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-02-06 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-06 16:52 744,853 ----a-w C:\PAVARK.exe
2008-02-06 00:34 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org2
2008-02-01 23:24 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-01 22:50 --------- d-----w C:\Program Files\HP
2008-02-01 20:42 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Printer Info Cache
2008-02-01 20:42 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Image Zone Express
2008-02-01 17:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-02-01 15:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-01 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-01 15:12 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-01-31 01:27 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-30 23:34 --------- d-----w C:\Program Files\CCleaner
2008-01-30 01:47 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-01-29 16:42 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Template
2008-01-29 16:40 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\HP
2008-01-25 00:45 --------- d-----w C:\Program Files\Microsoft Student
2008-01-25 00:41 --------- d-----w C:\Program Files\Learning Essentials
2008-01-24 18:45 --------- d-----w C:\Program Files\Badongo
2008-01-24 05:26 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\TuneUp Software
2008-01-23 17:37 --------- d-----w C:\Program Files\Reference Assemblies
2008-01-23 17:21 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-22 21:38 2,845,696 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-01-22 21:38 2,845,696 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-01-22 20:04 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-01-22 20:01 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-01-22 19:59 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-01-22 19:58 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-01-22 19:58 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-01-22 19:57 163,840 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-01-22 19:53 503,808 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-01-21 21:13 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\gtk-2.0
2008-01-21 00:29 --------- d-----w C:\Program Files\Unlocker
2008-01-21 00:07 --------- d-----w C:\Program Files\QuickSFV
2008-01-20 23:50 --------- d-----w C:\Program Files\Hacha
2008-01-20 23:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-20 22:56 --------- d-----w C:\Program Files\Microsoft Expression
2008-01-20 22:53 --------- d-----w C:\Program Files\MSECache
2008-01-20 22:46 --------- d-----w C:\Program Files\NAUTA
2008-01-20 22:45 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-20 22:32 --------- d-----w C:\Program Files\MSBuild
2008-01-20 22:32 --------- d-----w C:\Program Files\Microsoft Works
2008-01-20 22:31 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-20 21:48 --------- d-----w C:\Program Files\LimeWire
2008-01-20 21:32 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Wormux
2008-01-20 21:31 --------- d-----w C:\Program Files\Wormux
2008-01-20 20:45 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2008-01-20 20:23 --------- d-----w C:\Program Files\Google
2008-01-20 20:16 --------- d-----w C:\Program Files\Participatory Culture Foundation
2008-01-20 20:14 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-20 20:07 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Participatory Culture Foundation
2008-01-20 20:06 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-20 20:02 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-01-20 19:36 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\K-Meleon
2008-01-20 19:35 --------- d-----w C:\Program Files\K-Meleon
2008-01-20 19:31 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Thunderbird
2008-01-20 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-01-20 19:27 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Songbird1
2008-01-20 19:24 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-01-20 19:21 --------- d-----w C:\Program Files\Nvu
2008-01-20 19:21 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Nvu
2008-01-20 19:20 --------- d-----w C:\Program Files\mozilla.org
2008-01-20 19:20 --------- d-----w C:\Program Files\Common Files\mozilla.org
2008-01-20 19:16 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Talkback
2008-01-20 19:14 --------- d-----w C:\Program Files\Pidgin
2008-01-20 19:14 --------- d-----w C:\Program Files\Common Files\GTK
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 22:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 15:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 00:19 77312 C:\WINDOWS\arpwrmsg.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 00:35 49152]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 08:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 17:18 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-11 18:13 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 03:57 16855552 C:\WINDOWS\RTHDCPL.EXE]
"PCDrProfiler"="" []
"QuickTime Task"="C:\Program Files\QT Lite\QTTask.exe" [2008-01-31 23:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"APVXDWIN"="C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\APVXDWIN.exe" [2007-01-25 18:50 321072]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 17:40:44 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2006-07-14 13:46 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Spanish\\setup.exe"=
"C:\\Program Files\\3D Live Pool\\3D Live Pool.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 dontgo;Promise Removable Disk Control Driver;C:\WINDOWS\system32\DRIVERS\DontGo.sys [2004-06-29 14:25]
R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpi osys.sys [2004-11-30 12:10]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{374ae56a-cec1-11dc-adbe-0016ec9f4251}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 23:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-29 20:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 14:58:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-03-07 14:59:07
ComboFix-quarantined-files.txt 2008-03-07 20:59:03
ComboFix2.txt 2008-02-27 17:30:42
.
2008-02-27 15:57:11 --- E O F ---