Here are the lastest scans, looks like there are still a few irritating things hanging on! My computer seems to be running well, but the clock is still on military time. Thanks for persisting....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:01, on 8/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Weather Pulse\weatherpulse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://militarybank...itary/login.jspR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061121
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"
O4 - HKLM\..\Run: [KEMailKb] "C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE"
O4 - HKLM\..\Run: [KPDrv4XP] "C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE"
O4 - HKLM\..\Run: [CanonSolutionMenu] "C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" /logon
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [Weather Pulse] "C:\Program Files\Weather Pulse\weatherpulse.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://supportcenter...oad/tgctlcm.cabO16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) -
https://sctcdm09.ext...om/iNotes6W.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photos.walmar...martActivia.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1218590944937O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) -
http://asp.mathxl.co...nstallAsst2.cabO16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) -
http://h30155.www3.h...edsolutions.cabO16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) -
http://plugin.fileop...nt/FileOpen.CABO16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) -
http://asp.mathxl.co.../MathPlayer.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 8503 bytes
ComboFix 08-08-23.01 - Mom 2008-08-25 20:18:05.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.536 [GMT -4:00]
Running from: C:\Documents and Settings\Mom\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mom\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mom\Cookies\
[email protected][2].txt
C:\Documents and Settings\Mom\Cookies\mom@revsci[2].txt
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\favicon.ico
C:\WINDOWS\uccspecc.sys
.
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.
2008-08-24 00:06 . 2008-08-24 00:06 578,560 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-08-24 00:03 . 2008-08-24 00:04 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-22 21:55 . 2008-08-22 21:55 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-22 21:55 . 2008-08-22 21:55 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-22 21:55 . 2008-08-22 21:55 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-22 21:55 . 2008-08-22 21:55 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-22 21:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-22 21:18 . 2008-08-22 21:18 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-22 21:18 . 2008-08-22 21:18 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-22 21:18 . 2008-08-22 21:18 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-22 21:18 . 2008-08-22 21:18 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-22 21:14 . 2008-08-22 21:14 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-22 21:00 . 2008-08-22 21:00 <DIR> d-------- C:\WINDOWS\EHome
2008-08-22 16:35 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-22 16:34 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-22 15:48 . 2008-08-24 00:19 <DIR> d-------- C:\SDFix
2008-08-21 23:12 . 2008-08-21 23:12 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\Uniblue
2008-08-21 22:42 . 2008-05-01 10:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-21 22:41 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-21 22:13 . 2008-08-22 22:54 <DIR> d-------- C:\VundoFix Backups
2008-08-15 23:43 . 2008-08-15 23:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-15 23:19 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-15 23:17 . 2008-08-15 23:17 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-08-14 22:00 . 2008-08-14 22:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-08-14 22:00 . 2008-07-28 16:44 166,512 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-08-14 22:00 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-08-14 22:00 . 2008-07-28 16:44 23,152 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-08-14 21:59 . 2008-08-14 21:59 <DIR> d-------- C:\Program Files\Webroot
2008-08-14 21:59 . 2008-08-14 21:59 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\Webroot
2008-08-14 21:59 . 2008-08-14 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-08-14 21:59 . 2008-07-28 18:15 1,538,928 --a------ C:\WINDOWS\WRSetup.dll
2008-08-14 21:55 . 2008-08-14 23:19 164 --a------ C:\install.dat
2008-08-14 21:35 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-14 21:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-14 21:35 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-14 21:35 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-14 21:35 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-14 21:35 . 2008-08-15 23:20 5,368 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-06 16:09 . 2008-08-06 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-08-06 16:07 . 2008-08-06 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-07-28 16:44 . 2008-07-28 16:44 29,808 --a------ C:\WINDOWS\system32\drivers\ssfs0bbc.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 23:02 --------- d-----w C:\Program Files\Weather Pulse
2008-08-25 03:16 --------- d-----w C:\Program Files\Quicken
2008-08-23 03:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\PureEdge
2008-08-23 02:06 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-08-23 02:06 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-08-23 02:06 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-08-23 02:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-23 01:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-23 01:55 --------- d-----w C:\Program Files\Symantec
2008-08-23 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-23 01:41 --------- d-----w C:\Program Files\McAfee
2008-08-23 01:40 --------- d-----w C:\Program Files\Google
2008-08-23 01:38 --------- d-----w C:\Program Files\Java
2008-08-17 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-08-16 03:41 --------- d-----w C:\Documents and Settings\Mom\Application Data\U3
2008-08-15 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-08-12 21:50 --------- d-----w C:\Program Files\Yahoo!
2008-08-12 21:46 --------- d-----w C:\Program Files\Canon
2008-08-12 21:46 --------- d-----w C:\Documents and Settings\Mom\Application Data\Canon
2008-08-06 20:08 --------- d-----w C:\Program Files\IncrediMail
2008-07-14 00:07 --------- d-----w C:\Program Files\Hasbro Interactive
2008-07-10 21:08 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 14:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2007-10-27 19:38 74,056 ----a-w C:\Documents and Settings\Mom\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot_2008-08-23_23.12.07.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:45:15 512,000 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:45:16 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:45:16 172,032 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:45:16 430,080 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:45:17 90,112 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-08-07 20:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-24 04:04:14 6,103,040 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000001\NTUSER.DAT
+ 2008-08-24 04:04:14 290,816 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000002\UsrClass.dat
+ 2008-08-07 20:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-24 04:04:01 6,103,040 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\
00000001\NTUSER.DAT
+ 2008-08-24 04:04:02 290,816 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\
00000002\UsrClass.dat
- 2008-04-14 00:12:15 139,264 ----a-w C:\WINDOWS\system32\cscript.exe
+ 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
+ 2008-05-07 09:07:23 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
+ 2008-05-09 10:53:39 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-05-09 10:53:39 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
+ 2008-05-09 10:53:40 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
+ 2008-05-09 10:53:40 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2008-05-09 10:53:40 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
- 2008-04-14 00:11:56 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-05-09 10:53:39 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-04-14 00:12:05 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
+ 2008-05-09 10:53:39 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
- 2008-04-14 00:12:05 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
+ 2008-05-09 10:53:40 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
- 2008-04-14 00:12:08 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2008-05-09 10:53:40 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2008-04-14 00:12:41 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
- 2008-04-14 00:12:10 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
+ 2008-05-09 10:53:40 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
+ 2008-08-26 00:40:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_538.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\870.bat
2008-08-11 23:11 355 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP639\A0119319.bat
C:\ctfmon.exe
2008-08-11 23:11 83456 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP639\A0119320.exe
C:\Documents and Settings\Mom\4330.bat
2008-08-11 23:11 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP639\A0119321.bat
2008-08-22 22:05 371248 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2008-08-22 22:05 371248 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119515.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080823.004\CCERASER.DLL
2008-08-22 22:05 2389552 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642\A0123578.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080823.004\ECMSVR32.DLL
2008-08-22 22:05 259440 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642\A0123580.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080823.004\EECTRL.SYS
2008-08-22 22:05 371248 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642\A0123581.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080823.004\ERASER.SYS
2008-08-22 22:05 99376 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642\A0123583.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080823.004\NAVENG.SYS
2008-08-22 22:05 89104 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642\A0123584.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080823.004\NAVENG32.DLL
2008-08-22 22:05 177520 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642\A0123586.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080823.004\NAVEX15.SYS
2008-08-22 22:05 873552 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642\A0123587.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080823.004\NAVEX32A.DLL
2008-08-22 22:05 1176944 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642\A0123589.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080823.019\CCERASER.DLL
2008-08-22 22:05 2389552 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642\A0123608.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080823.019\ECMSVR32.DLL
2008-08-22 22:05 259440 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642\A0123610.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080823.019\EECTRL.SYS
2008-08-22 22:05 371248 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642\A0123611.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080823.019\ERASER.SYS
2008-08-22 22:05 99376 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642\A0123613.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080823.019\NAVENG.SYS
2008-08-22 22:05 89104 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642\A0123614.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080823.019\NAVENG32.DLL
2008-08-22 22:05 177520 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642\A0123616.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080823.019\NAVEX15.SYS
2008-08-22 22:05 873552 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642\A0123617.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080823.019\NAVEX32A.DLL
2008-08-22 22:05 1176944 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642\A0123619.DLL
C:\Program Files\Coupons\uninstall.exe
2007-11-21 16:21 473600 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP639\A0119318.exe
2008-08-07 16:26 1218 C:\SDFix\apps\assosfix.reg
2008-08-07 16:26 1218 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119479.reg
2008-08-07 16:26 10240 C:\SDFix\apps\cliptext.exe
2008-08-07 16:26 10240 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119447.exe
2008-08-07 16:27 61440 C:\SDFix\apps\download.exe
2008-08-07 16:27 61440 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119448.exe
2008-08-07 16:27 1024 C:\SDFix\apps\dummy.sys
2008-08-07 16:27 1024 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119475.sys
2008-08-07 16:27 344 C:\SDFix\apps\Enable_Command_Prompt.reg
2008-08-07 16:27 344 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119480.reg
2008-08-07 16:27 157696 C:\SDFix\apps\ERUNT.EXE
2008-08-07 16:27 157696 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119449.EXE
2008-08-07 16:27 4538 C:\SDFix\apps\fix.reg
2008-08-07 16:27 4538 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119481.reg
2008-08-13 00:15 748 C:\SDFix\apps\FixBeep.reg
2008-08-13 00:15 748 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119482.reg
2008-08-18 03:11 272804 C:\SDFix\apps\FixBH.reg
2008-08-18 03:11 272804 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119483.reg
2008-08-07 16:27 2010 C:\SDFix\apps\FixComponents.reg
2008-08-07 16:27 2010 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119484.reg
2008-08-18 04:46 43088 C:\SDFix\apps\FIXCU.reg
2008-08-18 04:46 43088 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119485.reg
2008-08-18 20:10 83224 C:\SDFix\apps\FIXLM.reg
2008-08-18 20:10 83224 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119486.reg
2008-08-07 16:27 27136 C:\SDFix\apps\FixPath.exe
2008-08-07 16:27 27136 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119450.exe
2008-08-07 16:27 619 C:\SDFix\apps\FixRedir.reg
2008-08-07 16:27 619 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119487.reg
2008-08-07 16:27 826 C:\SDFix\apps\FixSchedule.reg
2008-08-07 16:27 826 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119488.reg
2008-08-07 16:27 932 C:\SDFix\apps\FixWebCheck.reg
2008-08-07 16:27 932 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119489.reg
2008-08-07 16:27 1610 C:\SDFix\apps\fixXP.reg
2008-08-07 16:27 1610 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119490.reg
2008-08-07 16:27 404 C:\SDFix\apps\FixXPsp2.reg
2008-08-07 16:27 404 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119491.reg
2008-08-07 16:27 80412 C:\SDFix\apps\grep.exe
2008-08-07 16:27 80412 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119451.exe
2008-08-07 16:27 1069 C:\SDFix\apps\HaxdFix.reg
2008-08-07 16:27 1069 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119492.reg
2008-08-07 16:27 870 C:\SDFix\apps\HPFix.reg
2008-08-07 16:27 870 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119493.reg
2008-08-07 16:27 185 C:\SDFix\apps\HPFix2.reg
2008-08-07 16:27 185 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119494.reg
2008-08-07 16:27 1772 C:\SDFix\apps\HPFix3.reg
2008-08-07 16:27 1772 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119495.reg
2008-08-07 16:27 1400 C:\SDFix\apps\HPFix4.reg
2008-08-07 16:27 1400 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119496.reg
2008-08-07 16:27 690 C:\SDFix\apps\HPFix5.reg
2008-08-07 16:27 690 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119497.reg
2008-08-07 16:27 1228 C:\SDFix\apps\HPFix6.reg
2008-08-07 16:27 1228 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119498.reg
2008-08-07 16:27 2456 C:\SDFix\apps\HPFix7.reg
2008-08-07 16:27 2456 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119499.reg
2008-08-07 16:27 1360 C:\SDFix\apps\HPFix8.reg
2008-08-07 16:27 1360 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119500.reg
2008-08-07 16:27 2278 C:\SDFix\apps\HPFix9.reg
2008-08-07 16:27 2278 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119501.reg
2008-08-07 16:27 33280 C:\SDFix\apps\isadmin.exe
2008-08-07 16:27 33280 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119452.exe
2003-12-09 01:31 11254 C:\SDFix\apps\locate.com
2003-12-09 01:31 11254 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119445.com
2008-08-07 16:27 49152 C:\SDFix\apps\LS.exe
2008-08-07 16:27 49152 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119453.exe
2008-08-07 16:27 6656 C:\SDFix\apps\MD5File.exe
2008-08-07 16:27 6656 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119454.exe
2008-08-07 16:27 38400 C:\SDFix\apps\moveex.exe
2008-08-07 16:27 38400 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119455.exe
2008-08-07 16:27 402 C:\SDFix\apps\MyGcpvFix.reg
2008-08-07 16:27 402 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119502.reg
2008-08-07 16:27 2286 C:\SDFix\apps\MyGkFix2.reg
2008-08-07 16:27 2286 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119503.reg
2008-08-07 16:27 53248 C:\SDFix\apps\Process.exe
2008-08-07 16:27 53248 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119456.exe
2008-08-07 16:27 16414 C:\SDFix\apps\procs.exe
2008-08-07 16:27 16414 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119457.exe
2008-08-07 16:27 61440 C:\SDFix\apps\psservice.exe
2008-08-07 16:27 61440 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119458.exe
2008-08-07 16:27 146432 C:\SDFix\apps\Replace\regedit.exe
2008-08-07 16:27 146432 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119459.exe
2008-08-07 16:27 94208 C:\SDFix\apps\Replace\W2K.exe
2008-08-07 16:27 94208 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119469.exe
2008-08-07 16:27 4080 C:\SDFix\apps\Replace\w2k\beep.sys
2008-08-07 16:27 4080 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119473.sys
2008-08-07 16:27 2800 C:\SDFix\apps\Replace\w2k\null.sys
2008-08-07 16:27 2800 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119477.sys
2008-08-07 16:27 94208 C:\SDFix\apps\Replace\XP.exe
2008-08-07 16:27 94208 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119471.exe
2008-08-07 16:27 4224 C:\SDFix\apps\Replace\xp\beep.sys
2008-08-07 16:27 4224 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119474.sys
2008-08-07 16:27 2944 C:\SDFix\apps\Replace\xp\null.sys
2008-08-07 16:27 2944 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119478.sys
2008-08-07 16:27 134 C:\SDFix\apps\Reset_AppInit_DLLs.reg
2008-08-07 16:27 134 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119504.reg
2008-08-07 16:27 8192 C:\SDFix\apps\RestartIt!.exe
2008-08-07 16:27 8192 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119460.exe
2007-12-08 11:50 24098 C:\SDFix\apps\Restore_SafeBoot_Windows2000.reg
2007-12-08 11:50 24098 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119505.reg
2007-02-19 00:21 27054 C:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
2007-02-19 00:21 27054 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119506.reg
2008-07-30 00:06 27144 C:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
2008-07-30 00:06 27144 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119507.reg
2008-08-07 16:27 3654 C:\SDFix\apps\Restore_SecurityCenter.reg
2008-08-07 16:27 3654 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119508.reg
2008-08-07 16:27 5768 C:\SDFix\apps\Restore_SharedAccess.reg
2008-08-07 16:27 5768 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119509.reg
2008-08-07 16:27 31232 C:\SDFix\apps\sc.exe
2008-08-07 16:27 31232 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119461.exe
2008-08-07 16:27 98816 C:\SDFix\apps\sed.exe
2008-08-07 16:27 98816 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119462.exe
2008-08-07 16:27 49152 C:\SDFix\apps\SF.exe
2008-08-07 16:27 49152 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119463.exe
2008-08-07 16:27 19456 C:\SDFix\apps\shutdown.exe
2008-08-07 16:27 19456 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119464.exe
2008-08-07 16:27 167936 C:\SDFix\apps\unzip.exe
2008-08-07 16:27 167936 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119467.exe
2008-08-07 16:27 41472 C:\SDFix\apps\WINMSG.EXE
2008-08-07 16:27 41472 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119470.EXE
2008-08-07 16:27 304 C:\SDFix\apps\winsec.reg
2008-08-07 16:27 304 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119510.reg
2008-08-07 16:27 126976 C:\SDFix\apps\zip.exe
2008-08-07 16:27 126976 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119472.exe
2008-08-07 16:27 145920 C:\SDFix\catchme.exe
2008-08-07 16:27 145920 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119446.exe
2008-08-07 16:27 1024 C:\SDFix\dummy.sys
2008-08-07 16:27 1024 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119476.sys
2008-08-19 01:36 735372 C:\SDFix\RunThis.bat
2008-08-19 01:36 735372 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0119442.bat
C:\WINDOWS\inf\_000000_.tmp.dll
2008-06-24 12:48 926 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP641\A0121516.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57 395776]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 20:12 1695232]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 14:22 243072]
"Weather Pulse"="C:\Program Files\Weather Pulse\weatherpulse.exe" [2008-04-24 00:01 1859072]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-23 13:12 7630848]
"nwiz"="C:\WINDOWS\system32\nwiz.exe" [2006-08-23 13:12 1617920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-23 13:12 86016]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"SigmatelSysTrayApp"="C:\WINDOWS\stsystra.exe" [2006-08-15 03:38 282624]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-20 00:10 196608]
"KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [2005-08-09 04:27 401408]
"KPDrv4XP"="C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [2005-02-21 07:15 40960]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 21:00 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 21:50 1603152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-27 18:28 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-04-30 16:44 115560]
C:\Documents and Settings\Mom\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-11-26 02:35:34 157008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 15:08:08 57344]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
R0 ssfs0bbc;ssfs0bbc;C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys [2008-07-28 16:44]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 12:20]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-08-22 22:06]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57ba671a-9c61-11db-924a-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-08-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-08-23 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-07-28 18:15]
2008-08-23 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-07-28 18:15]
2008-08-23 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\","D:\","F:\","G:\","H:\","I:\" []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-25 20:46:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-25 21:00:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 00:59:44
ComboFix2.txt 2008-08-24 03:53:49
ComboFix3.txt 2008-08-24 03:16:35
ComboFix4.txt 2008-08-23 00:00:36
Pre-Run: 55,195,844,608 bytes free
Post-Run: 55,236,108,288 bytes free
431 --- E O F --- 2008-08-24 05:04:12
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 25, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, August 26, 2008 02:33:53
Records in database: 1146436
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
F:\
G:\
H:\
I:\
Scan statistics:
Files scanned: 69940
Threat name: 3
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:17:45
File name / Threat name / Threats count
C:\QooBox\Quarantine\C\WINDOWS\system32\sxlfejfi.dll.vir Infected: Trojan.Win32.Monder.fxl 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wvkcbz.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cvf 1
C:\VundoFix Backups\efcASlmj.dll.bad Infected: Trojan.Win32.Monderb.few 1
C:\VundoFix Backups\slvlgyrn.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.cvf 1
C:\VundoFix Backups\sxlfejfi.dll.bad Infected: Trojan.Win32.Monder.fxl 1
The selected area was scanned.