Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop-ups n more


  • Please log in to reply

#16
Joshua C

Joshua C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
ComboFix 08-03-29.1 - Kimberly 2008-03-29 16:39:50.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.80 [GMT -4:00]
Running from: C:\Documents and Settings\Kimberly\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kimberly\Application Data\RACLE~1
C:\Documents and Settings\Kimberly\My Documents\APPATC~1
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\ystem~1
C:\Program Files\Internet Explorer\hekyr89104.dll
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\gbRve12
C:\Temp\gbRve12\csLioes.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\temp\tn3
C:\WINDOWS\BMa74eceda.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aaqakssx.dll
C:\WINDOWS\system32\akykurud.dll
C:\WINDOWS\system32\bgppcikg.dll
C:\WINDOWS\system32\cclmmpoe.dll
C:\WINDOWS\system32\ceggh.ini
C:\WINDOWS\system32\ceggh.ini2
C:\WINDOWS\system32\dlwaxirt.dll
C:\WINDOWS\system32\drivers\serenumm.sys
C:\WINDOWS\system32\eopmmlcc.ini
C:\WINDOWS\system32\gkicppgb.ini
C:\WINDOWS\system32\hggec.dll
C:\WINDOWS\system32\hiyhbgas.ini
C:\WINDOWS\system32\hvwmxiiy.dll
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\iDlo01\iDlo011065.exe
C:\WINDOWS\system32\jkkhiji.dll
C:\WINDOWS\system32\kfgbpwop.dll
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\knnnn.ini
C:\WINDOWS\system32\knnnn.ini2
C:\WINDOWS\system32\lccraihb.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pvhmfgju.dll
C:\WINDOWS\system32\qtvut.ini
C:\WINDOWS\system32\qtvut.ini2
C:\WINDOWS\system32\rahvytcv.dll
C:\WINDOWS\system32\rosjopny.dll
C:\WINDOWS\system32\sagbhyih.dll
C:\WINDOWS\system32\scwgkgnj.dll
C:\WINDOWS\system32\sndjmdpy.ini
C:\WINDOWS\system32\svghljoe.dll
C:\WINDOWS\system32\svsmtcit.dll
C:\WINDOWS\system32\syjcoagq.dll
C:\WINDOWS\system32\tictmsvs.ini
C:\WINDOWS\system32\tuvtq.dll
C:\WINDOWS\system32\uijjctdb.dll
C:\WINDOWS\system32\vclvywmb.dll
C:\WINDOWS\system32\wncuwbfh.dll
C:\WINDOWS\system32\xxycf.ini
C:\WINDOWS\system32\xxycf.ini2
C:\WINDOWS\system32\xxyvwtq.dll
C:\WINDOWS\system32\yaonsyuv.dll
C:\WINDOWS\system32\ypdmjdns.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_NWSAPAGENT
-------\Legacy_SERENUMM
-------\Legacy_TNIDRIVER
-------\Service_Network Monitor
-------\Service_NwSapAgent
-------\Service_serenumm


((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

2008-03-29 17:02 . 2008-03-29 17:02 49,166 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-03-29 17:02 . 2008-03-29 17:02 32 --a------ C:\WINDOWS\system32\msnav32.ax
2008-03-26 17:52 . 2008-03-26 17:52 <DIR> d-------- C:\Documents and Settings\Kimberly\Application Data\GlarySoft
2008-03-26 17:03 . 2008-03-26 17:03 <DIR> d-------- C:\Program Files\Registry Repair
2008-03-25 07:00 . 2008-03-26 18:43 1,580,598 ---hs---- C:\WINDOWS\system32\rsrtevae.ini
2008-03-24 23:31 . 2008-03-24 23:31 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-24 23:31 . 2008-03-24 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-24 08:20 . 2006-01-03 17:45 1,989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2008-03-24 08:19 . 2008-03-24 08:19 <DIR> d-------- C:\WINDOWS\system32\xTmp
2008-03-24 08:19 . 2008-03-24 08:19 <DIR> d-------- C:\WINDOWS\system32\winz1
2008-03-24 08:19 . 2008-03-24 08:19 <DIR> d-------- C:\WINDOWS\system32\usnv
2008-03-24 08:19 . 2008-03-24 08:19 <DIR> d-------- C:\WINDOWS\system32\IDME
2008-03-24 08:19 . 2008-03-24 08:19 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-03-24 08:19 . 2008-03-24 08:19 41,723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-03-24 08:18 . 2008-03-24 08:18 <DIR> d-------- C:\WINDOWS\system32\aqVreo01
2008-03-21 11:40 . 2008-03-21 11:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-20 11:27 . 2008-03-20 12:55 1,768,172 ---hs---- C:\WINDOWS\system32\mosajaei.ini
2008-03-19 19:58 . 2008-03-24 08:20 <DIR> d--hs---- C:\WINDOWS\S2ltYmVybHk
2008-03-19 18:05 . 2008-03-19 18:05 37,376 -ra------ C:\WINDOWS\mrofinu572.exe
2008-03-19 12:58 . 2008-03-20 11:06 1,498,701 ---hs---- C:\WINDOWS\system32\cthvecqp.ini
2008-03-19 11:13 . 2008-03-19 11:15 1,534,455 ---hs---- C:\WINDOWS\system32\txtynkrn.ini
2008-03-19 00:36 . 2008-03-25 00:17 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-03-18 11:53 . 2008-03-27 09:14 <DIR> d-------- C:\Program Files\CPV
2008-03-18 11:06 . 2008-03-18 16:32 1,522,605 ---hs---- C:\WINDOWS\system32\hfgkhdgj.ini
2008-03-17 13:39 . 2008-03-17 11:39 66,560 --a------ C:\WINDOWS\b155.exe
2008-03-17 08:22 . 2008-03-18 10:56 1,371,044 ---hs---- C:\WINDOWS\system32\bfirkuts.ini
2008-03-15 13:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-15 08:43 . 2008-03-15 08:43 32,768 --a------ C:\WINDOWS\system32\aqVreo01\aqVreo011065.exe
2008-03-14 13:58 . 2008-03-14 20:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-14 13:58 . 2008-03-14 13:58 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-14 13:58 . 2008-03-14 13:58 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-14 13:58 . 2008-03-14 13:58 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-13 20:12 . 2008-03-13 20:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-09 19:10 . 2006-08-21 05:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-03-09 19:10 . 2006-08-21 05:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-03-09 19:10 . 2006-08-21 08:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-03-09 16:01 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-09 15:52 . 2008-03-11 07:30 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-09 15:40 . 2008-03-09 15:40 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-09 15:40 . 2008-03-09 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-09 15:33 . 2008-03-17 07:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-09 15:33 . 2008-03-09 15:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 14:54 . 2008-03-09 15:12 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-03-09 14:54 . 2004-08-04 01:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-09 14:51 . 2004-08-04 01:56 59,392 --------- C:\WINDOWS\system32\logman.exe
2008-03-09 14:51 . 2004-08-04 01:56 9,216 --------- C:\WINDOWS\system32\proxycfg.exe
2008-03-09 14:49 . 2008-03-09 14:49 <DIR> d-------- C:\WINDOWS\provisioning
2008-03-09 14:46 . 2004-08-04 01:56 388,608 --a--c--- C:\WINDOWS\system32\dllcache\cmd.exe
2008-03-09 14:46 . 2004-08-04 01:56 388,608 --a------ C:\WINDOWS\system32\cmd.exe
2008-03-09 14:43 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-03-09 14:43 . 2007-07-30 19:19 203,096 --a--c--- C:\WINDOWS\system32\dllcache\wuweb.dll
2008-03-09 14:40 . 2008-03-09 14:40 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-09 14:32 . 2004-08-04 01:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-03-09 14:29 . 2004-07-17 12:40 19,528 --a------ C:\WINDOWS\002154_.tmp
2008-03-09 14:18 . 2008-03-09 14:18 <DIR> d-------- C:\WINDOWS\EHome
2008-03-09 11:10 . 2006-08-16 05:37 225,664 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-03-09 11:10 . 2006-08-16 07:58 100,352 -----c--- C:\WINDOWS\system32\dllcache\6to4svc.dll
2008-03-09 11:07 . 2006-06-22 06:47 181,248 -----c--- C:\WINDOWS\system32\dllcache\rasmans.dll
2008-03-09 11:03 . 2006-08-25 11:45 617,472 -----c--- C:\WINDOWS\system32\dllcache\comctl32.dll
2008-03-09 11:03 . 2006-05-19 08:59 111,616 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2008-03-09 11:03 . 2006-05-19 08:59 94,720 -----c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2008-03-09 10:50 . 2008-03-09 10:51 <DIR> d-------- C:\WINDOWS\system32\bits
2008-03-09 10:50 . 2006-03-16 20:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-03-09 10:47 . 2006-06-26 13:37 148,480 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-03-09 10:47 . 2006-06-26 13:37 8,192 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2008-03-09 10:45 . 2008-03-09 19:35 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-09 10:45 . 2005-06-28 11:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-08 18:51 . 2004-08-04 01:56 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2008-03-08 18:51 . 2004-08-04 01:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-03-08 18:51 . 2004-08-04 01:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-03-08 18:51 . 2004-08-04 01:56 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-03-08 18:51 . 2004-08-04 01:56 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-03-08 18:47 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-08 18:47 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-08 18:43 . 2007-07-30 20:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-03-08 18:43 . 2007-07-30 20:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-03-08 18:43 . 2007-07-30 20:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-03-08 18:43 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-08 18:43 . 2007-07-30 20:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-08 18:43 . 2007-07-30 20:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-03-08 18:43 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-08 18:43 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-08 18:43 . 2007-07-30 20:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-08 18:40 . 2008-03-08 18:40 <DIR> d---s---- C:\Documents and Settings\Ron\UserData
2008-03-08 00:06 . 2007-06-08 10:47 13,312 --a------ C:\WINDOWS\system32\drivers\nnrnstdi.sys
2008-03-08 00:06 . 2007-06-08 10:47 8,832 --a------ C:\WINDOWS\system32\drivers\km_filter.sys
2008-03-08 00:02 . 2008-03-08 00:02 <DIR> d-------- C:\Program Files\NetRatingsNetSight
2008-03-08 00:02 . 2007-11-16 19:55 49,152 --a------ C:\WINDOWS\nswatchdog.exe
2008-03-07 15:50 . 2008-03-14 12:53 <DIR> d-------- C:\Documents and Settings\Kimberly\Application Data\LimeWire
2008-03-07 15:47 . 2008-03-26 16:21 <DIR> d-------- C:\Program Files\LimeWire
2008-03-04 17:32 . 2008-03-04 15:32 105,984 --a------ C:\WINDOWS\b152.exe
2008-03-04 16:33 . 2008-03-04 16:33 <DIR> d-------- C:\Documents and Settings\Ron\Application Data\Thunderbird
2008-03-03 13:10 . 2008-03-03 13:10 <DIR> d-------- C:\Deckard
2008-03-03 13:08 . 2008-03-03 13:08 <DIR> d-------- C:\_OTMoveIt
2008-03-02 12:26 . 2008-03-02 10:26 73,728 --a------ C:\WINDOWS\b153.exe
2008-03-02 11:53 . 2008-03-02 11:53 <DIR> d-------- C:\Documents and Settings\Kimberly\Application Data\Thunderbird
2008-03-02 11:52 . 2008-03-29 08:27 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-03-01 18:21 . 2008-03-01 18:21 <DIR> d-------- C:\Documents and Settings\Ron\Application Data\Apple Computer
2008-02-29 13:20 . 2001-07-21 15:40 3,144 --a--c--- C:\WINDOWS\system32\dllcache\srgb.icm
2008-02-29 13:13 . 2008-02-29 17:18 <DIR> d-------- C:\Hp Printer Drives DeskJet 3520

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 13:13 --------- d-----w C:\Program Files\LogMeIn
2008-03-28 03:35 10,122 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\incstore.bin
2008-03-27 00:53 --------- d-----w C:\Program Files\SpywareGuard
2008-03-26 20:19 --------- d-----w C:\Program Files\Auto Greeter
2008-03-20 17:17 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-09 19:44 --------- d-----w C:\Program Files\QuickTime
2008-03-09 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-09 19:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-09 00:08 --------- d-----w C:\Documents and Settings\Ron\Application Data\MSN6
2008-02-27 19:30 --------- d-----w C:\Program Files\Quick StartUp
2008-02-27 12:44 10 ----a-w C:\Program Files\.autoreg
2008-02-27 12:27 --------- d-----w C:\Program Files\Paltalk Messenger Interop
2008-02-21 21:26 --------- d-----w C:\Documents and Settings\Kimberly\Application Data\Apple Computer
2008-02-21 14:21 --------- d-----w C:\Program Files\Paltalk Messenger
2008-02-21 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-21 14:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 14:12 --------- d-----w C:\Documents and Settings\Kimberly\Application Data\SUPERAntiSpyware.com
2008-02-18 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-18 17:30 --------- d-----w C:\Documents and Settings\Kimberly\Application Data\Media Player Classic
2008-02-16 22:31 --------- d-----w C:\Program Files\PeaZip
2008-02-12 05:00 --------- d-----w C:\Program Files\Java
2008-02-12 04:58 --------- d-----w C:\Program Files\Common Files\Java
2008-02-10 18:17 --------- d-----w C:\Program Files\Trend Micro
2008-02-10 18:15 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-09 16:04 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-09 13:38 --------- d-----w C:\Documents and Settings\Kimberly\Application Data\Paltalk
2008-02-08 22:31 --------- d-----w C:\Program Files\D-Link
2008-02-08 22:30 --------- d-----w C:\Program Files\Zone Labs
2008-02-08 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-02-08 21:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-08 19:25 --------- d-----w C:\Program Files\ANI
2008-02-08 19:24 --------- d-----w C:\Documents and Settings\Kimberly\Application Data\InstallShield
2008-02-08 18:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-08 18:55 558,142 ----a-w C:\WINDOWS\java\Packages\IGQ8SOR1.ZIP
2008-02-08 18:55 155,995 ----a-w C:\WINDOWS\java\Packages\ZXJH7RJD.ZIP
2008-01-24 12:49 224,256 ----a-w C:\WINDOWS\b116.exe
2008-01-15 21:52 140,800 --sh--w C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
2005-08-02 20:46 187,904 --sha-r C:\WINDOWS\S2ltYmVybHk\asappsrv.dll
2005-08-02 20:58 293,888 --sha-r C:\WINDOWS\S2ltYmVybHk\command.exe
2005-07-29 20:24 472 --sha-r C:\WINDOWS\S2ltYmVybHk\mZ5QsApVvJ4.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-07 23:38 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{DF-FD-DE-E9-DW}"="c:\windows\system32\rwwnw64d.exe" [2008-03-29 17:02 49166]
"g]eeV\mWhjlnspB"="C:\WINDOWS\system32\ocntskdn.exe" [2008-03-29 17:02 196683]

C:\Documents and Settings\Kimberly\Start Menu\Programs\Startup\
Deewoo.lnk - C:\WINDOWS\system32\ocntskdn.exe [2008-03-29 17:02:21 196683]
DW_Start.lnk - C:\WINDOWS\system32\rwwnw64d.exe [2008-03-29 17:02:08 49166]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]

C:\Documents and Settings\Ron\Start Menu\Programs\Startup\
DW_Start.lnk - C:\WINDOWS\system32\winz1\begmgr11.exe [2008-02-14 10:42:16 49152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqolkh]
ssqolkh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvwtq]
xxyvwtq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"{DF-FD-DE-E9-DW}"=C:\WINDOWS\system32\winz1\begmgr11.exe DWram
"BMa74eceda"=Rundll32.exe "C:\WINDOWS\system32\rahvytcv.dll",s
"NielsenOnline"=C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

R1 nnrnstdi;nnrnstdi;C:\WINDOWS\system32\drivers\nnrnstdi.sys [2007-06-08 10:47]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 16:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\System32\drivers\LMIRfsDriver.sys [2007-08-03 16:09]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2004-08-11 15:27]
R3 atirage;atirage;C:\WINDOWS\system32\DRIVERS\atiragem.sys [2001-08-17 08:48]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 08:19]
R3 JSWSCIMD;jswscimd Service;C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-07-06 18:30]
R3 km_filter;km_filter;C:\WINDOWS\system32\drivers\km_filter.sys [2007-06-08 10:47]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe [2007-08-02 13:05]
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-17 09:47]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 21:00:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 17:02:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"g]eeV\\mWhjlnspB"="C:\\WINDOWS\\system32\\ocntskdn.exe DWram"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2008-03-29 17:05:58 - machine was rebooted [Kimberly]
ComboFix-quarantined-files.txt 2008-03-29 21:05:49
ComboFix2.txt 2008-02-28 18:41:41
ComboFix3.txt 2008-02-21 14:11:47
ComboFix4.txt 2008-02-10 21:41:44
Pre-Run: 24,422,371,328 bytes free
Post-Run: 24,450,646,016 bytes free
.
2008-03-09 23:35:47 --- E O F ---
  • 0

Advertisements


#17
Joshua C

Joshua C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
If the computer loads every thing from registry, would it be a bad idea for her to shut off the pc ?
She has not shut it off sence our last post lol shes too worried it will get worse
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP