Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.80 [GMT -4:00]
Running from: C:\Documents and Settings\Kimberly\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Kimberly\Application Data\RACLE~1
C:\Documents and Settings\Kimberly\My Documents\APPATC~1
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\ystem~1
C:\Program Files\Internet Explorer\hekyr89104.dll
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\gbRve12
C:\Temp\gbRve12\csLioes.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\temp\tn3
C:\WINDOWS\BMa74eceda.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aaqakssx.dll
C:\WINDOWS\system32\akykurud.dll
C:\WINDOWS\system32\bgppcikg.dll
C:\WINDOWS\system32\cclmmpoe.dll
C:\WINDOWS\system32\ceggh.ini
C:\WINDOWS\system32\ceggh.ini2
C:\WINDOWS\system32\dlwaxirt.dll
C:\WINDOWS\system32\drivers\serenumm.sys
C:\WINDOWS\system32\eopmmlcc.ini
C:\WINDOWS\system32\gkicppgb.ini
C:\WINDOWS\system32\hggec.dll
C:\WINDOWS\system32\hiyhbgas.ini
C:\WINDOWS\system32\hvwmxiiy.dll
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\iDlo01\iDlo011065.exe
C:\WINDOWS\system32\jkkhiji.dll
C:\WINDOWS\system32\kfgbpwop.dll
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\knnnn.ini
C:\WINDOWS\system32\knnnn.ini2
C:\WINDOWS\system32\lccraihb.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pvhmfgju.dll
C:\WINDOWS\system32\qtvut.ini
C:\WINDOWS\system32\qtvut.ini2
C:\WINDOWS\system32\rahvytcv.dll
C:\WINDOWS\system32\rosjopny.dll
C:\WINDOWS\system32\sagbhyih.dll
C:\WINDOWS\system32\scwgkgnj.dll
C:\WINDOWS\system32\sndjmdpy.ini
C:\WINDOWS\system32\svghljoe.dll
C:\WINDOWS\system32\svsmtcit.dll
C:\WINDOWS\system32\syjcoagq.dll
C:\WINDOWS\system32\tictmsvs.ini
C:\WINDOWS\system32\tuvtq.dll
C:\WINDOWS\system32\uijjctdb.dll
C:\WINDOWS\system32\vclvywmb.dll
C:\WINDOWS\system32\wncuwbfh.dll
C:\WINDOWS\system32\xxycf.ini
C:\WINDOWS\system32\xxycf.ini2
C:\WINDOWS\system32\xxyvwtq.dll
C:\WINDOWS\system32\yaonsyuv.dll
C:\WINDOWS\system32\ypdmjdns.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_NWSAPAGENT
-------\Legacy_SERENUMM
-------\Legacy_TNIDRIVER
-------\Service_Network Monitor
-------\Service_NwSapAgent
-------\Service_serenumm
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.
2008-03-29 17:02 . 2008-03-29 17:02 49,166 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-03-29 17:02 . 2008-03-29 17:02 32 --a------ C:\WINDOWS\system32\msnav32.ax
2008-03-26 17:52 . 2008-03-26 17:52 <DIR> d-------- C:\Documents and Settings\Kimberly\Application Data\GlarySoft
2008-03-26 17:03 . 2008-03-26 17:03 <DIR> d-------- C:\Program Files\Registry Repair
2008-03-25 07:00 . 2008-03-26 18:43 1,580,598 ---hs---- C:\WINDOWS\system32\rsrtevae.ini
2008-03-24 23:31 . 2008-03-24 23:31 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-24 23:31 . 2008-03-24 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-24 08:20 . 2006-01-03 17:45 1,989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2008-03-24 08:19 . 2008-03-24 08:19 <DIR> d-------- C:\WINDOWS\system32\xTmp
2008-03-24 08:19 . 2008-03-24 08:19 <DIR> d-------- C:\WINDOWS\system32\winz1
2008-03-24 08:19 . 2008-03-24 08:19 <DIR> d-------- C:\WINDOWS\system32\usnv
2008-03-24 08:19 . 2008-03-24 08:19 <DIR> d-------- C:\WINDOWS\system32\IDME
2008-03-24 08:19 . 2008-03-24 08:19 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-03-24 08:19 . 2008-03-24 08:19 41,723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-03-24 08:18 . 2008-03-24 08:18 <DIR> d-------- C:\WINDOWS\system32\aqVreo01
2008-03-21 11:40 . 2008-03-21 11:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-20 11:27 . 2008-03-20 12:55 1,768,172 ---hs---- C:\WINDOWS\system32\mosajaei.ini
2008-03-19 19:58 . 2008-03-24 08:20 <DIR> d--hs---- C:\WINDOWS\S2ltYmVybHk
2008-03-19 18:05 . 2008-03-19 18:05 37,376 -ra------ C:\WINDOWS\mrofinu572.exe
2008-03-19 12:58 . 2008-03-20 11:06 1,498,701 ---hs---- C:\WINDOWS\system32\cthvecqp.ini
2008-03-19 11:13 . 2008-03-19 11:15 1,534,455 ---hs---- C:\WINDOWS\system32\txtynkrn.ini
2008-03-19 00:36 . 2008-03-25 00:17 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-03-18 11:53 . 2008-03-27 09:14 <DIR> d-------- C:\Program Files\CPV
2008-03-18 11:06 . 2008-03-18 16:32 1,522,605 ---hs---- C:\WINDOWS\system32\hfgkhdgj.ini
2008-03-17 13:39 . 2008-03-17 11:39 66,560 --a------ C:\WINDOWS\b155.exe
2008-03-17 08:22 . 2008-03-18 10:56 1,371,044 ---hs---- C:\WINDOWS\system32\bfirkuts.ini
2008-03-15 13:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-15 08:43 . 2008-03-15 08:43 32,768 --a------ C:\WINDOWS\system32\aqVreo01\aqVreo011065.exe
2008-03-14 13:58 . 2008-03-14 20:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-14 13:58 . 2008-03-14 13:58 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-14 13:58 . 2008-03-14 13:58 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-14 13:58 . 2008-03-14 13:58 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-13 20:12 . 2008-03-13 20:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-09 19:10 . 2006-08-21 05:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-03-09 19:10 . 2006-08-21 05:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-03-09 19:10 . 2006-08-21 08:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-03-09 16:01 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-09 15:52 . 2008-03-11 07:30 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-09 15:40 . 2008-03-09 15:40 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-09 15:40 . 2008-03-09 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-09 15:33 . 2008-03-17 07:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-09 15:33 . 2008-03-09 15:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 14:54 . 2008-03-09 15:12 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-03-09 14:54 . 2004-08-04 01:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-09 14:51 . 2004-08-04 01:56 59,392 --------- C:\WINDOWS\system32\logman.exe
2008-03-09 14:51 . 2004-08-04 01:56 9,216 --------- C:\WINDOWS\system32\proxycfg.exe
2008-03-09 14:49 . 2008-03-09 14:49 <DIR> d-------- C:\WINDOWS\provisioning
2008-03-09 14:46 . 2004-08-04 01:56 388,608 --a--c--- C:\WINDOWS\system32\dllcache\cmd.exe
2008-03-09 14:46 . 2004-08-04 01:56 388,608 --a------ C:\WINDOWS\system32\cmd.exe
2008-03-09 14:43 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-03-09 14:43 . 2007-07-30 19:19 203,096 --a--c--- C:\WINDOWS\system32\dllcache\wuweb.dll
2008-03-09 14:40 . 2008-03-09 14:40 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-09 14:32 . 2004-08-04 01:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-03-09 14:29 . 2004-07-17 12:40 19,528 --a------ C:\WINDOWS\002154_.tmp
2008-03-09 14:18 . 2008-03-09 14:18 <DIR> d-------- C:\WINDOWS\EHome
2008-03-09 11:10 . 2006-08-16 05:37 225,664 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-03-09 11:10 . 2006-08-16 07:58 100,352 -----c--- C:\WINDOWS\system32\dllcache\6to4svc.dll
2008-03-09 11:07 . 2006-06-22 06:47 181,248 -----c--- C:\WINDOWS\system32\dllcache\rasmans.dll
2008-03-09 11:03 . 2006-08-25 11:45 617,472 -----c--- C:\WINDOWS\system32\dllcache\comctl32.dll
2008-03-09 11:03 . 2006-05-19 08:59 111,616 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2008-03-09 11:03 . 2006-05-19 08:59 94,720 -----c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2008-03-09 10:50 . 2008-03-09 10:51 <DIR> d-------- C:\WINDOWS\system32\bits
2008-03-09 10:50 . 2006-03-16 20:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-03-09 10:47 . 2006-06-26 13:37 148,480 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-03-09 10:47 . 2006-06-26 13:37 8,192 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2008-03-09 10:45 . 2008-03-09 19:35 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-09 10:45 . 2005-06-28 11:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-08 18:51 . 2004-08-04 01:56 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2008-03-08 18:51 . 2004-08-04 01:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-03-08 18:51 . 2004-08-04 01:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-03-08 18:51 . 2004-08-04 01:56 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-03-08 18:51 . 2004-08-04 01:56 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-03-08 18:47 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-08 18:47 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-08 18:43 . 2007-07-30 20:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-03-08 18:43 . 2007-07-30 20:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-03-08 18:43 . 2007-07-30 20:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-03-08 18:43 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-08 18:43 . 2007-07-30 20:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-08 18:43 . 2007-07-30 20:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-03-08 18:43 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-08 18:43 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-08 18:43 . 2007-07-30 20:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-08 18:40 . 2008-03-08 18:40 <DIR> d---s---- C:\Documents and Settings\Ron\UserData
2008-03-08 00:06 . 2007-06-08 10:47 13,312 --a------ C:\WINDOWS\system32\drivers\nnrnstdi.sys
2008-03-08 00:06 . 2007-06-08 10:47 8,832 --a------ C:\WINDOWS\system32\drivers\km_filter.sys
2008-03-08 00:02 . 2008-03-08 00:02 <DIR> d-------- C:\Program Files\NetRatingsNetSight
2008-03-08 00:02 . 2007-11-16 19:55 49,152 --a------ C:\WINDOWS\nswatchdog.exe
2008-03-07 15:50 . 2008-03-14 12:53 <DIR> d-------- C:\Documents and Settings\Kimberly\Application Data\LimeWire
2008-03-07 15:47 . 2008-03-26 16:21 <DIR> d-------- C:\Program Files\LimeWire
2008-03-04 17:32 . 2008-03-04 15:32 105,984 --a------ C:\WINDOWS\b152.exe
2008-03-04 16:33 . 2008-03-04 16:33 <DIR> d-------- C:\Documents and Settings\Ron\Application Data\Thunderbird
2008-03-03 13:10 . 2008-03-03 13:10 <DIR> d-------- C:\Deckard
2008-03-03 13:08 . 2008-03-03 13:08 <DIR> d-------- C:\_OTMoveIt
2008-03-02 12:26 . 2008-03-02 10:26 73,728 --a------ C:\WINDOWS\b153.exe
2008-03-02 11:53 . 2008-03-02 11:53 <DIR> d-------- C:\Documents and Settings\Kimberly\Application Data\Thunderbird
2008-03-02 11:52 . 2008-03-29 08:27 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-03-01 18:21 . 2008-03-01 18:21 <DIR> d-------- C:\Documents and Settings\Ron\Application Data\Apple Computer
2008-02-29 13:20 . 2001-07-21 15:40 3,144 --a--c--- C:\WINDOWS\system32\dllcache\srgb.icm
2008-02-29 13:13 . 2008-02-29 17:18 <DIR> d-------- C:\Hp Printer Drives DeskJet 3520
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 13:13 --------- d-----w C:\Program Files\LogMeIn
2008-03-28 03:35 10,122 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\incstore.bin
2008-03-27 00:53 --------- d-----w C:\Program Files\SpywareGuard
2008-03-26 20:19 --------- d-----w C:\Program Files\Auto Greeter
2008-03-20 17:17 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-09 19:44 --------- d-----w C:\Program Files\QuickTime
2008-03-09 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-09 19:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-09 00:08 --------- d-----w C:\Documents and Settings\Ron\Application Data\MSN6
2008-02-27 19:30 --------- d-----w C:\Program Files\Quick StartUp
2008-02-27 12:44 10 ----a-w C:\Program Files\.autoreg
2008-02-27 12:27 --------- d-----w C:\Program Files\Paltalk Messenger Interop
2008-02-21 21:26 --------- d-----w C:\Documents and Settings\Kimberly\Application Data\Apple Computer
2008-02-21 14:21 --------- d-----w C:\Program Files\Paltalk Messenger
2008-02-21 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-21 14:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 14:12 --------- d-----w C:\Documents and Settings\Kimberly\Application Data\SUPERAntiSpyware.com
2008-02-18 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-18 17:30 --------- d-----w C:\Documents and Settings\Kimberly\Application Data\Media Player Classic
2008-02-16 22:31 --------- d-----w C:\Program Files\PeaZip
2008-02-12 05:00 --------- d-----w C:\Program Files\Java
2008-02-12 04:58 --------- d-----w C:\Program Files\Common Files\Java
2008-02-10 18:17 --------- d-----w C:\Program Files\Trend Micro
2008-02-10 18:15 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-09 16:04 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-09 13:38 --------- d-----w C:\Documents and Settings\Kimberly\Application Data\Paltalk
2008-02-08 22:31 --------- d-----w C:\Program Files\D-Link
2008-02-08 22:30 --------- d-----w C:\Program Files\Zone Labs
2008-02-08 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-02-08 21:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-08 19:25 --------- d-----w C:\Program Files\ANI
2008-02-08 19:24 --------- d-----w C:\Documents and Settings\Kimberly\Application Data\InstallShield
2008-02-08 18:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-08 18:55 558,142 ----a-w C:\WINDOWS\java\Packages\IGQ8SOR1.ZIP
2008-02-08 18:55 155,995 ----a-w C:\WINDOWS\java\Packages\ZXJH7RJD.ZIP
2008-01-24 12:49 224,256 ----a-w C:\WINDOWS\b116.exe
2008-01-15 21:52 140,800 --sh--w C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
2005-08-02 20:46 187,904 --sha-r C:\WINDOWS\S2ltYmVybHk\asappsrv.dll
2005-08-02 20:58 293,888 --sha-r C:\WINDOWS\S2ltYmVybHk\command.exe
2005-07-29 20:24 472 --sha-r C:\WINDOWS\S2ltYmVybHk\mZ5QsApVvJ4.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-07 23:38 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{DF-FD-DE-E9-DW}"="c:\windows\system32\rwwnw64d.exe" [2008-03-29 17:02 49166]
"g]eeV\mWhjlnspB"="C:\WINDOWS\system32\ocntskdn.exe" [2008-03-29 17:02 196683]
C:\Documents and Settings\Kimberly\Start Menu\Programs\Startup\
Deewoo.lnk - C:\WINDOWS\system32\ocntskdn.exe [2008-03-29 17:02:21 196683]
DW_Start.lnk - C:\WINDOWS\system32\rwwnw64d.exe [2008-03-29 17:02:08 49166]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]
C:\Documents and Settings\Ron\Start Menu\Programs\Startup\
DW_Start.lnk - C:\WINDOWS\system32\winz1\begmgr11.exe [2008-02-14 10:42:16 49152]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqolkh]
ssqolkh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvwtq]
xxyvwtq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"{DF-FD-DE-E9-DW}"=C:\WINDOWS\system32\winz1\begmgr11.exe DWram
"BMa74eceda"=Rundll32.exe "C:\WINDOWS\system32\rahvytcv.dll",s
"NielsenOnline"=C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R1 nnrnstdi;nnrnstdi;C:\WINDOWS\system32\drivers\nnrnstdi.sys [2007-06-08 10:47]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 16:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\System32\drivers\LMIRfsDriver.sys [2007-08-03 16:09]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2004-08-11 15:27]
R3 atirage;atirage;C:\WINDOWS\system32\DRIVERS\atiragem.sys [2001-08-17 08:48]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 08:19]
R3 JSWSCIMD;jswscimd Service;C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-07-06 18:30]
R3 km_filter;km_filter;C:\WINDOWS\system32\drivers\km_filter.sys [2007-06-08 10:47]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe [2007-08-02 13:05]
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-17 09:47]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 21:00:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 17:02:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"g]eeV\\mWhjlnspB"="C:\\WINDOWS\\system32\\ocntskdn.exe DWram"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2008-03-29 17:05:58 - machine was rebooted [Kimberly]
ComboFix-quarantined-files.txt 2008-03-29 21:05:49
ComboFix2.txt 2008-02-28 18:41:41
ComboFix3.txt 2008-02-21 14:11:47
ComboFix4.txt 2008-02-10 21:41:44
Pre-Run: 24,422,371,328 bytes free
Post-Run: 24,450,646,016 bytes free
.
2008-03-09 23:35:47 --- E O F ---