ComboFix 08-05-01.1 - Administrator 2008-05-02 0:35:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2524 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 )))))))))))))))))))))))))))))))
.
2008-05-01 15:45 . 2008-05-01 15:45 <DIR> d-------- C:\Program Files\Tortun
2008-05-01 04:55 . 2008-05-01 04:56 178 --a------ C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2008-05-01 03:01 . 2008-05-01 03:01 <DIR> d-------- C:\b75b307b425acf509f660b0e2fb66425
2008-04-30 19:51 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-30 19:51 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-30 13:42 . 2008-04-30 13:42 <DIR> d-------- C:\Logs
2008-04-30 08:08 . 2008-04-30 08:08 <DIR> d-------- C:\Program Files\Siber Systems
2008-04-30 08:02 . 2008-04-30 18:38 <DIR> d-------- C:\Program Files\World of Warcraft
2008-04-30 01:56 . 2008-04-30 01:56 <DIR> d-------- C:\WINDOWS\Sun
2008-04-30 01:22 . 2008-04-30 01:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-30 01:19 . 2008-05-01 07:34 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-30 01:19 . 2008-05-01 07:34 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-30 01:10 . 2006-08-21 02:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-30 01:10 . 2006-08-21 02:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-30 01:10 . 2006-08-21 05:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-30 01:08 . 2008-04-30 13:15 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-30 01:06 . 2008-04-30 01:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-30 00:40 . 2006-08-25 08:45 617,472 -----c--- C:\WINDOWS\system32\dllcache\comctl32.dll
2008-04-30 00:33 . 2007-07-12 16:31 765,952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2008-04-30 00:33 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-30 00:12 . 2007-07-09 06:16 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-30 00:11 . 2006-03-20 20:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-04-30 00:08 . 2008-04-30 00:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-29 23:45 . 2008-05-01 07:43 2,666,528 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-29 23:45 . 2008-05-01 07:43 19,604 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-29 23:39 . 2008-04-29 23:39 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-29 23:39 . 2008-04-29 23:39 <DIR> d-------- C:\Program Files\CCleaner
2008-04-29 23:36 . 2008-04-29 23:37 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-29 23:36 . 2008-04-29 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-29 23:36 . 2005-08-29 19:01 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2008-04-29 23:36 . 2005-05-24 19:23 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2008-04-29 23:36 . 2005-01-09 20:32 181,938 --a------ C:\WINDOWS\Gateway.bmp
2008-04-29 23:36 . 2003-03-25 05:00 67,072 --a------ C:\WINDOWS\POWERCFG.EXE
2008-04-29 23:35 . 2008-04-29 23:35 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-29 23:35 . 2008-04-29 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-04-29 23:35 . 2008-04-29 23:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Creative
2008-04-29 23:34 . 2008-04-29 23:34 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-29 23:34 . 2008-04-29 23:34 <DIR> d-------- C:\Program Files\TurboTaxOnline
2008-04-29 23:34 . 2008-04-29 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-29 23:33 . 2008-04-29 23:33 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-29 23:33 . 2008-04-29 23:34 <DIR> d-------- C:\Program Files\Ahead
2008-04-29 23:33 . 2004-07-26 17:16 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2008-04-29 23:33 . 2004-07-26 17:16 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2008-04-29 23:33 . 2004-07-26 17:16 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2008-04-29 23:33 . 2004-07-26 17:16 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2008-04-29 23:33 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-29 23:33 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\Real
2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\QuickTime
2008-04-29 23:32 . 2008-04-30 00:07 <DIR> d-------- C:\Program Files\Pure Networks
2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\Learn2.com
2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\Common Files\Real
2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-04-29 23:32 . 2008-04-29 23:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-29 23:31 . 2008-04-29 22:46 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-04-29 23:31 . 2008-04-29 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-04-29 23:31 . 2008-04-29 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-04-29 23:31 . 2008-04-29 23:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-29 23:31 . 2004-06-30 09:49 1,044,480 --a------ C:\WINDOWS\system32\roboex32.dll
2008-04-29 23:30 . 2008-04-29 23:30 <DIR> d-------- C:\Program Files\Digital Media Reader
2008-04-29 23:30 . 2008-04-29 23:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Logitech
2008-04-29 23:29 . 2008-04-29 22:47 <DIR> d-------- C:\Program Files\Napster
2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Program Files\Logitech
2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Program Files\CyberLink
2008-04-29 23:29 . 2008-04-29 23:30 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-29 23:29 . 2008-04-29 22:43 <DIR> d-------- C:\Documents and Settings\Owner
2008-04-29 23:29 . 2008-04-29 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster
2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-04-29 23:29 . 2008-01-09 12:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-04-29 23:29 . 2008-01-09 12:27 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-04-29 23:29 . 2008-01-09 12:28 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-04-29 23:29 . 2008-01-09 12:28 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-04-29 23:29 . 2003-03-18 20:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-04-29 23:29 . 2008-01-09 12:28 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
2008-04-29 23:28 . 2008-04-29 23:28 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-04-29 23:28 . 2008-04-29 22:44 <DIR> d-------- C:\Program Files\BigFix
2008-04-29 23:28 . 2008-04-29 23:28 <DIR> d-------- C:\NVIDIA
2008-04-29 23:28 . 2004-07-15 14:06 471,298 --a------ C:\WINDOWS\wallpg.exe
2008-04-29 23:28 . 2008-03-24 11:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-04-29 23:28 . 2008-03-24 19:52 175,336 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-04-29 23:28 . 2005-01-11 13:09 51,656 --a------ C:\WINDOWS\system32\OEMLOGO.bmp
2008-04-29 23:28 . 2005-10-11 12:48 13,352 --a------ C:\WINDOWS\BigFixClientOverride.dll
2008-04-29 23:28 . 2008-04-29 23:36 953 --a------ C:\RebootLog.ini
2008-04-29 23:28 . 2008-04-29 23:28 2 --a------ C:\AUDIT_INSTALL_IN_PROGRESS
2008-04-29 23:27 . 2008-04-29 23:30 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-29 23:27 . 2008-05-01 07:40 <DIR> d-------- C:\Program Files\Netscape Internet Service
2008-04-29 23:27 . 2008-04-30 00:07 <DIR> d-------- C:\Program Files\Google
2008-04-29 23:27 . 2008-04-29 23:27 <DIR> d-------- C:\Program Files\Gateway
2008-04-29 23:27 . 2008-04-29 22:13 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-04-29 23:27 . 2008-05-01 07:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
2008-04-29 23:27 . 2008-04-29 23:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GlarySoft
2008-04-29 23:27 . 2008-04-29 23:27 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-04-29 23:27 . 2008-04-29 22:43 1,024 --ah----- C:\Documents and Settings\Default User\ntuser.dat.LOG
2008-04-29 23:27 . 2008-04-29 22:43 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
2008-04-29 23:26 . 2008-04-29 23:26 <DIR> d-------- C:\Program Files\Java
2008-04-29 23:26 . 2008-04-29 23:29 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-29 23:26 . 2008-04-29 23:26 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-29 23:26 . 2008-04-29 23:28 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-29 23:23 . 2008-04-29 23:31 <DIR> d-------- C:\Program Files\Intel
2008-04-29 23:23 . 2008-04-29 23:23 <DIR> d-------- C:\Program Files\DNA
2008-04-29 23:23 . 2008-04-29 23:23 <DIR> d-------- C:\Program Files\Common Files\New Boundary
2008-04-29 23:23 . 2008-04-29 23:23 <DIR> d-------- C:\Program Files\BitTorrent
2008-04-29 23:23 . 2008-04-29 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prism Deploy
2008-04-29 23:23 . 2008-05-02 00:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DNA
2008-04-29 23:22 . 2008-04-29 23:22 <DIR> d-------- C:\Program Files\Registry Repair
2008-04-29 23:21 . 2008-04-29 23:21 <DIR> d-------- C:\Program Files\Microsoft Streets and Trips
2008-04-29 23:21 . 2008-04-29 23:21 <DIR> d-------- C:\Program Files\Encarta
2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\WINDOWS\ShellNew
2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Ventrilo
2008-04-29 23:20 . 2008-04-29 23:30 <DIR> d-------- C:\Program Files\Picture It! Premium 10
2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Microsoft Works Suite 2005
2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Microsoft Money 2005
2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-04-29 23:20 . 2008-04-29 23:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 23:20 . 2008-04-30 18:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ventrilo
2008-04-29 23:20 . 2008-04-29 23:20 376 --a------ C:\WINDOWS\ODBC.INI
2008-04-29 23:19 . 2008-04-30 00:07 <DIR> d-------- C:\WINDOWS\nview
2008-04-29 23:19 . 2008-03-24 19:52 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-29 23:19 . 2008-05-01 22:03 168,688 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-29 23:19 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 14:48 729,088 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-01 14:48 1,507,840 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-04-30 06:32 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-04-30 06:30 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-30 06:30 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-04-30 05:13 --------- d-----w C:\Program Files\Windows Plus
2008-04-30 05:13 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-03 03:07 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-04-03 03:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-29 23:35 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-29 23:35 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-29 23:35 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-29 22:47 171448]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-29 23:23 289088]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-04-30 08:08 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-24 19:52 13524992]
"nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"Gateway Extended Warranty"="C:\Program Files\Gateway\GWCares\GWCares.exe" [2004-02-08 16:30 73728]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 16:19 77312 C:\WINDOWS\arpwrmsg.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-08-27 05:09 139264]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 12:30 139264]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"CTHelper"="CTHELPER.EXE" [2005-10-29 20:31 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-10-29 20:31 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 10:37 79224]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-24 19:52 86016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 20:07 919016]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-08-26 14:26 212992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-29 23:32 98304]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2008-04-29 23:28:45 2168360]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-29 23:29:58 789008]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 10:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 10:35]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-10-29 20:16]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-30 05:43:22 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-04-30 05:43:22 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-02 05:04:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-02 00:37:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
Completion time: 2008-05-02 0:37:45
ComboFix-quarantined-files.txt 2008-05-02 07:37:40
Pre-Run: 289,639,620,608 bytes free
Post-Run: 290,189,406,208 bytes free
247 --- E O F --- 2008-05-02 07:17:24
HERE IS THE LOG W/O RECOVERY CONCOLE STILL TRYIN TO FIGURE OUT HOW TO USE THE CONSOLE
