ComboFix 08-02-17.2 - Mom 2008-02-17 13:45:10.1 - NTFSx86 Running from: C:\Documents and Settings\Mom\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))) . 2008-02-17 13:41 . 2008-02-17 13:41 d-------- C:\Program Files\Trend Micro 2008-02-01 17:58 . 2008-02-01 17:58 25 --a------ C:\WINDOWS\cdplayer.ini 2008-02-01 15:40 . 2008-02-01 15:40 d-------- C:\Program Files\Common Files\xing shared 2008-02-01 15:38 . 2008-02-01 15:40 d-------- C:\Program Files\Real . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-17 21:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-17 20:03 --------- d-----w C:\Program Files\FirstClass 2008-02-14 00:03 --------- d-----w C:\Documents and Settings\Mom\Application Data\Canon 2008-02-13 22:22 --------- d-----w C:\Documents and Settings\Mom\Application Data\OpenOffice.org2 2008-02-12 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-02-04 04:46 --------- d-----w C:\Program Files\OpenOffice.org1.1.2 2008-02-01 23:39 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-02-01 23:39 --------- d-----w C:\Program Files\Common Files\Real 2008-01-15 17:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat 2008-01-15 13:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-01-13 02:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-01-06 23:24 --------- d-----w C:\Program Files\Inspiration 7.6 2008-01-06 23:21 --------- d-----w C:\Documents and Settings\Mom\Application Data\Inspiration Software 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-05 05:47 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll 2007-06-14 17:00 109,696 ----a-w C:\Documents and Settings\Mom\Application Data\GDIPFONTCACHEV1.DAT 2006-07-14 18:53 109,696 ----a-w C:\Documents and Settings\Ramon\Application Data\GDIPFONTCACHEV1.DAT 2003-08-24 20:41 63,976 ----a-w C:\Documents and Settings\Dakota\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 14:16 5058560] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816] "Ad-watch"="C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" [2003-02-12 21:04 392192] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 17:12 777424] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152] "Motive SmartBridge"="C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe" [2004-07-21 18:46 393216] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-13 23:11 771704] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-01 15:39 185896] C:\Documents and Settings\Soaring Eagle Educat\Start Menu\Programs\Startup\ OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48 393216] [HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^OpenOffice.org 1.1.2.lnk] path=C:\Documents and Settings\Mom\Start Menu\Programs\Startup\OpenOffice.org 1.1.2.lnk backup=C:\WINDOWS\pss\OpenOffice.org 1.1.2.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=C:\Documents and Settings\Mom\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup [HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Event Reminder.lnk] path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Event Reminder.lnk backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup [HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --------- 2004-08-03 23:56 15360 C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON] C:\WINDOWS\System32\LXSUPMON.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio] --a------ 2001-08-23 13:52 331830 C:\Program Files\Microsoft Works\WksSb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] --a------ 2001-07-25 10:00 241714 C:\Program Files\Microsoft Money\System\Activation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --ahs---- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --------- 2003-10-06 14:16 741376 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2008-02-01 15:39 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD] --a------ 2001-10-05 16:34 24576 C:\Program Files\Microsoft Works\wkfud.exe R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09] R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09] R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2005-10-03 16:35] S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2005-10-03 16:19] S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 06:02] *Newly Created Service* - COMHOST . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-17 14:00:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-17 14:10:05 . 2008-02-12 22:54:15 --- E O F ---