ComboFix 08-07-28.6 - Norma Smith 2008-07-29 12:18:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.323 [GMT -4:00]
Running from: C:\Documents and Settings\Norma Smith\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Norma Smith\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Chelsea Smith\Application Data\Zango
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\dynamic\3404705.sdf
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17040
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\188810
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\243256
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27503
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64517
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\738022
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\dynamic\ustat\3671.dat
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\components.cdf
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\cursors.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\default.cdf
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\Documents and Settings\Chelsea Smith\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\#SharedObjects\DGKMVBYA\interclick.com
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\#SharedObjects\DGKMVBYA\interclick.com\ud.sol
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Nicole\Application Data\macromedia\Flash Player\#SharedObjects\BKCJQQXD\interclick.com
C:\Documents and Settings\Nicole\Application Data\macromedia\Flash Player\#SharedObjects\BKCJQQXD\interclick.com\ud.sol
C:\Documents and Settings\Nicole\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Nicole\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Norma Smith\Application Data\macromedia\Flash Player\#SharedObjects\5JV77V33\interclick.com
C:\Documents and Settings\Norma Smith\Application Data\macromedia\Flash Player\#SharedObjects\5JV77V33\interclick.com\ud.sol
C:\Documents and Settings\Norma Smith\Application Data\macromedia\Flash Player\#SharedObjects\JC3CVEZD\interclick.com
C:\Documents and Settings\Norma Smith\Application Data\macromedia\Flash Player\#SharedObjects\JC3CVEZD\interclick.com\ud.sol
C:\Documents and Settings\Norma Smith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Norma Smith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\x64
----- BITS: Possible infected sites -----
http://80.93.48.89.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))
.
2008-07-29 10:42 . 2008-07-29 10:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 10:42 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 10:42 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 02:02 . 2008-07-29 02:02 <DIR> d-------- C:\Documents and Settings\Nicole\Application Data\Malwarebytes
2008-07-27 18:36 . 2008-07-27 18:36 <DIR> d-------- C:\Documents and Settings\Norma Smith\Application Data\Malwarebytes
2008-07-27 18:36 . 2008-07-27 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 10:49 . 2008-07-29 12:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-26 10:49 . 2008-07-26 10:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-24 21:36 . 2008-07-24 21:36 <DIR> d-------- C:\Documents and Settings\Norma Smith\Application Data\Sammsoft
2008-07-24 21:35 . 2008-07-29 10:28 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2008-07-22 09:21 . 2008-07-22 09:21 <DIR> d-------- C:\Documents and Settings\Norma Smith\Application Data\Uniblue
2008-07-22 09:21 . 2008-07-22 09:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-07-17 10:09 . 2008-07-29 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Dl_cats
2008-07-17 10:08 . 2008-07-17 10:08 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-07-12 10:38 . 2008-07-12 10:38 <DIR> d-------- C:\Program Files\Minutes Matter Solutions
2008-07-10 08:02 . 2008-07-10 08:02 137 --a------ C:\WINDOWS\system32\MRT.INI
2008-07-10 00:42 . 2008-07-10 00:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-08 13:19 . 2008-07-08 13:19 <DIR> d-------- C:\Documents and Settings\Chelsea Smith\Application Data\Viewpoint
2008-07-08 13:12 . 2008-01-15 11:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-07-08 13:12 . 2008-01-15 11:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-07-08 13:12 . 2008-07-08 13:12 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-07 22:01 . 2008-07-07 22:03 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-07-07 22:01 . 2008-07-07 22:01 <DIR> d-------- C:\Program Files\AVG
2008-07-07 22:01 . 2008-07-07 22:16 <DIR> d-------- C:\Documents and Settings\Norma Smith\Application Data\AVGTOOLBAR
2008-07-07 22:01 . 2008-07-07 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-07 22:01 . 2008-07-07 22:01 10,520 --a------ C:\WINDOWS\system32\avgrsstx(2).dll
2008-07-06 17:32 . 2008-07-06 17:34 <DIR> d-------- C:\Documents and Settings\Norma Smith\Application Data\eBookPro6
2008-07-06 15:37 . 2006-12-05 19:52 505 --a------ C:\unPDVDDX.iss
2008-07-06 15:36 . 2008-07-29 12:24 <DIR> d-------- C:\MDT
2008-07-06 15:19 . 2008-07-06 15:19 <DIR> d-------- C:\Documents and Settings\Norma Smith\Application Data\CyberLink
2008-07-06 15:19 . 2008-07-06 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-06 01:10 . 2008-07-07 22:18 <DIR> d-------- C:\WINDOWS\system32\7889
2008-07-06 00:11 . 2008-07-06 00:11 <DIR> d-------- C:\Program Files\nvtkmz
2008-07-06 00:10 . 2008-07-06 00:10 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-07-06 00:10 . 2008-07-06 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\punyjmfo
2008-07-06 00:10 . 2008-07-15 20:04 109,056 --a------ C:\WINDOWS\system32\delete.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 02:47 --------- d-----w C:\Documents and Settings\Nicole\Application Data\Apple Computer
2008-07-27 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-25 02:03 --------- d-----w C:\Program Files\Roxio
2008-07-21 04:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-20 13:54 --------- d-----w C:\Program Files\Dell AIO Printer 948
2008-07-18 01:51 --------- d-----w C:\Program Files\LimeWire
2008-07-18 01:46 --------- d-----w C:\Documents and Settings\Norma Smith\Application Data\LimeWire
2008-07-18 01:40 --------- d-----w C:\Documents and Settings\Nicole\Application Data\LimeWire
2008-07-15 01:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-13 03:29 --------- d-----w C:\Program Files\Full Tilt Poker
2008-07-12 14:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 05:44 --------- d-----w C:\Program Files\Yahoo!
2008-07-08 02:25 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-07 22:36 --------- d-----w C:\Program Files\Trend Micro
2008-07-05 23:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-28 20:59 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-28 20:58 --------- d-----w C:\Documents and Settings\Norma Smith\Application Data\Corel
2008-06-26 12:51 --------- d-----w C:\Documents and Settings\Chelsea Smith\Application Data\Yahoo!
2008-06-24 05:47 --------- d-----w C:\Documents and Settings\Norma Smith\Application Data\Apple Computer
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 00:21 --------- d-----w C:\Program Files\DVDVideoSoft
2008-06-13 00:21 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-06-11 01:50 --------- d-----w C:\Documents and Settings\Norma Smith\Application Data\SecondLife
2008-05-31 20:25 --------- d-----w C:\Program Files\Google
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-02-06 18:40 1,377,872 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 18:15 321040]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 12:41 223984]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-15 11:16 68856]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2008-04-09 14:22 2135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-09-28 14:30 936960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-07-16 21:45 138008]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-06-08 18:40 128560]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 14:02 1807960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 13:35 221184]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-07-16 21:45 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-07-16 21:45 162584]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-15 11:16 1838592]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 09:03 17920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 11:24 16384]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 14:07 496752]
"MemoryCardManager"="C:\Program Files\Dell AIO Printer 948\memcard.exe" [2007-09-18 14:45 410280]
"Dell AIO Printer 948 Fax Server"="C:\Program Files\Dell AIO Printer 948\fm3032.exe" [2007-09-19 21:27 312560]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 12:41 223984]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 13:22 221184]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
"dldfmon.exe"="C:\Program Files\Dell AIO Printer 948\dldfmon.exe" [2007-09-18 14:45 455336]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 02:33 478800]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-16 21:48 16132608 C:\WINDOWS\RTHDCPL.EXE]
C:\Documents and Settings\Nicole\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-10 14:08:24 147456]
C:\Documents and Settings\Norma Smith\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-15 11:04:35 24576]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DscCmdMon"= {59F18BC1-178F-1E26-FAC0-03821CB3454F} - C:\Program Files\nvtkmz\DscCmdMon.dll [2008-07-06 00:11 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Dell AIO Printer 948\\dldfmon.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"=
"C:\\Program Files\\Dell AIO Printer 948\\dldfaiox.exe"=
"C:\\Program Files\\Dell AIO Printer 948\\DLDFFax.exe"=
"C:\\Program Files\\Dell AIO Printer 948\\dldfafcn.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\WINDOWS\\system32\\dldfcoms.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"=
R2 dldf_device;dldf_device;C:\WINDOWS\system32\dldfcoms.exe [2007-06-26 07:56]
S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\system32\dllhost.exe [2004-08-04 07:00]
S4 dldfCATSCustConnectService;dldfCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe [2007-06-26 07:56]
S4 NOBICYT;NOBICYT;C:\WINDOWS\system32\Nobicyt.exe []
.
Contents of the 'Scheduled Tasks' folder
2008-07-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-wwtlgvas - C:\WINDOWS\system32\qxyzonej.exe
HKCU-Run-iqeveqvt - C:\WINDOWS\system32\nsnedwnk.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.aol.com/R0 -: HKLM-Main,Start Page =
hxxp://www.yahoo.comO8 -: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-29 12:24:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-07-29 12:28:38 - machine was rebooted [Norma Smith]
ComboFix-quarantined-files.txt 2008-07-29 16:28:34
Pre-Run: 223,510,028,288 bytes free
Post-Run: 224,367,513,600 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
340 --- E O F --- 2008-07-10 12:02:32