Hi, Here is that list. I did have a window popup as the computer was rebooting. It read nircmd.cfexe.dll application failed to initialize. I had to close that out for it to reboot. Thanks, George
ComboFix 07-11-08.1 - dad 2007-11-10 19:35:44.1 - NTFSx86
Running from: C:\Documents and Settings\dad\Local Settings\Temporary Internet Files\Content.IE5\CGUV57JS\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\Starware
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\cursorcafe.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\cursorcafeA.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\games.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\gamesA.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\moviesA.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\screensaverA.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\contexts\error.xml
C:\Documents and Settings\All Users\Application Data.\Starware\contexts\related.xml
C:\Documents and Settings\All Users\Application Data.\Starware\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data.\Starware\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data\Starware\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\dad\Application Data\FNTS~1
C:\Documents and Settings\dad\Application Data\FunWebProducts
C:\Documents and Settings\dad\Application Data\FunWebProducts\Data\dad\avatar.dat
C:\Documents and Settings\dad\Application Data\FunWebProducts\Data\dad\register.dat
C:\Documents and Settings\dad\Application Data\MBOLS~1
C:\Documents and Settings\mom\Application Data\FunWebProducts
C:\Documents and Settings\mom\Application Data\FunWebProducts\Data\mom\wffavs.dat
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\ecurit~1
C:\Program Files\Common Files\sembly~1
C:\Program Files\crosof~1.net
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\
012A283F.urr
C:\Program Files\FunWebProducts\Shared\Cache(2)\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache(2)\SmileyCentralBtn.html
C:\Program Files\ISM
C:\Program Files\ISM\BndDrive7.dll
C:\Program Files\ISM2
C:\Program Files\ISM2\cringupd.exe
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\hydramedupd.exe
C:\Program Files\ISM2\ISMPack6.exe
C:\Program Files\ISM2\ISMPack7.exe
C:\Program Files\ISM2\ISMPack8.exe
C:\Program Files\ISM2\targets.gz
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\Cache(2)\
000C6065.bin
C:\Program Files\MyWebSearch\bar\Cache(2)\
000C670C.bin
C:\Program Files\MyWebSearch\bar\Cache(2)\
000C698D.bin
C:\Program Files\MyWebSearch\bar\Cache(2)\
000C6C0D.bin
C:\Program Files\MyWebSearch\bar\Cache(2)\
000C6EFB.bin
C:\Program Files\MyWebSearch\bar\Cache(2)\
0210DFB9
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\Installer\bin\ScreensaversInst.dll
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\Program Files\smante~1
C:\Program Files\tsks~1
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.
2007-11-10 19:43 <DIR> d-------- C:\Program Files\p2pnetworks
2007-11-10 19:43 <DIR> d-------- C:\Program Files\e-zshopper
2007-11-10 19:43 <DIR> d-------- C:\Program Files\amsys
2007-11-10 19:43 <DIR> d-------- C:\Program Files\akl
2007-11-10 19:43 <DIR> d-------- C:\Program Files\Accoona
2007-11-10 19:43 <DIR> d-------- C:\Program Files\3721
2007-11-10 19:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-06 19:59 28,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys
2007-11-06 01:31 <DIR> d-------- C:\WINDOWS\SYSTEM32\acespy
2007-11-04 11:01 4 --a------ C:\WINDOWS\SYSTEM32\stfv.bin
2007-11-04 10:57 21,248 --a------ C:\WINDOWS\SYSTEM32\ace16win.dll
2007-11-04 01:08 12 --a------ C:\WINDOWS\SYSTEM32\dpqaqlqx.bin
2007-11-04 01:07 123,908 --a------ C:\WINDOWS\SYSTEM32\vvgeowbv.exe
2007-11-04 01:07 27,702 --a------ C:\info.exe
2007-11-04 01:07 21,504 --a------ C:\WINDOWS\SYSTEM32\aivskurq.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 00:43 9,984 ----a-w C:\WINDOWS\kvnab.exe
2007-11-11 00:43 9,728 ----a-w C:\WINDOWS\SYSTEM32\wml.exe
2007-11-11 00:43 9,472 ----a-w C:\WINDOWS\fhfmm-Uninstaller.exe
2007-11-11 00:43 8,192 ----a-w C:\WINDOWS\flt.dll
2007-11-11 00:43 32,256 ----a-w C:\WINDOWS\kkcomp.dll
2007-11-11 00:43 31,488 ----a-w C:\WINDOWS\liqui.exe
2007-11-11 00:43 29,696 ----a-w C:\WINDOWS\kkcomp.exe
2007-11-11 00:43 29,440 ----a-w C:\WINDOWS\ngd.dll
2007-11-11 00:43 29,440 ----a-w C:\WINDOWS\liqad$.exe
2007-11-11 00:43 29,184 ----a-w C:\WINDOWS\dp0.dll
2007-11-11 00:43 28,928 ----a-w C:\WINDOWS\settn.dll
2007-11-11 00:43 28,672 ----a-w C:\WINDOWS\wml.exe
2007-11-11 00:43 28,672 ----a-w C:\WINDOWS\7search.dll
2007-11-11 00:43 28,160 ----a-w C:\WINDOWS\eventlowg.dll
2007-11-11 00:43 27,392 ----a-w C:\WINDOWS\ie_32.exe
2007-11-11 00:43 27,136 ----a-w C:\WINDOWS\xadbrk.dll
2007-11-11 00:43 26,624 ----a-w C:\WINDOWS\hotporn.exe
2007-11-11 00:43 26,112 ----a-w C:\WINDOWS\kkcomp$.exe
2007-11-11 00:43 25,344 ----a-w C:\WINDOWS\liqad.dll
2007-11-11 00:43 24,320 ----a-w C:\WINDOWS\xxxvideo.exe
2007-11-11 00:43 24,320 ----a-w C:\WINDOWS\pbar.dll
2007-11-11 00:43 23,552 ----a-w C:\WINDOWS\daxtime.dll
2007-11-11 00:43 22,528 ----a-w C:\WINDOWS\xadbrk.exe
2007-11-11 00:43 22,528 ----a-w C:\WINDOWS\wbeCheck.exe
2007-11-11 00:43 22,016 ----a-w C:\WINDOWS\kvnab$.exe
2007-11-11 00:43 21,760 ----a-w C:\WINDOWS\liqui-Uninstaller.exe
2007-11-11 00:43 20,992 ----a-w C:\WINDOWS\SYSTEM32\vxddsk.exe
2007-11-11 00:43 20,224 ----a-w C:\WINDOWS\liqui.dll
2007-11-11 00:43 18,944 ----a-w C:\WINDOWS\SYSTEM32\msole32.exe
2007-11-11 00:43 17,664 ----a-w C:\WINDOWS\fhfmm.exe
2007-11-11 00:43 17,408 ----a-w C:\WINDOWS\vxddsk.exe
2007-11-11 00:43 17,408 ----a-w C:\WINDOWS\jd2002.dll
2007-11-11 00:43 16,896 ----a-w C:\WINDOWS\pbsysie.dll
2007-11-11 00:43 15,616 ----a-w C:\WINDOWS\spredirect.dll
2007-11-11 00:43 15,360 ----a-w C:\WINDOWS\SYSTEM32\ESHOPEE.exe
2007-11-11 00:43 14,592 ----a-w C:\WINDOWS\kvnab.dll
2007-11-11 00:43 12,288 ----a-w C:\WINDOWS\aconti.exe
2007-11-11 00:43 12,032 ----a-w C:\WINDOWS\adbar.dll
2007-11-11 00:43 11,520 ----a-w C:\WINDOWS\wbeInst$.exe
2007-11-11 00:43 11,264 ----a-w C:\WINDOWS\cbinst$.exe
2007-11-11 00:43 10,752 ----a-w C:\WINDOWS\iexplorr23.dll
2007-11-11 00:43 10,496 ----a-w C:\WINDOWS\xadbrk_.exe
2007-11-11 00:43 10,496 ----a-w C:\WINDOWS\liqad.exe
2007-11-11 00:43 10,240 ----a-w C:\WINDOWS\hcwprn.exe
2007-11-11 00:42 10,240 ----a-w C:\WINDOWS\764.exe
2007-11-10 23:38 --------- d-----w C:\Program Files\AIM6
2007-11-10 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-26 13:38 --------- d-----w C:\Documents and Settings\dad\Application Data\Viewpoint
2007-10-26 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-18 05:10 --------- d-----w C:\Documents and Settings\dad\Application Data\LimeWire
2007-10-10 23:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-10 23:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-10 23:04 --------- d-----w C:\Documents and Settings\dad\Application Data\InterTrust
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-01-04 23:42 91,720 ----a-w C:\Documents and Settings\dad\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
2007-11-04 01:07 21504 --a------ C:\WINDOWS\system32\aivskurq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-24 23:00]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 02:01]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 19:22]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-08-27 11:00]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-21 18:10]
"Lexmark X83 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-18 10:25]
"Lexmark X83 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-14 12:42]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 08:21]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 18:02]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 21:50]
"HostManager"="C:\Program Files\Common Files\AOL\1109124511\ee\AOLSoftware.exe" [2006-09-25 19:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 13:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-22 21:12]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-07-06 20:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
"Woxot"="C:\Program Files\??crosoft.NET\w?nlogon.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-07 06:26:28]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 01:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (GEORGE-dad).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-11-11 00:56:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-beth).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:57:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-caitlyn).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:55:23 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-dad).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:55:03 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-dan).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:56:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-mom).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:57:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-samantha).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:56:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-tgd).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:57:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-tom).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:16:11 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-beth).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:57:00 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-caitlyn).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:56:01 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-dad).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-11-11 00:57:00 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-dan).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-11-11 00:59:00 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-mom).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-11-11 00:56:01 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-samantha).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-11-11 00:55:03 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-tom).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-10 19:57:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-10 19:59:52 - machine was rebooted
.
--- E O F ---