ComboFix 08-08-17.03 - ronnie bradford 2008-08-18 1:51:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.415 [GMT -5:00]
Running from: C:\Documents and Settings\ronnie bradford\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080616174645791.log
C:\Documents and Settings\Dante\Application Data\macromedia\Flash Player\#SharedObjects\CUUE5RVF\interclick.com
C:\Documents and Settings\Dante\Application Data\macromedia\Flash Player\#SharedObjects\CUUE5RVF\interclick.com\ud.sol
C:\Documents and Settings\Dante\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Dante\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Dante\Application Data\rhc1d9j0eeod
C:\Documents and Settings\Dante\Cookies\dante@adtrgt[2].txt
C:\Documents and Settings\Dante\Cookies\dante@imlive[1].txt
C:\Documents and Settings\Dante\Cookies\dante@myspace[1].txt
C:\Documents and Settings\Dante\Cookies\dante@turn[2].txt
C:\Documents and Settings\Dante\Desktop\IE Defender 2.4.lnk
C:\Documents and Settings\Dante\Start Menu\Programs\Antivirus 2008 PRO
C:\Documents and Settings\Dante\UserData
C:\Documents and Settings\Dante\UserData\GDOPODSN\YL[1].xml
C:\Documents and Settings\Dante\UserData\GDOPODSN\YL[2].xml
C:\Documents and Settings\Dante\UserData\index.dat
C:\Documents and Settings\Dante\UserData\OL2ZKHYV\dhtml[1].xml
C:\Documents and Settings\Debracca\Application Data\rhc1d9j0eeod
C:\Documents and Settings\Debracca\Cookies\
[email protected][1].txt
C:\Documents and Settings\Debracca\UserData
C:\Documents and Settings\Debracca\UserData\index.dat
C:\Documents and Settings\ronnie bradford\Application Data\macromedia\Flash Player\#SharedObjects\CNVFP3FM\interclick.com
C:\Documents and Settings\ronnie bradford\Application Data\macromedia\Flash Player\#SharedObjects\CNVFP3FM\interclick.com\ud.sol
C:\Documents and Settings\ronnie bradford\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\ronnie bradford\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\ronnie bradford\Application Data\rhc1d9j0eeod
C:\Documents and Settings\ronnie bradford\Cookies\
[email protected][2].txt
C:\Documents and Settings\ronnie bradford\Cookies\ronnie____bradford@about[1].txt
C:\Documents and Settings\ronnie bradford\Cookies\
[email protected][1].txt
C:\Documents and Settings\ronnie bradford\Cookies\ronnie____bradford@addlvr[2].txt
C:\Documents and Settings\ronnie bradford\Cookies\ronnie____bradford@adtrgt[2].txt
C:\Documents and Settings\ronnie bradford\Cookies\ronnie____bradford@afy11[1].txt
C:\Documents and Settings\ronnie bradford\Cookies\ronnie____bradford@badongo[1].txt
C:\Documents and Settings\ronnie bradford\Cookies\
[email protected][2].txt
C:\Documents and Settings\ronnie bradford\Cookies\
[email protected][2].txt
C:\Documents and Settings\ronnie bradford\Cookies\
[email protected][1].txt
C:\Documents and Settings\ronnie bradford\Cookies\
[email protected][2].txt
C:\Documents and Settings\ronnie bradford\Cookies\ronnie____bradford@gamespot[2].txt
C:\Documents and Settings\ronnie bradford\Cookies\ronnie____bradford@go[2].txt
C:\Documents and Settings\ronnie bradford\Cookies\ronnie____bradford@harddrivefilter[2].txt
C:\Documents and Settings\ronnie bradford\Cookies\ronnie____bradford@hoverspot[1].txt
C:\Documents and Settings\ronnie bradford\Cookies\
[email protected][2].txt
C:\Documents and Settings\ronnie bradford\Cookies\ronnie____bradford@mapquest[2].txt
C:\Documents and Settings\ronnie bradford\Cookies\ronnie____bradford@myspace[1].txt
C:\Documents and Settings\ronnie bradford\Cookies\ronnie____bradford@nytimes[1].txt
C:\Documents and Settings\ronnie bradford\Cookies\ronnie____bradford@revsci[1].txt
C:\Documents and Settings\ronnie bradford\Cookies\
[email protected][1].txt
C:\Documents and Settings\ronnie bradford\Cookies\
[email protected][1].txt
C:\Documents and Settings\ronnie bradford\Cookies\ronnie____bradford@turn[1].txt
C:\Documents and Settings\ronnie bradford\Cookies\
[email protected][2].txt
C:\Documents and Settings\ronnie bradford\Cookies\
[email protected][3].txt
C:\Documents and Settings\ronnie bradford\Cookies\
[email protected][1].txt
C:\Documents and Settings\ronnie bradford\Cookies\
[email protected][2].txt
C:\Documents and Settings\ronnie bradford\Cookies\
[email protected][1].txt
C:\Documents and Settings\ronnie bradford\UserData
C:\Documents and Settings\ronnie bradford\UserData\A7EHA3I9\mnpFrames[1].xml
C:\Documents and Settings\ronnie bradford\UserData\index.dat
C:\Documents and Settings\ronnie bradford\UserData\QFARQNCN\YL[1].xml
C:\Documents and Settings\Zachary\Application Data\macromedia\Flash Player\#SharedObjects\AYB7TMFW\interclick.com
C:\Documents and Settings\Zachary\Application Data\macromedia\Flash Player\#SharedObjects\AYB7TMFW\interclick.com\ud.sol
C:\Documents and Settings\Zachary\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Zachary\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Zachary\Application Data\rhc1d9j0eeod
C:\Documents and Settings\Zachary\Cookies\
[email protected][1].txt
C:\Documents and Settings\Zachary\Cookies\zachary@about[2].txt
C:\Documents and Settings\Zachary\Cookies\zachary@ad[2].txt
C:\Documents and Settings\Zachary\Cookies\
[email protected][2].txt
C:\Documents and Settings\Zachary\Cookies\zachary@adrevolver[1].txt
C:\Documents and Settings\Zachary\Cookies\
[email protected][1].txt
C:\Documents and Settings\Zachary\Cookies\
[email protected][1].txt
C:\Documents and Settings\Zachary\Cookies\zachary@adtrgt[2].txt
C:\Documents and Settings\Zachary\Cookies\zachary@avsystemcare[1].txt
C:\Documents and Settings\Zachary\Cookies\zachary@buzznet[1].txt
C:\Documents and Settings\Zachary\Cookies\zachary@casalemedia[1].txt
C:\Documents and Settings\Zachary\Cookies\
[email protected][1].txt
C:\Documents and Settings\Zachary\Cookies\
[email protected][2].txt
C:\Documents and Settings\Zachary\Cookies\
[email protected][2].txt
C:\Documents and Settings\Zachary\Cookies\zachary@findarticles[2].txt
C:\Documents and Settings\Zachary\Cookies\zachary@gamespot[1].txt
C:\Documents and Settings\Zachary\Cookies\zachary@go[2].txt
C:\Documents and Settings\Zachary\Cookies\
[email protected][1].txt
C:\Documents and Settings\Zachary\Cookies\zachary@insightexpressai[2].txt
C:\Documents and Settings\Zachary\Cookies\zachary@metacafe[1].txt
C:\Documents and Settings\Zachary\Cookies\
[email protected][1].txt
C:\Documents and Settings\Zachary\Cookies\zachary@myspace[1].txt
C:\Documents and Settings\Zachary\Cookies\zachary@myspace[3].txt
C:\Documents and Settings\Zachary\Cookies\zachary@myspace[4].txt
C:\Documents and Settings\Zachary\Cookies\zachary@myspace[5].txt
C:\Documents and Settings\Zachary\Cookies\zachary@myspace[6].txt
C:\Documents and Settings\Zachary\Cookies\zachary@myspace[7].txt
C:\Documents and Settings\Zachary\Cookies\zachary@revsci[2].txt
C:\Documents and Settings\Zachary\Cookies\zachary@specificclick[2].txt
C:\Documents and Settings\Zachary\Cookies\
[email protected][2].txt
C:\Documents and Settings\Zachary\Cookies\zachary@sweetim[2].txt
C:\Documents and Settings\Zachary\Cookies\zachary@trafficmp[2].txt
C:\Documents and Settings\Zachary\UserData
C:\Documents and Settings\Zachary\UserData\7HP7GCNC\oWindowsUpdate[1].xml
C:\Documents and Settings\Zachary\UserData\EOVXOUVY\globals[1].xml
C:\Documents and Settings\Zachary\UserData\index.dat
C:\Documents and Settings\Zachary\UserData\OWJM55T5\sn[1].xml
C:\Documents and Settings\Zachary\UserData\UC24IUZ0\sn[1].xml
C:\Documents and Settings\Zachary\UserData\UC24IUZ0\YL[1].xml
C:\Program Files\rhc1d9j0eeod
C:\WINDOWS\cdmxtras
C:\WINDOWS\cdmxtras\uninst.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\3.tmp
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\7.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\adlgiwvo.ini
C:\WINDOWS\system32\B.tmp
C:\WINDOWS\system32\babsarbj.ini
C:\WINDOWS\system32\bwfjmlfo.dll
C:\WINDOWS\system32\C.tmp
C:\WINDOWS\system32\cache329
C:\WINDOWS\system32\D.tmp
C:\WINDOWS\system32\desioyjf.ini
C:\WINDOWS\system32\E.tmp
C:\WINDOWS\system32\edareoyi.dll
C:\WINDOWS\system32\eggiibic.ini
C:\WINDOWS\system32\F.tmp
C:\WINDOWS\system32\fjyoised.dll
C:\WINDOWS\system32\hmtqxugt.ini
C:\WINDOWS\system32\ierucuon.ini
C:\WINDOWS\system32\iyoerade.ini
C:\WINDOWS\system32\jhqhcjap.ini
C:\WINDOWS\system32\kblxcown.dll
C:\WINDOWS\system32\kpemtlit.ini
C:\WINDOWS\system32\kwcwwqsg.ini
C:\WINDOWS\system32\kyscmryq.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\noucurei.dll
C:\WINDOWS\system32\ntjsfckv.ini
C:\WINDOWS\system32\nwocxlbk.ini
C:\WINDOWS\system32\oflmjfwb.ini
C:\WINDOWS\system32\ovwiglda.dll
C:\WINDOWS\system32\P2P Networking
C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL
C:\WINDOWS\system32\P2P Networking\MARSHAL10.DLL
C:\WINDOWS\system32\P2P Networking\MARSHAL11.DLL
C:\WINDOWS\system32\P2P Networking\MARSHAL12.DLL
C:\WINDOWS\system32\P2P Networking\MARSHAL13.DLL
C:\WINDOWS\system32\P2P Networking\MARSHAL14.DLL
C:\WINDOWS\system32\P2P Networking\MARSHAL2.DLL
C:\WINDOWS\system32\P2P Networking\MARSHAL3.DLL
C:\WINDOWS\system32\P2P Networking\MARSHAL4.DLL
C:\WINDOWS\system32\P2P Networking\MARSHAL5.DLL
C:\WINDOWS\system32\P2P Networking\MARSHAL6.DLL
C:\WINDOWS\system32\P2P Networking\MARSHAL7.DLL
C:\WINDOWS\system32\P2P Networking\MARSHAL8.DLL
C:\WINDOWS\system32\P2P Networking\MARSHAL9.DLL
C:\WINDOWS\system32\P2P Networking\P2P Networking.eng
C:\WINDOWS\system32\P2P Networking\P2P Networking10.ENG
C:\WINDOWS\system32\P2P Networking\P2P Networking11.ENG
C:\WINDOWS\system32\P2P Networking\P2P Networking12.ENG
C:\WINDOWS\system32\P2P Networking\P2P Networking13.ENG
C:\WINDOWS\system32\P2P Networking\P2P Networking14.ENG
C:\WINDOWS\system32\P2P Networking\P2P Networking2.ENG
C:\WINDOWS\system32\P2P Networking\P2P Networking3.ENG
C:\WINDOWS\system32\P2P Networking\P2P Networking4.ENG
C:\WINDOWS\system32\P2P Networking\P2P Networking5.ENG
C:\WINDOWS\system32\P2P Networking\P2P Networking6.ENG
C:\WINDOWS\system32\P2P Networking\P2P Networking7.ENG
C:\WINDOWS\system32\P2P Networking\P2P Networking8.ENG
C:\WINDOWS\system32\P2P Networking\P2P Networking9.ENG
C:\WINDOWS\system32\qyufdgir.ini
C:\WINDOWS\system32\rigdfuyq.dll
C:\WINDOWS\system32\ssquklfo.ini
C:\WINDOWS\system32\tiltmepk.dll
C:\WINDOWS\system32\vodfyscx.ini
C:\WINDOWS\system32\xcsyfdov.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.
2008-08-18 00:31 . 2008-08-18 00:31 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-18 00:25 . 2008-08-18 01:36 <DIR> d-------- C:\SDFix
2008-08-14 16:18 . 2008-08-14 16:18 0 --a------ C:\WINDOWS\system32\4F.tmp
2008-08-09 11:09 . 2008-08-09 11:09 0 --a------ C:\WINDOWS\system32\45.tmp
2008-08-09 00:47 . 2008-08-09 00:47 0 --a------ C:\WINDOWS\system32\37.tmp
2008-08-06 07:48 . 2008-08-06 07:48 <DIR> d-------- C:\Documents and Settings\Debracca\Application Data\MySpace
2008-08-04 14:58 . 2008-08-04 14:58 <DIR> d-------- C:\Documents and Settings\Zachary\Application Data\MySpace
2008-07-31 22:14 . 2008-08-17 18:56 <DIR> d-------- C:\Program Files\MySpace
2008-07-31 22:14 . 2008-07-31 22:14 <DIR> d-------- C:\Documents and Settings\ronnie bradford\Application Data\MySpace
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 01:08 94,208 ----a-w C:\WINDOWS\system32\67.tmp
2008-08-18 00:56 94,208 ----a-w C:\WINDOWS\system32\66.tmp
2008-08-18 00:56 94,208 ----a-w C:\WINDOWS\system32\65.tmp
2008-08-18 00:56 94,208 ----a-w C:\WINDOWS\system32\64.tmp
2008-08-18 00:55 94,208 ----a-w C:\WINDOWS\system32\63.tmp
2008-08-18 00:55 94,208 ----a-w C:\WINDOWS\system32\62.tmp
2008-08-18 00:55 94,208 ----a-w C:\WINDOWS\system32\61.tmp
2008-08-18 00:55 94,208 ----a-w C:\WINDOWS\system32\60.tmp
2008-08-18 00:55 94,208 ----a-w C:\WINDOWS\system32\5F.tmp
2008-08-18 00:54 94,208 ----a-w C:\WINDOWS\system32\5E.tmp
2008-08-18 00:54 94,208 ----a-w C:\WINDOWS\system32\5D.tmp
2008-08-18 00:54 94,208 ----a-w C:\WINDOWS\system32\5C.tmp
2008-08-18 00:54 94,208 ----a-w C:\WINDOWS\system32\5B.tmp
2008-08-18 00:01 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-18 00:00 --------- d-----w C:\Program Files\AVS4YOU
2008-08-17 23:59 --------- d-----w C:\Program Files\Google
2008-08-17 23:50 94,208 ----a-w C:\WINDOWS\system32\5A.tmp
2008-08-14 23:01 94,208 ----a-w C:\WINDOWS\system32\59.tmp
2008-08-14 23:00 94,208 ----a-w C:\WINDOWS\system32\58.tmp
2008-08-14 23:00 94,208 ----a-w C:\WINDOWS\system32\57.tmp
2008-08-14 23:00 94,208 ----a-w C:\WINDOWS\system32\56.tmp
2008-08-14 23:00 94,208 ----a-w C:\WINDOWS\system32\55.tmp
2008-08-14 23:00 94,208 ----a-w C:\WINDOWS\system32\54.tmp
2008-08-14 23:00 94,208 ----a-w C:\WINDOWS\system32\53.tmp
2008-08-14 22:59 94,208 ----a-w C:\WINDOWS\system32\52.tmp
2008-08-14 22:54 94,208 ----a-w C:\WINDOWS\system32\51.tmp
2008-08-14 22:54 94,208 ----a-w C:\WINDOWS\system32\50.tmp
2008-08-14 21:18 94,208 ----a-w C:\WINDOWS\system32\4E.tmp
2008-08-14 21:18 94,208 ----a-w C:\WINDOWS\system32\4D.tmp
2008-08-14 16:11 94,208 ----a-w C:\WINDOWS\system32\4C.tmp
2008-08-14 16:11 94,208 ----a-w C:\WINDOWS\system32\4B.tmp
2008-08-13 13:39 94,208 ----a-w C:\WINDOWS\system32\4A.tmp
2008-08-13 13:38 94,208 ----a-w C:\WINDOWS\system32\49.tmp
2008-08-13 13:38 94,208 ----a-w C:\WINDOWS\system32\48.tmp
2008-08-12 01:51 94,208 ----a-w C:\WINDOWS\system32\47.tmp
2008-08-11 13:59 94,208 ----a-w C:\WINDOWS\system32\46.tmp
2008-08-09 16:09 94,208 ----a-w C:\WINDOWS\system32\44.tmp
2008-08-09 16:08 94,208 ----a-w C:\WINDOWS\system32\43.tmp
2008-08-09 16:08 94,208 ----a-w C:\WINDOWS\system32\42.tmp
2008-08-09 16:08 94,208 ----a-w C:\WINDOWS\system32\41.tmp
2008-08-09 16:07 94,208 ----a-w C:\WINDOWS\system32\40.tmp
2008-08-09 16:07 94,208 ----a-w C:\WINDOWS\system32\3F.tmp
2008-08-09 16:07 94,208 ----a-w C:\WINDOWS\system32\3E.tmp
2008-08-09 16:07 94,208 ----a-w C:\WINDOWS\system32\3D.tmp
2008-08-09 16:07 94,208 ----a-w C:\WINDOWS\system32\3C.tmp
2008-08-09 16:07 94,208 ----a-w C:\WINDOWS\system32\3B.tmp
2008-08-09 16:01 94,208 ----a-w C:\WINDOWS\system32\3A.tmp
2008-08-09 16:00 94,208 ----a-w C:\WINDOWS\system32\39.tmp
2008-08-09 16:00 94,208 ----a-w C:\WINDOWS\system32\38.tmp
2008-08-09 16:00 94,208 ----a-w C:\WINDOWS\system32\34.tmp
2008-08-09 05:47 94,208 ----a-w C:\WINDOWS\system32\36.tmp
2008-08-09 05:47 94,208 ----a-w C:\WINDOWS\system32\35.tmp
2008-08-09 05:46 94,208 ----a-w C:\WINDOWS\system32\33.tmp
2008-08-09 05:46 94,208 ----a-w C:\WINDOWS\system32\32.tmp
2008-08-09 05:46 94,208 ----a-w C:\WINDOWS\system32\31.tmp
2008-08-09 05:46 94,208 ----a-w C:\WINDOWS\system32\30.tmp
2008-07-11 07:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-11 07:09 --------- d-----w C:\Program Files\WMA-MP3.com
2008-07-11 07:04 --------- d-----w C:\Documents and Settings\ronnie bradford\Application Data\AVS4YOU
2008-07-11 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-07-11 05:02 --------- d-----w C:\Documents and Settings\ronnie bradford\Application Data\ImgBurn
2008-07-11 04:51 --------- d-----w C:\Program Files\ImgBurn
2008-06-30 02:37 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-28 22:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-21 20:26 --------- d-----w C:\Documents and Settings\ronnie bradford\Application Data\Blackberry Desktop
2008-06-21 20:17 --------- d-----w C:\Documents and Settings\ronnie bradford\Application Data\Research In Motion
2008-06-21 19:24 --------- d-----w C:\Program Files\Common Files\Research In Motion
2008-06-21 19:23 --------- d-----w C:\Program Files\Research In Motion
2008-06-13 20:15 91,376 ----a-w C:\WINDOWS\system32\isafprod.dll
2005-05-15 02:10 0 ---ha-w C:\Documents and Settings\Zachary\hpothb07.dat
2004-05-03 14:32 0 ---ha-w C:\Documents and Settings\ronnie bradford\hpothb07.dat
.
------- Sigcheck -------
2004-08-04 01:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
md5deep: C:\WINDOWS\system32\svchost.exe: error at offset 0: Permission denied
2004-08-04 01:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
md5deep: C:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied
md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
2004-08-04 01:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-04 01:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe
md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied
2004-08-04 01:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied
2004-08-04 01:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
md5deep: C:\WINDOWS\system32\spoolsv.exe: error at offset 0: Permission denied
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-29 21:37 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-07-30 17:29 181488]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2008-06-13 15:15 234736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-01-31 20:39:12 110592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-29 21:37 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"NSsbdPDcr"= {5B7790D4-F1DD-3A7E-476E-75E87751CB3C} - C:\WINDOWS\system32\mhgcb.dll [2004-08-04 01:56 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MI-SC4"= MI-SC4.acm
"SENTINEL"= snti386.dll
"msacm.avis"= ff_acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^ronnie bradford^Start Menu^Programs^Startup^TA_Start.lnk]
backup=C:\WINDOWS\pss\TA_Start.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ronnie bradford^Start Menu^Programs^Startup^Think-Adz.lnk]
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadStudio
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-01-05 14:46 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
--a------ 2007-01-24 16:05 5237248 C:\Program Files\Kazaa\kazaa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 05:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-06-29 21:37 1506544 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
-ra------ 1998-05-11 20:01 159744 C:\WINDOWS\system32\TWEAKUI.CPL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Messenger"=2 (0x2)
"AOL ACS"=3 (0x3)
"Psnsoa1c0r"=3 (0x3)
"svcWRSSSDK"=2 (0x2)
"CaCCProvSP"=3 (0x3)
"gusvc"=3 (0x3)
"CAISafe"=2 (0x2)
"AresChatServer"=3 (0x3)
"LightScribeService"=2 (0x2)
"GoogleDesktopManager-121807-210419"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bit Lord 1.1\\BitLord.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\caav.exe"=
"C:\\Program Files\\CA\\CA Internet Security Suite\\casecuritycenter.exe"=
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys [2002-11-05 10:04]
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2002-11-05 10:04]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2003-07-16 20:01]
S3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\aliirda.sys [2003-07-10 06:16]
S3 IR500;IR500;C:\WINDOWS\system32\DRIVERS\IR500.sys [2002-02-23 15:31]
S3 lgatbus;LG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\lgatbus.sys [2002-10-15 16:03]
S3 lgatmdm;LG CDMA USB Modem Drivers;C:\WINDOWS\system32\DRIVERS\lgatmdm.sys [2002-10-15 16:05]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\lgatserd.sys [2002-10-15 16:07]
S3 MPD16USB;AKAIpro MPD16 Driver;C:\WINDOWS\system32\Drivers\MPD16USB.sys [2006-07-12 17:30]
S3 PortRst;PortRst;C:\WINDOWS\system32\DRIVERS\PortRst.sys [2002-01-29 17:33]
S4 gearsec;gearsec;C:\WINDOWS\System32\gearsec.exe [2001-09-12 08:59]
S4 GoogleDesktopManager-121807-210419;Google Desktop Manager 5.7.712.18632;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-05 14:46]
.
Contents of the 'Scheduled Tasks' folder
2008-08-17 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EFB8FE23-B3D4-4251-9B70-D6E498940C9D}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 19:36]
2008-08-02 C:\WINDOWS\Tasks\WebReg 20040411005753.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2002-12-10 17:09]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-ares ultra - C:\Program Files\Ares Ultra\Ares Ultra.exe
MSConfigStartUp-NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe
MSConfigStartUp-SMrhc1d9j0eeod - C:\Program Files\rhc1d9j0eeod\rhc1d9j0eeod.exe
MSConfigStartUp-SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\ronnie bradford\Application Data\Mozilla\Firefox\Profiles\2gybjj84.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-18 02:13:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-08-18 2:23:54 - machine was rebooted [ronnie bradford]
ComboFix-quarantined-files.txt 2008-08-18 07:23:25
Pre-Run: 4,621,512,704 bytes free
Post-Run: 5,984,620,544 bytes free
412