Combofix log:
ComboFix 07-11-19.3 - Owner 2007-11-22 13:52:10.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Owner\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Owner\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Owner\Favorites\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\gutfwiay.dllbox
C:\WINDOWS\system32\jguhdrhw.dllbox
C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.bak2
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini2
C:\WINDOWS\system32\kjjlm.tmp
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\wqvlsuba.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 )))))))))))))))))))))))))))))))
.
2007-11-22 14:11 20,810 ---hs---- C:\WINDOWS\system32\jguhdrhw.dllbox
2007-11-22 13:25 145,984 --a------ C:\WINDOWS\system32\nxcyxsww.dll
2007-11-22 13:25 145,984 --a------ C:\WINDOWS\system32\jguhdrhw.dll
2007-11-22 13:01 738,356 --ahs---- C:\WINDOWS\system32\rietpglv.ini
2007-11-22 13:01 85,056 --a------ C:\WINDOWS\system32\vlgpteir.dll
2007-11-22 12:55 71,232 --a------ C:\WINDOWS\system32\pnowxycr.exe
2007-11-21 22:06 80,960 --a------ C:\WINDOWS\system32\gxgfnktn.dll
2007-11-21 22:04 714,420 --ahs---- C:\WINDOWS\system32\aaflfnwc.ini
2007-11-21 22:04 85,056 --a------ C:\WINDOWS\system32\cwnflfaa.dll
2007-11-21 22:02 71,232 --a------ C:\WINDOWS\system32\yhgdcbhv.exe
2007-11-21 21:44 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-20 23:33 84,544 --a------ C:\WINDOWS\system32\aydrlayj.dll
2007-11-20 23:28 689,163 --ahs---- C:\WINDOWS\system32\jvopqnrc.ini
2007-11-20 23:27 85,056 --a------ C:\WINDOWS\system32\crnqpovj.dll
2007-11-20 23:25 71,232 --a------ C:\WINDOWS\system32\nqxuvksl.exe
2007-11-20 22:55 84,544 --a------ C:\WINDOWS\system32\lntnacwe.dll
2007-11-20 22:52 85,056 --a------ C:\WINDOWS\system32\qyogcrna.dll
2007-11-20 22:52 354 --ahs---- C:\WINDOWS\system32\anrcgoyq.ini
2007-11-20 21:36 71,232 --a------ C:\WINDOWS\system32\bdfgjmgr.exe
2007-11-19 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Reflexive
2007-11-19 23:01 <DIR> d-------- C:\Program Files\7 Artifacts
2007-11-19 21:39 83,008 --a------ C:\WINDOWS\system32\gyitacoc.dll
2007-11-19 21:36 85,056 --a------ C:\WINDOWS\system32\nftcxmyg.dll
2007-11-19 21:36 71,232 --a------ C:\WINDOWS\system32\krfhugni.exe
2007-11-19 21:36 294 --ahs---- C:\WINDOWS\system32\gymxctfn.ini
2007-11-19 20:18 71,232 --a------ C:\WINDOWS\system32\wxaqoevi.exe
2007-11-19 20:09 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-19 20:09 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2007-11-17 13:37 82,496 --a------ C:\WINDOWS\system32\doooniup.dll
2007-11-17 13:35 85,056 --a------ C:\WINDOWS\system32\rwtbvfab.dll
2007-11-17 13:35 354 --ahs---- C:\WINDOWS\system32\bafvbtwr.ini
2007-11-17 11:28 294 --ahs---- C:\WINDOWS\system32\ihpavmvm.ini
2007-11-17 11:25 82,496 --a------ C:\WINDOWS\system32\bspexwek.dll
2007-11-17 11:07 71,232 --a------ C:\WINDOWS\system32\qdkjndiq.exe
2007-11-17 01:02 354 --ahs---- C:\WINDOWS\system32\kahjxlmp.ini
2007-11-17 00:57 81,984 --a------ C:\WINDOWS\system32\esvwrgcg.dll
2007-11-17 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-17 00:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-16 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-16 22:50 81,984 --a------ C:\WINDOWS\system32\vkwvcypg.dll
2007-11-16 22:47 177 --ahs---- C:\WINDOWS\system32\qrsabglo.tmp
2007-11-16 22:47 153 --ahs---- C:\WINDOWS\system32\qrsabglo.ini
2007-11-16 16:54 677,920 --ahs---- C:\WINDOWS\system32\orooixfu.ini
2007-11-16 16:53 81,984 --a------ C:\WINDOWS\system32\mrfyiheg.dll
2007-11-16 16:30 71,232 --a------ C:\WINDOWS\system32\gjbpwxxh.exe
2007-11-16 15:54 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-16 15:54 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-16 15:54 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-16 15:54 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-16 15:54 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-16 15:26 294 --ahs---- C:\WINDOWS\system32\ykeundiw.ini
2007-11-15 20:49 86,080 --a------ C:\WINDOWS\system32\lrtwikve.dll
2007-11-15 20:49 294 --ahs---- C:\WINDOWS\system32\evkiwtrl.ini
2007-11-15 20:46 79,936 --a------ C:\WINDOWS\system32\ggrkgtju.dll
2007-11-15 20:44 71,232 --a------ C:\WINDOWS\system32\kuddujre.exe
2007-11-15 20:42 79,936 --a------ C:\WINDOWS\system32\hpbhedna.dll
2007-11-15 17:01 669,843 --ahs---- C:\WINDOWS\system32\ndetpmkt.ini
2007-11-15 16:49 71,232 --a------ C:\WINDOWS\system32\vtvyegrs.exe
2007-11-15 16:41 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-11-15 16:41 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-11-15 15:41 669,750 --ahs---- C:\WINDOWS\system32\vhfrbwsu.ini
2007-11-15 15:41 79,936 --a------ C:\WINDOWS\system32\reuogwdd.dll
2007-11-15 15:38 71,232 --a------ C:\WINDOWS\system32\brmafqtt.exe
2007-11-15 13:15 669,262 --ahs---- C:\WINDOWS\system32\ygxgasiu.ini
2007-11-15 12:21 669,099 --ahs---- C:\WINDOWS\system32\jlttiofy.ini
2007-11-15 12:18 79,936 --a------ C:\WINDOWS\system32\hqqckuwv.dll
2007-11-15 07:08 671,136 --ahs---- C:\WINDOWS\system32\jiqultfe.ini
2007-11-15 07:08 79,936 --a------ C:\WINDOWS\system32\ygqdyifr.dll
2007-11-15 03:19 71,232 --a------ C:\WINDOWS\system32\hgawgrec.exe
2007-11-15 03:03 206 --a------ C:\WINDOWS\system32\MRT.INI
2007-11-14 23:32 672,367 --ahs---- C:\WINDOWS\system32\ldbndpqs.ini
2007-11-14 23:32 85,056 --a------ C:\WINDOWS\system32\sqpdnbdl.dll
2007-11-14 23:32 79,424 --a------ C:\WINDOWS\system32\kbhcmdlu.dll
2007-11-14 22:30 27,776 --a------ C:\WINDOWS\Hotmail-Album-5580.zip
2007-11-13 22:12 27,776 --a------ C:\WINDOWS\Hotmail-Album-9895.zip
2007-11-13 19:26 27,776 --a------ C:\WINDOWS\Hotmail-Album-6051.zip
2007-11-13 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC425
2007-11-13 19:01 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2007-11-13 18:43 27,776 --a------ C:\WINDOWS\Hotmail-Album-9991.zip
2007-11-13 18:43 27,776 --a------ C:\WINDOWS\Hotmail-Album-8232.zip
2007-11-13 18:18 27,776 --a------ C:\WINDOWS\Hotmail-Album-7034.zip
2007-11-13 18:18 27,776 --a------ C:\WINDOWS\Hotmail-Album-5558.zip
2007-11-13 15:01 27,776 --a------ C:\WINDOWS\Hotmail-Album-9263.zip
2007-11-13 14:58 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-13 14:55 73,728 --a------ C:\WINDOWS\system32\CavEmLSP.dll
2007-11-13 14:55 73,728 --a------ C:\WINDOWS\system32\CavEmLSP(2)(2).dll
2007-11-13 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-13 14:54 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2007-11-13 14:54 216,576 --a------ C:\WINDOWS\system32\monln.dll
2007-11-13 14:54 216,576 --a------ C:\WINDOWS\system32\monln(2)(2).dll
2007-11-13 14:54 102,400 --a------ C:\WINDOWS\system32\drivers\cavasm.sys
2007-11-13 14:53 <DIR> d-------- C:\Program Files\Comodo
2007-11-13 07:21 27,776 --a------ C:\WINDOWS\Hotmail-Album-4749.zip
2007-11-13 03:59 80,448 --a------ C:\WINDOWS\system32\cuupcdom.dll
2007-11-13 03:50 71,232 --a------ C:\WINDOWS\system32\eirmnfdq.exe
2007-11-13 03:47 145,984 --a------ C:\WINDOWS\system32\yqqlcotp.dll
2007-11-12 18:08 <DIR> d--hs---- C:\Documents and Settings\LocalService\UserData
2007-11-12 15:50 27,776 --a------ C:\WINDOWS\Hotmail-Album-6428.zip
2007-11-12 15:50 27,776 --a------ C:\WINDOWS\Hotmail-Album-4845.zip
2007-11-12 10:43 27,776 --a------ C:\WINDOWS\Hotmail-Album-7361.zip
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-22 18:22 79,936 ----a-w C:\WINDOWS\system32\tgxmayri.dll
2007-11-22 02:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-21 15:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\WeatherBug
2007-11-19 02:48 --------- d-----w C:\Program Files\Hidden Expedition Titanic
2007-11-17 05:56 71,232 ----a-w C:\WINDOWS\system32\trdtxfyc.exe
2007-11-16 21:54 85,056 ----a-w C:\WINDOWS\system32\ufxiooro.dll
2007-11-16 03:52 79,936 ----a-w C:\WINDOWS\system32\vejtluon.dll
2007-11-16 01:34 --------- d-----w C:\Program Files\Viewpoint
2007-11-16 01:34 --------- d-----w C:\Program Files\Apple Software Update
2007-11-16 01:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-11-15 22:01 85,056 ----a-w C:\WINDOWS\system32\tkmptedn.dll
2007-11-15 21:56 79,936 ----a-w C:\WINDOWS\system32\tyaylijl.dll
2007-11-14 00:15 499,712 ----a-w C:\WINDOWS\system32\msvcp71(2)(2).dll
2007-11-14 00:15 348,160 ----a-w C:\WINDOWS\system32\msvcr71(2)(2).dll
2007-11-14 00:15 1,060,864 ----a-w C:\WINDOWS\system32\MFC71(2)(2).dll
2007-11-13 19:53 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-11-13 19:53 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-11-13 19:53 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll
2007-11-13 03:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2007-11-06 18:35 --------- d-----w C:\Program Files\Jewel Quest 2
2007-11-06 03:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\PlayFirst
2007-11-06 03:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-03 11:43 --------- d-----w C:\Program Files\Mystery Case Files - Prime Suspects
2007-11-03 11:35 --------- d-----w C:\Program Files\Hidden Expedition - Everest
2007-10-31 19:15 --------- d-----w C:\Program Files\Java
2007-10-31 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-10-29 07:24 --------- d-----w C:\Program Files\GameHouse
2007-10-28 20:54 --------- d-----w C:\Program Files\MSN Messenger
2007-10-28 20:54 --------- d-----w C:\Program Files\Morpheus
2007-10-27 05:02 --------- d-----w C:\Program Files\PopCap Games
2007-10-27 05:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-10-27 00:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\funkitron
2007-10-26 04:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\iWin
2007-10-25 02:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\ForgottenRiddles
2007-10-24 06:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-10-22 22:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Pogo Games
2007-10-22 07:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 07:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-22 04:14 --------- d-----w C:\Program Files\eMule
2007-10-21 03:06 --------- d-----w C:\Program Files\MorpheusBar
2007-10-20 08:21 --------- d-----w C:\Program Files\Common Files\Java
2007-10-20 08:03 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-20 07:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-20 07:53 --------- d-----w C:\Program Files\Napster
2007-10-20 07:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-10-20 07:27 --------- d-----w C:\Program Files\Sony
2007-10-20 07:27 --------- d-----w C:\Program Files\Common Files\Sony Shared
2007-10-17 05:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-10-17 04:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-10-17 04:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sandlot Games
2007-10-16 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2007-10-15 14:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Image Zone Express
2007-10-15 05:26 --------- d-----w C:\Program Files\Turbo Gems
2007-10-15 05:26 --------- d-----w C:\Program Files\Grimms Hatchery
2007-10-13 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\IronCode
2007-10-12 19:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-12 08:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\Abra Academy2
2007-10-10 09:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\EleFun Games
2007-10-09 11:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\FireGlow
2007-10-06 13:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\Legends of pirates
2007-10-05 08:26 --------- d-----w C:\Program Files\MySpace
2007-10-05 08:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\MySpace
2007-10-04 13:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\ColorTrail
2007-10-03 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gameeel
2007-10-02 13:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-10-02 11:33 --------- d-----w C:\Program Files\Sallys Salon
2007-10-01 15:27 --------- d-----w C:\Program Files\Starcrossed
2007-10-01 04:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Jane s Hotel
2007-09-30 13:57 --------- d-----w C:\Program Files\AskTBar
2007-09-30 06:31 --------- d-----w C:\Program Files\Ahead
2007-09-30 04:55 --------- d-----w C:\Program Files\Mysteryville
2007-09-28 12:35 --------- d-----w C:\Program Files\Prison Tycoon
2007-09-26 20:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks
2007-09-24 11:55 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-09-24 11:55 --------- d-----w C:\Program Files\Windows Live Favorites
2007-09-24 11:55 --------- d-----w C:\Program Files\Real
2007-09-24 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-08-31 21:08 335,872 ----a-w C:\WINDOWS\system32\ehinstaller.exe
2006-12-11 01:34 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-08-05 18:12 0 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}]
2007-11-11 10:06 35328 --a------ C:\WINDOWS\system32\opnlljk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15c9813e-7774-4a45-9bc1-3189d46791ec}]
2007-11-22 13:22 79936 --a------ C:\WINDOWS\system32\tgxmayri.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-22 13:25 145984 --a------ C:\WINDOWS\system32\jguhdrhw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\jguhdrhw.dll [2007-11-22 13:25 145984]
[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-04-07 21:02]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 05:13]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 23:05]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 13:01 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2007-11-13 14:53]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-08-08 19:49]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"885e0d18"="C:\WINDOWS\system32\vlgpteir.dll" [2007-11-22 13:01]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"= 0 (0x0)
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}"= C:\WINDOWS\system32\opnlljk.dll [2007-11-11 10:06 35328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jguhdrhw]
jguhdrhw.dll 2007-11-22 13:25 145984 C:\WINDOWS\system32\jguhdrhw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
monln.dll 2007-11-13 14:53 216576 C:\WINDOWS\system32\monln.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlljk]
opnlljk.dll 2007-11-11 10:06 35328 C:\WINDOWS\system32\opnlljk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rmgrovrk]
rmgrovrk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
Contents of the 'Scheduled Tasks' folder
"2007-11-15 23:04:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-22 18:39:14 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-22 14:13:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-22 14:21:03 - machine was rebooted
.
--- E O F ---
