I did a scan before restarting after removing programs and wanted to make sure nothing was amiss because of this so did an after scan also. here they are in order.
ComboFix 08-06-07.3 - Owner 2008-06-08 13:45:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.268 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\ResErrors.log
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DHLP
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.
2008-06-08 10:08 . 2008-06-08 10:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-08 10:08 . 2008-06-08 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-31 00:06 . 2008-03-01 09:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-30 23:53 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-30 23:53 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-30 23:53 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-30 23:53 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-12 21:51 . 2008-05-12 21:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-12 21:51 . 2008-05-12 21:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 17:50 6,367,264 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-08 17:48 75,620 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-08 14:01 13,288 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-06-08 13:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-08 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-08 13:48 --------- d-----w C:\Program Files\SpywareGuard
2008-06-05 20:45 --------- d-----w C:\Program Files\DivX
2008-06-04 10:02 227,840 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-06-04 10:02 1,773,056 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-06-02 06:45 177,664 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-05-25 17:56 331,264 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-05-25 17:56 1,712,128 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-05-25 16:28 --------- d-----w C:\Program Files\UltimateBet
2008-05-25 13:01 --------- d-----w C:\Program Files\Full Tilt Poker
2008-05-25 12:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-25 12:59 --------- d-----w C:\Program Files\UltimateBuddy
2008-05-25 12:59 --------- d-----w C:\Program Files\4PLAY 4
2008-05-14 09:34 1,932,988 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-02 07:20 --------- d-----w C:\Program Files\Diablo II
2008-05-01 15:06 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-16 13:08 --------- d-----w C:\Program Files\Shareaza
2008-04-16 02:24 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-04-13 17:30 2,629,120 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-13 17:30 1,656,320 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-04-09 17:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-09 17:28 --------- d-----w C:\Program Files\Brother
2008-04-09 17:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 17:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-09 17:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\ScanSoft
2008-04-02 11:58 1,579,520 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-24 00:57 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-03-14 03:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-10-30 21:34 14,597,297 ------w C:\Program Files\AVG Anti-Spyware 7.5.rar
2007-10-30 21:31 3,757,149 ------w C:\Program Files\Lavasoft.rar
2007-10-30 21:30 463,582 ------w C:\Program Files\CCleaner.rar
2007-10-30 21:29 2,913,140 ------w C:\Program Files\WinRar.rar
2007-10-27 22:51 15,549,862 ------w C:\Program Files\Spybot - Search & Destroy.zip
2006-08-02 03:34 45,469,528 ----a-w C:\Program Files\NIS06910.exe
2006-08-01 23:45 42,873,781 ----a-w C:\Program Files\NSWBE06901.exe
2005-03-17 17:16 0 -c--a-w C:\Documents and Settings\Administrator.YOUR-E0A65F95D4\Application Data\wklnhst.dat
2001-06-18 21:12 1,509,888 ----a-w C:\Program Files\RT2.EXE
2005-03-15 01:42 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 16:00 200704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 19:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-10-18 18:05 135168]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 07:32 50688]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 04:51 172032]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-26 18:35 185784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-04-09 13:28:16 819200]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Domestic Security Version 4.87
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\kav\\kav7.0\\english\\setup.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2007-02-28 21:44]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
S2 FGUARD32;FGUARD32;C:\PROGRA~1\WINABI~1\FOLDER~1\FGUARD32.SYS []
S3 samhid;samhid;C:\WINDOWS\system32\drivers\samhid.sys [2004-07-14 12:51]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58f1d921-38a1-11d9-8b21-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73ca15af-5f69-11d9-ab64-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-08 13:50:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
.
**************************************************************************
.
Completion time: 2008-06-08 13:54:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-08 17:54:35
Pre-Run: 152,468,754,432 bytes free
Post-Run: 152,388,653,056 bytes free
151 --- E O F --- 2008-05-31 04:41:44
_________________________________________________________
ComboFix 08-06-07.3 - Owner 2008-06-08 13:55:55.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.216 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.
2008-06-08 10:08 . 2008-06-08 10:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-08 10:08 . 2008-06-08 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-31 00:06 . 2008-03-01 09:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-30 23:53 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-30 23:53 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-30 23:53 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-30 23:53 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-12 21:51 . 2008-05-12 21:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-12 21:51 . 2008-05-12 21:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 17:57 6,385,696 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-08 17:48 75,620 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-08 14:01 13,288 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-06-08 13:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-08 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-08 13:48 --------- d-----w C:\Program Files\SpywareGuard
2008-06-05 20:45 --------- d-----w C:\Program Files\DivX
2008-06-04 10:02 227,840 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-06-04 10:02 1,773,056 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-06-02 06:45 177,664 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-05-25 17:56 331,264 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-05-25 17:56 1,712,128 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-05-25 16:28 --------- d-----w C:\Program Files\UltimateBet
2008-05-25 13:01 --------- d-----w C:\Program Files\Full Tilt Poker
2008-05-25 12:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-25 12:59 --------- d-----w C:\Program Files\UltimateBuddy
2008-05-25 12:59 --------- d-----w C:\Program Files\4PLAY 4
2008-05-14 09:34 1,932,988 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-02 07:20 --------- d-----w C:\Program Files\Diablo II
2008-05-02 07:19 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-01 15:06 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-16 13:08 --------- d-----w C:\Program Files\Shareaza
2008-04-16 02:24 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-04-13 17:30 2,629,120 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-13 17:30 1,656,320 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-04-09 17:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-09 17:28 --------- d-----w C:\Program Files\Brother
2008-04-09 17:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 17:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-09 17:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\ScanSoft
2008-04-02 11:58 1,579,520 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-24 00:57 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 03:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-14 03:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-10-30 21:34 14,597,297 ------w C:\Program Files\AVG Anti-Spyware 7.5.rar
2007-10-30 21:31 3,757,149 ------w C:\Program Files\Lavasoft.rar
2007-10-30 21:30 463,582 ------w C:\Program Files\CCleaner.rar
2007-10-30 21:29 2,913,140 ------w C:\Program Files\WinRar.rar
2007-10-27 22:51 15,549,862 ------w C:\Program Files\Spybot - Search & Destroy.zip
2006-08-02 03:34 45,469,528 ----a-w C:\Program Files\NIS06910.exe
2006-08-01 23:45 42,873,781 ----a-w C:\Program Files\NSWBE06901.exe
2005-03-17 17:16 0 -c--a-w C:\Documents and Settings\Administrator.YOUR-E0A65F95D4\Application Data\wklnhst.dat
2001-06-18 21:12 1,509,888 ----a-w C:\Program Files\RT2.EXE
2005-03-15 01:42 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 16:00 200704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 19:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-10-18 18:05 135168]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 07:32 50688]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 04:51 172032]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-26 18:35 185784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-04-09 13:28:16 819200]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Domestic Security Version 4.87
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\kav\\kav7.0\\english\\setup.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2007-02-28 21:44]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
S2 FGUARD32;FGUARD32;C:\PROGRA~1\WINABI~1\FOLDER~1\FGUARD32.SYS []
S3 samhid;samhid;C:\WINDOWS\system32\drivers\samhid.sys [2004-07-14 12:51]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58f1d921-38a1-11d9-8b21-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73ca15af-5f69-11d9-ab64-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-08 13:57:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-08 13:59:08
ComboFix-quarantined-files.txt 2008-06-08 17:58:57
ComboFix2.txt 2008-06-08 17:54:41
Pre-Run: 153,070,837,760 bytes free
Post-Run: 153,042,538,496 bytes free
136 --- E O F --- 2008-05-31 04:41:44
The Devil