Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.205 [GMT 3:00]
Running from: C:\Documents and Settings\Ali\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
D:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://www.tucows.com
.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.
2008-05-18 16:48 . 2008-05-18 16:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-18 16:48 . 2008-05-18 16:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-15 06:24 . 2008-05-15 06:24 4 --a------ C:\WINDOWS\Future_H.CD
2008-05-12 07:09 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-10 05:05 . 2008-05-10 05:05 <DIR> d-------- C:\Program Files\inKline Global
2008-05-09 00:47 . 2008-05-16 03:43 <DIR> d-------- C:\Documents and Settings\Ali\Application Data\cleaner
2008-05-06 18:42 . 2008-05-06 18:42 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-05-06 18:42 . 2008-05-06 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-06 18:42 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-06 18:41 . 2008-05-06 18:41 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
2008-05-06 18:40 . 2008-05-06 18:40 <DIR> d-------- C:\Program Files\TechSmith
2008-05-03 21:25 . 2008-05-18 21:30 <DIR> d-------- C:\AntiVir PersonalEdition Premium
2008-05-03 19:47 . 2008-05-03 19:47 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-01 17:18 . 2008-05-01 17:18 <DIR> d-------- C:\Documents and Settings\Ali\Application Data\Thinstall
2008-05-01 16:55 . 2008-05-03 13:08 <DIR> d-------- C:\Converted Music
2008-05-01 16:42 . 2008-05-01 16:42 <DIR> d-------- C:\Program Files\TeraCopy
2008-05-01 16:42 . 2008-05-15 19:03 <DIR> d-------- C:\Documents and Settings\Ali\Application Data\TeraCopy
2008-05-01 16:17 . 2008-05-01 16:17 <DIR> d-------- C:\Program Files\ContextConvert Pro
2008-05-01 16:17 . 2008-05-01 16:18 <DIR> d-------- C:\Documents and Settings\Ali\Application Data\{0DF24E74-E0DC-43DE-BE71-09722967B823}
2008-05-01 16:16 . 2008-05-01 16:16 <DIR> d-------- C:\Documents and Settings\Ali\Application Data\Seven Zip
2008-05-01 15:58 . 2008-05-01 15:59 <DIR> d-------- C:\Program Files\Software by Design
2008-05-01 15:58 . 2005-05-22 08:00 90,112 --------- C:\WINDOWS\SDUnInst.exe
2008-05-01 15:31 . 2008-05-01 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\inSpeak
2008-05-01 15:31 . 2008-05-01 15:32 <DIR> d-------- C:\Documents and Settings\Ali\Application Data\inSpeak
2008-04-28 10:37 . 2008-04-28 10:37 <DIR> d-------- C:\Program Files\Digital Locker Assistant
2008-04-27 11:19 . 2008-04-27 11:19 <DIR> d-------- C:\Program Files\Paltalk Admin Bot
2008-04-27 11:19 . 2004-03-10 01:45 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-04-27 11:03 . 2008-04-27 11:03 <DIR> d-------- C:\Program Files\Autopilot
2008-04-25 05:16 . 2008-04-25 05:16 <DIR> d-------- C:\Program Files\ActiveX Control Pad
2008-04-25 05:16 . 2008-04-25 05:16 169,984 --a------ C:\WINDOWS\system32\P2D.DLL
2008-04-25 05:16 . 2008-04-25 05:16 161,552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL
2008-04-25 05:16 . 2008-04-25 05:16 127,488 --a------ C:\WINDOWS\system32\ISCTRLS.OCX
2008-04-25 05:16 . 2008-04-25 05:16 79,872 --a------ C:\WINDOWS\system32\MSNAUDIO.ACM
2008-04-25 05:16 . 2008-04-25 05:16 57,344 --a------ C:\WINDOWS\system32\COMMTB32.DLL
2008-04-25 05:16 . 2008-04-25 05:16 28,672 --a------ C:\WINDOWS\system32\HLP95EN.DLL
2008-04-19 19:52 . 2008-04-19 19:52 <DIR> d-------- C:\Documents and Settings\Ali\Application Data\SystemRequirementsLab
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 21:28 146,823,968 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-18 21:27 1,989,152 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-18 21:21 --------- d-----w C:\Documents and Settings\Ali\Application Data\DMCache
2008-05-18 21:21 --------- d-----w C:\Documents and Settings\Ali\Application Data\Babylon
2008-05-18 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-05-18 18:34 --------- d-----w C:\Documents and Settings\Ali\Application Data\Azureus
2008-05-18 13:11 --------- d-----w C:\Documents and Settings\Ali\Application Data\SiteAdvisor
2008-05-18 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-17 08:39 --------- d-----w C:\Program Files\TVK - CoolText Extreme
2008-05-16 08:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-16 00:57 193,832 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-16 00:57 1,965,080 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-15 21:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-15 05:53 --------- d-----w C:\Documents and Settings\Ali\Application Data\Skype
2008-05-12 03:52 --------- d-----w C:\Program Files\NoAdware5.0
2008-05-12 03:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-10 02:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 01:26 --------- d-----w C:\Documents and Settings\Ali\Application Data\cafe
2008-05-04 12:51 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-05-03 23:52 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-05-03 08:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-01 13:27 --------- d-----w C:\Documents and Settings\Ali\Application Data\uTorrent
2008-05-01 12:31 --------- d-----w C:\Program Files\inSpeak
2008-04-24 07:11 --------- d-----w C:\Documents and Settings\Ali\Application Data\LimeWire
2008-04-22 20:25 --------- d-----w C:\Program Files\Paltalk Messenger
2008-04-21 14:20 --------- d-----w C:\Program Files\Azureus
2008-04-21 10:24 --------- d-----w C:\Program Files\AskPBar
2008-04-19 00:15 --------- d-----w C:\Program Files\InterVideo
2008-04-19 00:13 --------- d-----w C:\Program Files\BearShare
2008-04-17 22:16 --------- d-----w C:\Program Files\Real
2008-04-17 12:46 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-17 12:46 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-10 04:00 --------- d-----w C:\Program Files\PrevxCSI
2008-04-06 23:48 --------- d-----w C:\Program Files\Elaborate Bytes
2008-04-06 23:43 --------- d-----w C:\Program Files\Dr Pc
2008-04-06 23:31 --------- d-----w C:\Documents and Settings\Guest\Application Data\SiteAdvisor
2008-04-06 23:30 --------- d-----w C:\Documents and Settings\Guest\Application Data\PC Suite
2008-04-05 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-04 02:40 --------- d-----w C:\Documents and Settings\Ali\Application Data\Paltalk
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-26 18:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-19 23:08 --------- d-----w C:\Program Files\DAP
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 17:27 50,520 ----a-w C:\WINDOWS\system32\csvidcap.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-26 21:50 312328]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-20 16:30 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32 455168]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"VTTimer"="VTTimer.exe" [2005-03-07 22:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-04-11 11:06 176128 C:\WINDOWS\system32\VTTrayp.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 19:50 200768]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-13 21:05 36640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 09:33 45056]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-11-03 04:50 6731312]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 01:56 158208]
"avgnt"="C:\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm
"vidc.yv12"= yv12vfw.dll
"msacm.speex32"= speex32.acm
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"MSACM.MSNAUDIO"= msnaudio.acm
[HKLM\~\startupfolder\C:^Documents and Settings^Ali^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Ali\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Ali^Start Menu^Programs^Startup^cafe.lnk]
path=C:\Documents and Settings\Ali\Start Menu\Programs\Startup\cafe.lnk
backup=C:\WINDOWS\pss\cafe.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Ali^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Ali\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^cafe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\cafe.lnk
backup=C:\WINDOWS\pss\cafe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=C:\WINDOWS\pss\PalStart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-11-03 04:50 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2007-08-22 03:01 2841824 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 19:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a--c--- 2006-11-08 13:27 222208 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
--a------ 2007-11-02 17:24 1065800 C:\Zyzoom_Spyware Doctor\SDTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2005-02-13 23:54 81920 C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 20:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-20 16:30 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SDTray"="C:\Zyzoom_Spyware Doctor\SDTrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\JetAudio\\JetAudio.exe"=
"C:\\Program Files\\JetAudio\\JetCast.exe"=
"C:\\Program Files\\JetAudio\\JetLyric.exe"=
"C:\\Program Files\\TuneUp Utilities 2007\\UpdateWizard.exe"=
"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"C:\\Program Files\\Ufasoft\\SocksChain\\SocksChain.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56404:TCP"= 56404:TCP
ando P2P TCP Listening Port
"56404:UDP"= 56404:UDP
ando P2P UDP Listening Port
R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 13:43]
R0 HFXP2;HFXP2;C:\WINDOWS\system32\DRIVERS\HFXP2.SYS [2004-12-30 15:49]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 06:38]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2006-12-16 23:37]
S2 antivirwebservice;Avira AntiVir Premium WebGuard;"C:\AntiVir PersonalEdition Premium\AVWEBGRD.EXE" [2008-04-09 15:57]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
s of the 'Scheduled Tasks' folder
"2008-05-16 14:16:21 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-05-19 00:28:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Ali\LOCALS~1\Temp\mc213D.tmp"
.
Completion time: 2008-05-19 0:30:40
ComboFix-quarantined-files.txt 2008-05-18 21:30:20
Pre-Run: 1,635,602,432 bytes free
Post-Run: 1,701,023,744 bytes free
280 --- E O F --- 2008-05-15 21:17:15
.png)
.png)
