Here is a hijackthis log and a combofix log. Thanks!!!
Logfile of HijackThis v1.99.1
Scan saved at 9:31:04 PM, on 11/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Candice\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SysTray] c:\Program Files\ofyqps.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wpc59bb0] RUNDLL32.EXE w3a6af63.dll,n 00659baa000000123a6af63
O4 - HKLM\..\Run: [ms05405795-1801] C:\WINDOWS\ms05405795-1801.exe
O4 - HKLM\..\Run: [win3208795-1801405] C:\WINDOWS\win3208795-1801405.exe
O4 - HKLM\..\Run: [ms0605795-18014] C:\WINDOWS\ms0605795-18014.exe
O4 - HKLM\..\Run: [qykcscn.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\qykcscn.dll,ztrtgce
O4 - HKLM\..\Run: [sys0301405795-18] C:\WINDOWS\sys0301405795-18.exe
O4 - HKLM\..\Run: [sys011801405795-] C:\WINDOWS\sys011801405795-.exe
O4 - HKLM\..\Run: [win320995-18014057] C:\WINDOWS\win320995-18014057.exe
O4 - HKLM\..\Run: [ms041405795-180] C:\WINDOWS\ms041405795-180.exe
O4 - HKLM\..\Run: [sys02801405795-1] C:\WINDOWS\sys02801405795-1.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Candice\APPLIC~1\RACLE~1\spool32.exe" -vt yazb
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia....tupv2.0.0.9.cab?
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O21 - SSODL: eCDRPOXQ - {94A0BA9E-3E0A-1034-93E2-519C93E66021} - C:\WINDOWS\System32\jz.dll (file missing)
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\leqqwqr.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Service (RpcSssvc) - Unknown owner - C:\WINDOWS\System32\RpcSs.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: TCP and UDP Support - Unknown owner - C:\WINDOWS\System32\tcpip.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows TCP/IP Socket Driver (winsck) - Unknown owner - C:\WINDOWS\winsock\csrss.exe (file missing)
Candice - 06-11-01 22:51:23.07 Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Candice\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\All Users\Documents\Settings
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\Candice\Application Data\RACLE~1
C:\QooBox\Purity\Documents and Settings\Candice\Application Data\RACLE~1\?racle
((((((((((((((((((((((((((((((( Files Created from 2006-10-01 to 2006-11-01 ))))))))))))))))))))))))))))))))))
2006-11-01 17:51 110,612 --a------ C:\WINDOWS\SYSTEM32\ptdgbcud.exe
2006-11-01 17:22 60,436 --a------ C:\WINDOWS\SYSTEM32\cmlduwwd.dll
2006-11-01 17:22 596,475 ---hs---- C:\WINDOWS\SYSTEM32\ijiii.bak2
2006-10-29 23:42 606,222 ---hs---- C:\WINDOWS\SYSTEM32\ijiii.ini2
2006-10-29 23:25 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-10-26 09:09 98,324 --a------ C:\WINDOWS\SYSTEM32\xfqqxrlv.dll
2006-10-25 20:36 160,768 --a------ C:\WINDOWS\SYSTEM32\leqqwqr.dll
2006-10-25 20:34 89,088 --a------ C:\WINDOWS\SYSTEM32\atl71.dll
2006-10-25 20:26 605,583 ---hs---- C:\WINDOWS\SYSTEM32\ijiii.bak1
2006-10-25 20:25 688,180 ---hs---- C:\WINDOWS\SYSTEM32\iiiji.dll
2006-10-25 19:08 973 --a------ C:\WINDOWS\SYSTEM32\winpfg32.sys
2006-10-25 18:55 94,720 --a------ C:\WINDOWS\SYSTEM32\qykcscn.dll
2006-10-25 18:55 72,704 --a------ C:\WINDOWS\SYSTEM32\nkejwol.dll
2006-10-25 18:54 26,624 --a------ C:\WINDOWS\SYSTEM32\rpcc.dll
2006-10-25 18:54 122,900 --a------ C:\WINDOWS\SYSTEM32\eauhldco.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
Rootkit driver pe386 is present. A rootkit scan is required
2006-11-01 18:55 47610 --a------ C:\Documents and Settings\Candice\Application Data\wklnhst.dat
2006-10-30 01:10 -------- d-------- C:\Program Files\Common Files
2006-10-30 01:04 6335 --ahs---- C:\Documents and Settings\Candice\Application Data\8D32DF8BD3B84783A0C5FE37E2FC8659.sta
2006-10-30 01:04 17332 --ahs---- C:\Documents and Settings\Candice\Application Data\8D32DF8BD3B84783A0C5FE37E2FC8659.rul
2006-10-30 00:46 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-30 00:46 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-29 23:24 -------- d-------- C:\Program Files\Grisoft
2006-10-27 16:28 -------- d-------- C:\Program Files\MSN
2006-10-26 09:16 -------- d-------- C:\Program Files\ewido anti-malware
2006-10-26 09:11 -------- d---s---- C:\Documents and Settings\Candice\Application Data\Microsoft
2006-10-26 09:11 -------- d-------- C:\Documents and Settings\Candice\Application Data\SearchToolbarCorp
2006-10-25 20:20 -------- d--h----- C:\Program Files\BHO Plugin
2006-10-14 15:16 -------- d-------- C:\Program Files\TotalExcelConverter
2006-10-14 15:16 -------- d-------- C:\Documents and Settings\Candice\Application Data\Softplicity
2006-10-10 12:23 -------- d-------- C:\Program Files\iTunes
2006-10-10 12:23 -------- d-------- C:\Program Files\iPod
2006-10-10 12:22 -------- d-------- C:\Program Files\QuickTime
2006-10-10 12:21 -------- d-------- C:\Program Files\Apple Software Update
2006-08-24 13:31 4700 --a------ C:\Documents and Settings\Candice\Application Data\ViewerApp.dat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sonic RecordNow!"=""
"Yahoo! Pager"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe -quiet"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"Aida"="\"C:\\DOCUME~1\\Candice\\APPLIC~1\\RACLE~1\\spool32.exe\" -vt yazb"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"SysTray"="c:\\Program Files\\ofyqps.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"wpc59bb0"="RUNDLL32.EXE w3a6af63.dll,n 00659baa000000123a6af63"
"ms05405795-1801"="C:\\WINDOWS\\ms05405795-1801.exe"
"win3208795-1801405"="C:\\WINDOWS\\win3208795-1801405.exe"
"ms0605795-18014"="C:\\WINDOWS\\ms0605795-18014.exe"
"qykcscn.dll"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\qykcscn.dll,ztrtgce"
"sys0301405795-18"="C:\\WINDOWS\\sys0301405795-18.exe"
"sys011801405795-"="C:\\WINDOWS\\sys011801405795-.exe"
"win320995-18014057"="C:\\WINDOWS\\win320995-18014057.exe"
"ms041405795-180"="C:\\WINDOWS\\ms041405795-180.exe"
"sys02801405795-1"="C:\\WINDOWS\\sys02801405795-1.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\ComPlus Applications\\kyze.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\MSN Gaming Zone\\howyvy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,d4,01,00,00,00,00,00,00,2c,02,00,00,de,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}"="DCOM Server"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{C6E00DDA-FEAF-4D28-ADC4-055240E8F907}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"DCOM Server"="{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}"
"eCDRPOXQ"="{94A0BA9E-3E0A-1034-93E2-519C93E66021}"
"DCOM Server 2236"="{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebawwx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiiji
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xdudtt
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\xdudmm.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\xdudtt.sys
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-11-01 22:52:04.53
C:\ComboFix.txt ... 06-11-01 22:52
C:\ComboFix2.txt ... 06-10-30 01:13
C:\ComboFixu.txt ... 06-10-30 01:21