Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

awola issue here my log

Started by fuzzboom , Mar 09 2008 05:23 PM

  • Please log in to reply

#1
fuzzboom
Posted 09 March 2008 - 05:23 PM

fuzzboom

    New Member

  • Member
  • Pip
  • 3 posts
i have a awola issue my system is windows xp home

and ie 6. Awola keeps popping up, spyware website keeps popping and logon keep saying i have a virus.

i have spybot, norton 360 and adware

here is my log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:54:03 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\young lee\Application Data\bmdqu.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC09.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW09.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG09.exe
C:\Documents and Settings\young lee\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wnep.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Microsoft Windows Adapter 5.1.3214] C:\Documents and Settings\young lee\Application Data\bmdqu.exe
O4 - HKCU\..\Run: [Awola] "C:\Documents and Settings\young lee\Application Data\Awola\Awola.exe" /MIN
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\AIM95_c5\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.web...wsaxcontrol.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://wcs00180.egai...g/ie/SecMgr.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://151.161.144.1...sCamControl.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11411 bytes

Edited by fuzzboom, 09 March 2008 - 05:46 PM.

  • 0

Advertisements

#2
kahdah
Posted 09 March 2008 - 06:11 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello fuzzboom

Welcome to G2Go. :)
=====================
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
fuzzboom
Posted 09 March 2008 - 07:59 PM

fuzzboom

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:12 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\young lee\temp\TeamViewer3\TeamViewer.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\AIM95_c5\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.web...wsaxcontrol.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://wcs00180.egai...g/ie/SecMgr.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://151.161.144.1...sCamControl.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11942 bytes



ComboFix 08-03-09.1 - young lee 2008-03-09 21:40:48.2 - NTFSx86
Running from: C:\Documents and Settings\young lee\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\default.htm
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))
.

2008-03-09 21:46 . 2008-03-09 21:46 <DIR> d-------- C:\Program Files\seekmo
2008-03-09 21:46 . 2008-03-09 21:46 32,256 --a------ C:\WINDOWS\salm.exe
2008-03-09 21:46 . 2008-03-09 21:46 22,784 --a------ C:\WINDOWS\180ax.exe
2008-03-09 21:46 . 2008-03-09 21:46 10,496 --a------ C:\WINDOWS\updatetc.exe
2008-03-09 21:46 . 2008-03-09 21:46 10,240 --a------ C:\WINDOWS\saiemod.dll
2008-03-09 20:50 . 2008-03-09 20:50 <DIR> d-------- C:\Program Files\zango
2008-03-09 20:48 . 2008-03-09 20:48 <DIR> d-------- C:\Program Files\180solutions
2008-03-09 20:48 . 2008-03-09 20:48 <DIR> d-------- C:\Program Files\180searchassistant
2008-03-09 20:48 . 2008-03-09 20:48 <DIR> d-------- C:\Program Files\180search assistant
2008-03-09 20:19 . 2008-03-09 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-09 20:15 . 2008-03-09 20:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-09 19:39 . 2008-03-09 19:39 <DIR> d-------- C:\Documents and Settings\young lee\Application Data\TeamViewer
2008-03-09 16:00 . 2008-03-09 16:00 16,896 --a------ C:\WINDOWS\didduid.ini
2008-03-09 12:12 . 2008-03-09 16:03 0 --ahs---- C:\Documents and Settings\young lee\Application Data\0047d39014b925c42d60254faa6df3bd092d61d5c70ba1e2bc.dat
2008-03-09 11:53 . 2008-03-09 11:53 <DIR> d-------- C:\WINDOWS\FLEOK
2008-03-09 11:27 . 2008-03-09 11:27 490,496 --a------ C:\Documents and Settings\young lee\installer.exe
2008-03-09 02:54 . 2008-03-09 02:52 13,824 --a------ C:\Documents and Settings\young lee\Application Data\bmdqu.exe
2008-03-09 02:52 . 2008-03-09 02:52 13,824 --a------ C:\wWXY.exe
2008-03-09 02:46 . 2008-03-09 02:46 <DIR> d-------- C:\Program Files\stc
2008-03-09 02:45 . 2008-03-09 02:45 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-09 02:30 . 2008-03-09 02:30 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-09 02:29 . 2008-03-09 02:29 295,819 --a------ C:\WINDOWS\system32\L8AFF.tmp
2008-03-09 02:29 . 2008-03-09 02:29 229,532 --a------ C:\WINDOWS\system32\L6844.tmp
2008-03-09 02:29 . 2008-03-09 02:29 88,587 --a------ C:\WINDOWS\system32\mgmrwmrv.exe
2008-03-09 02:29 . 2008-03-09 02:29 402 --a------ C:\WINDOWS\system32\LA87A.tmp
2008-03-05 09:16 . 2008-03-05 09:30 <DIR> d-------- C:\Program Files\AIMTunes
2008-03-05 09:10 . 2008-03-05 09:10 <DIR> d-------- C:\Program Files\AOL Search
2008-03-05 09:06 . 2008-03-05 09:16 <DIR> d-------- C:\Program Files\AIM6
2008-02-13 09:22 . 2008-02-13 09:22 <DIR> d-------- C:\Documents and Settings\young lee\Application Data\acccore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-10 00:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-10 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-10 00:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-10 00:19 --------- d-----w C:\Program Files\Lavasoft
2008-03-10 00:18 --------- d-----w C:\Documents and Settings\young lee\Application Data\Lavasoft
2008-03-08 15:49 --------- d-----w C:\Documents and Settings\young lee\Application Data\Intuit
2008-03-05 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-03-05 13:09 --------- d-----w C:\Program Files\Viewpoint
2008-03-05 13:07 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-03 02:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 02:09 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-03-03 01:56 --------- d-----w C:\Program Files\TurboTax
2008-02-28 02:25 --------- d-----w C:\Program Files\AIM+
2008-02-24 18:12 --------- d-----w C:\Program Files\AOD
2008-02-24 18:12 --------- d-----w C:\Program Files\AIM95
2008-02-24 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-06 01:56 --------- d-----w C:\Documents and Settings\young lee\Application Data\Creative
2008-02-06 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-02-06 01:08 --------- d-----w C:\Program Files\Creative
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-14 15:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-09_21.18.26.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 07:56:42 220,160 -c--a-w C:\WINDOWS\system32\dllcache\mscandui.dll
+ 2004-08-04 07:56:45 34,816 -c--a-w C:\WINDOWS\system32\dllcache\sniffpol.dll
+ 2004-08-04 07:56:45 130,048 -c--a-w C:\WINDOWS\system32\dllcache\softkbd.dll
+ 2004-08-04 07:56:29 62,976 -c--a-w C:\WINDOWS\system32\dllcache\spgrmr.dll
+ 2004-08-04 07:56:45 33,280 -c--a-w C:\WINDOWS\system32\dllcache\sstub.dll
+ 2004-08-04 07:56:46 279,040 -c--a-w C:\WINDOWS\system32\dllcache\tshoot.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2008-01-03 12:27 111968 --a------ C:\Program Files\AOL Search\AOLSearch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39 147456]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 15:30 86016]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 11:55 32768]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 15:16 5058560]
"nwiz"="nwiz.exe" [2003-10-06 15:16 741376 C:\WINDOWS\system32\nwiz.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 10:43 188416]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 21:54 116072]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 03:56 158208]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 11:43 5146448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 09:52 218232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-03-21 15:00 78848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-04-10 17:44 679936 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-04-11 15:25 212992 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 11:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"EPSONStatusAgent2"=2 (0x2)
"iPod Service"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM95\\AIM95_c5\\aim.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 21:46:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
Completion time: 2008-03-09 21:49:25
ComboFix-quarantined-files.txt 2008-03-10 01:48:42
ComboFix2.txt 2008-03-10 01:20:21
.
2008-03-04 08:09:03 --- E O F ---
  • 0

#4
kahdah
Posted 10 March 2008 - 02:03 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\salm.exe
C:\WINDOWS\180ax.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\didduid.ini
C:\Documents and Settings\young lee\Application Data\0047d39014b925c42d60254faa6df3bd092d61d5c70ba1e2bc.dat
C:\Documents and Settings\young lee\installer.exe
C:\Documents and Settings\young lee\Application Data\bmdqu.exe
C:\wWXY.exe
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\L8AFF.tmp
C:\WINDOWS\system32\L6844.tmp
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\LA87A.tmp
Folder::
C:\Program Files\seekmo
C:\Program Files\zango
C:\Program Files\180solutions
C:\Program Files\180searchassistant
C:\Program Files\180search assistant
C:\WINDOWS\FLEOK
C:\Program Files\stc
C:\Program Files\Sysmnt
C:\Program Files\Viewpoint
C:\Documents and Settings\young lee\Application Data\Awola
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001
Driver::
Viewpoint Manager Service


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt
===============================================================================
Then::

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#5
fuzzboom
Posted 10 March 2008 - 07:56 PM

fuzzboom

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
ComboFix 08-03-09.1 - young lee 2008-03-10 21:22:59.3 - NTFSx86
Running from: C:\Documents and Settings\young lee\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\young lee\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\young lee\Application Data\0047d39014b925c42d60254faa6df3bd092d61d5c70ba1e2bc.dat
C:\Documents and Settings\young lee\Application Data\bmdqu.exe
C:\Documents and Settings\young lee\installer.exe
C:\WINDOWS\180ax.exe
C:\WINDOWS\didduid.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\system32\L6844.tmp
C:\WINDOWS\system32\L8AFF.tmp
C:\WINDOWS\system32\LA87A.tmp
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\updatetc.exe
C:\wWXY.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\young lee\Application Data\0047d39014b925c42d60254faa6df3bd092d61d5c70ba1e2bc.dat
C:\Documents and Settings\young lee\Application Data\bmdqu.exe
C:\Documents and Settings\young lee\installer.exe
C:\Program Files\180search assistant
C:\Program Files\180search assistant\180sa.exe
C:\Program Files\180search assistant\sau.exe
C:\Program Files\180searchassistant
C:\Program Files\180searchassistant\saap.exe
C:\Program Files\180searchassistant\sac.exe
C:\Program Files\180solutions
C:\Program Files\180solutions\sais.exe
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\Program Files\stc
C:\Program Files\stc\csv5p070.exe
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Common\VistaBoot.sdll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream__.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305001C.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AtmoHWConfig.txt
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\atmosphere.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AvatarsDefault.prf
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\BlueStreak.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\BookmarksDefault.prf
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\DefaultAvatarIcon.jpg
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\DefaultWorldIcon.jpg
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\ExtremeShot.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\InternetChatHelp.url
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts2Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VETsdk.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\AtmoHWConfig.txt
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\AvatarsDefault.prf
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\BookmarksDefault.prf
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\DefaultAvatarIcon.jpg
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\DefaultWorldIcon.jpg
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\InternetChatHelp.url
C:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\AtmoHWConfig.txt
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\AvatarsDefault.prf
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\BookmarksDefault.prf
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\DefaultAvatarIcon.jpg
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\DefaultWorldIcon.jpg
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\InternetChatHelp.url
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
C:\Program Files\zango
C:\Program Files\zango\zango.exe
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\FLEOK
C:\WINDOWS\FLEOK\180ax.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\L6844.tmp
C:\WINDOWS\system32\L8AFF.tmp
C:\WINDOWS\system32\LA87A.tmp
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll
C:\wWXY.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_VIEWPOINT_MANAGER_SERVICE
-------\Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))
.

2008-03-10 21:31 . 2008-03-10 21:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-10 21:31 . 2008-03-10 21:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 22:26 . 2008-03-09 22:26 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-03-09 22:26 . 2008-03-09 22:26 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-03-09 22:22 . 2008-03-09 22:22 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-09 22:17 . 2008-03-09 22:17 <DIR> d-------- C:\Documents and Settings\young lee\Application Data\SiteAdvisor
2008-03-09 22:17 . 2008-03-10 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-09 22:17 . 2008-03-09 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-09 21:58 . 2008-03-09 21:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-09 20:19 . 2008-03-09 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-09 20:15 . 2008-03-09 20:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-09 19:39 . 2008-03-09 19:39 <DIR> d-------- C:\Documents and Settings\young lee\Application Data\TeamViewer
2008-03-05 09:16 . 2008-03-05 09:30 <DIR> d-------- C:\Program Files\AIMTunes
2008-03-05 09:10 . 2008-03-05 09:10 <DIR> d-------- C:\Program Files\AOL Search
2008-03-05 09:06 . 2008-03-05 09:16 <DIR> d-------- C:\Program Files\AIM6
2008-02-13 09:22 . 2008-02-13 09:22 <DIR> d-------- C:\Documents and Settings\young lee\Application Data\acccore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-11 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-10 02:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-10 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-10 00:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-10 00:19 --------- d-----w C:\Program Files\Lavasoft
2008-03-10 00:18 --------- d-----w C:\Documents and Settings\young lee\Application Data\Lavasoft
2008-03-08 15:49 --------- d-----w C:\Documents and Settings\young lee\Application Data\Intuit
2008-03-05 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-03-05 13:07 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-03 02:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 02:09 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-03-03 01:56 --------- d-----w C:\Program Files\TurboTax
2008-02-28 02:25 --------- d-----w C:\Program Files\AIM+
2008-02-24 18:12 --------- d-----w C:\Program Files\AOD
2008-02-24 18:12 --------- d-----w C:\Program Files\AIM95
2008-02-24 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-06 01:56 --------- d-----w C:\Documents and Settings\young lee\Application Data\Creative
2008-02-06 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-02-06 01:08 --------- d-----w C:\Program Files\Creative
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-14 15:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-09_21.18.26.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2004-08-04 07:56:41 20,540 -c--a-w C:\WINDOWS\system32\dllcache\admin.dll
+ 2004-08-04 07:56:41 61,440 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2004-08-04 07:56:41 175,616 -c--a-w C:\WINDOWS\system32\dllcache\adsldp.dll
+ 2004-08-04 07:56:41 68,096 -c--a-w C:\WINDOWS\system32\dllcache\adsmsext.dll
+ 2004-08-04 07:56:41 263,680 -c--a-w C:\WINDOWS\system32\dllcache\adsnt.dll
+ 2004-08-04 07:56:41 4,255 -c--a-w C:\WINDOWS\system32\dllcache\adv01nt5.dll
+ 2004-08-04 07:56:41 3,967 -c--a-w C:\WINDOWS\system32\dllcache\adv02nt5.dll
+ 2004-08-04 07:56:41 3,615 -c--a-w C:\WINDOWS\system32\dllcache\adv05nt5.dll
+ 2004-08-04 07:56:41 3,647 -c--a-w C:\WINDOWS\system32\dllcache\adv07nt5.dll
+ 2004-08-04 07:56:41 3,135 -c--a-w C:\WINDOWS\system32\dllcache\adv08nt5.dll
+ 2004-08-04 07:56:41 3,711 -c--a-w C:\WINDOWS\system32\dllcache\adv09nt5.dll
+ 2004-08-04 07:56:41 3,775 -c--a-w C:\WINDOWS\system32\dllcache\adv11nt5.dll
+ 2004-08-04 07:56:41 24,064 -c--a-w C:\WINDOWS\system32\dllcache\agentanm.dll
+ 2004-08-04 07:56:41 214,016 -c--a-w C:\WINDOWS\system32\dllcache\agentctl.dll
+ 2004-08-04 07:56:41 44,032 -c--a-w C:\WINDOWS\system32\dllcache\agentsr.dll
+ 2004-08-04 07:56:41 24,064 -c--a-w C:\WINDOWS\system32\dllcache\agtintl.dll
+ 2004-08-04 07:56:41 229,376 -c--a-w C:\WINDOWS\system32\dllcache\ati2cqag.dll
+ 2004-08-04 07:56:41 377,984 -c--a-w C:\WINDOWS\system32\dllcache\ati2dvaa.dll
+ 2004-08-04 07:56:41 201,728 -c--a-w C:\WINDOWS\system32\dllcache\ati2dvag.dll
+ 2004-08-04 07:56:41 870,784 -c--a-w C:\WINDOWS\system32\dllcache\ati3d1ag.dll
+ 2004-08-04 07:56:41 1,888,992 -c--a-w C:\WINDOWS\system32\dllcache\ati3duag.dll
+ 2004-08-04 07:56:41 516,768 -c--a-w C:\WINDOWS\system32\dllcache\ativvaxx.dll
+ 2004-08-04 07:56:41 30,208 -c--a-w C:\WINDOWS\system32\dllcache\atmlib.dll
+ 2004-08-04 07:56:41 21,183 -c--a-w C:\WINDOWS\system32\dllcache\atv01nt5.dll
+ 2004-08-04 07:56:41 11,359 -c--a-w C:\WINDOWS\system32\dllcache\atv02nt5.dll
+ 2004-08-04 07:56:41 25,471 -c--a-w C:\WINDOWS\system32\dllcache\atv04nt5.dll
+ 2004-08-04 07:56:41 14,143 -c--a-w C:\WINDOWS\system32\dllcache\atv06nt5.dll
+ 2004-08-04 07:56:41 17,279 -c--a-w C:\WINDOWS\system32\dllcache\atv10nt5.dll
+ 2004-08-04 07:56:41 20,540 -c--a-w C:\WINDOWS\system32\dllcache\author.dll
+ 2004-08-04 07:56:41 17,408 -c--a-w C:\WINDOWS\system32\dllcache\bidispl.dll
+ 2004-08-04 07:56:41 78,336 -c--a-w C:\WINDOWS\system32\dllcache\browsewm.dll
+ 2004-08-04 07:56:41 20,992 -c--a-w C:\WINDOWS\system32\dllcache\bthci.dll
+ 2004-08-04 07:56:41 30,208 -c--a-w C:\WINDOWS\system32\dllcache\bthserv.dll
+ 2004-08-04 07:56:41 50,688 -c--a-w C:\WINDOWS\system32\dllcache\btpanui.dll
+ 2004-08-04 07:56:41 385,024 -c--a-w C:\WINDOWS\system32\dllcache\callcont.dll
+ 2004-08-04 07:56:41 50,688 -c--a-w C:\WINDOWS\system32\dllcache\camocx.dll
+ 2004-08-04 07:56:41 85,504 -c--a-w C:\WINDOWS\system32\dllcache\catsrvps.dll
+ 2004-08-04 07:56:41 457,728 -c--a-w C:\WINDOWS\system32\dllcache\certmgr.dll
+ 2004-08-04 07:56:41 15,423 -c--a-w C:\WINDOWS\system32\dllcache\ch7xxnt5.dll
+ 2004-08-04 07:56:41 343,040 -c--a-w C:\WINDOWS\system32\dllcache\cmdial32.dll
+ 2004-08-04 07:56:41 185,344 -c--a-w C:\WINDOWS\system32\dllcache\cmprops.dll
+ 2004-08-04 07:56:41 39,936 -c--a-w C:\WINDOWS\system32\dllcache\cmutil.dll
+ 2004-08-04 07:56:48 9,728 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.exe
+ 2004-08-04 07:56:41 45,056 -c--a-w C:\WINDOWS\system32\dllcache\confmrsl.dll
+ 2004-08-04 07:56:42 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2004-08-04 07:56:42 40,960 -c--a-w C:\WINDOWS\system32\dllcache\dcap32.dll
+ 2004-08-04 07:56:42 159,232 -c--a-w C:\WINDOWS\system32\dllcache\dinput.dll
+ 2004-08-04 07:56:42 181,760 -c--a-w C:\WINDOWS\system32\dllcache\dinput8.dll
+ 2004-08-04 07:56:42 28,672 -c--a-w C:\WINDOWS\system32\dllcache\dmband.dll
+ 2004-08-04 07:56:42 61,440 -c--a-w C:\WINDOWS\system32\dllcache\dmcompos.dll
+ 2004-08-04 07:56:42 200,704 -c--a-w C:\WINDOWS\system32\dllcache\dmdskmgr.dll
+ 2004-08-04 07:56:42 181,248 -c--a-w C:\WINDOWS\system32\dllcache\dmime.dll
+ 2004-08-04 07:56:42 82,432 -c--a-w C:\WINDOWS\system32\dllcache\dmscript.dll
+ 2004-08-04 07:56:42 52,224 -c--a-w C:\WINDOWS\system32\dllcache\dmutil.dll
+ 2004-08-04 07:56:42 229,888 -c--a-w C:\WINDOWS\system32\dllcache\dplayx.dll
+ 2004-08-04 07:56:42 375,296 -c--a-w C:\WINDOWS\system32\dllcache\dpnet.dll
+ 2004-08-04 07:56:42 21,504 -c--a-w C:\WINDOWS\system32\dllcache\dpvacm.dll
+ 2004-08-04 07:56:42 212,480 -c--a-w C:\WINDOWS\system32\dllcache\dpvoice.dll
+ 2004-08-04 07:56:42 116,736 -c--a-w C:\WINDOWS\system32\dllcache\dpvvox.dll
+ 2004-08-04 07:56:42 16,384 -c--a-w C:\WINDOWS\system32\dllcache\ds32gt.dll
+ 2004-08-04 07:56:42 1,294,336 -c--a-w C:\WINDOWS\system32\dllcache\dsound3d.dll
+ 2004-08-04 07:56:42 142,336 -c--a-w C:\WINDOWS\system32\dllcache\dsprop.dll
+ 2004-08-04 07:56:42 51,200 -c--a-w C:\WINDOWS\system32\dllcache\dssec.dll
+ 2004-08-04 07:56:42 113,152 -c--a-w C:\WINDOWS\system32\dllcache\dsuiext.dll
+ 2004-08-04 07:56:42 619,008 -c--a-w C:\WINDOWS\system32\dllcache\dx7vb.dll
+ 2004-08-04 07:56:42 1,227,264 -c--a-w C:\WINDOWS\system32\dllcache\dx8vb.dll
+ 2004-08-04 07:56:42 2,113,536 -c--a-w C:\WINDOWS\system32\dllcache\dxdiagn.dll
+ 2004-08-04 07:56:42 20,480 -c--a-w C:\WINDOWS\system32\dllcache\encapi.dll
+ 2004-08-04 07:56:42 186,368 -c--a-w C:\WINDOWS\system32\dllcache\encdec.dll
+ 2004-08-04 07:56:42 22,016 -c--a-w C:\WINDOWS\system32\dllcache\evntrprv.dll
+ 2004-08-04 07:56:42 337,920 -c--a-w C:\WINDOWS\system32\dllcache\filemgmt.dll
+ 2004-08-04 07:56:42 184,435 -c--a-w C:\WINDOWS\system32\dllcache\fp4amsft.dll
+ 2004-08-04 07:56:42 82,035 -c--a-w C:\WINDOWS\system32\dllcache\fp4anscp.dll
+ 2004-08-04 07:56:42 147,513 -c--a-w C:\WINDOWS\system32\dllcache\fp4apws.dll
+ 2004-08-04 07:56:42 49,210 -c--a-w C:\WINDOWS\system32\dllcache\fp4areg.dll
+ 2004-08-04 07:56:42 102,509 -c--a-w C:\WINDOWS\system32\dllcache\fp4atxt.dll
+ 2004-08-04 07:56:42 618,605 -c--a-w C:\WINDOWS\system32\dllcache\fp4autl.dll
+ 2004-08-04 07:56:42 41,020 -c--a-w C:\WINDOWS\system32\dllcache\fp4avnb.dll
+ 2004-08-04 07:56:42 32,826 -c--a-w C:\WINDOWS\system32\dllcache\fp4avss.dll
+ 2004-08-04 07:56:42 49,212 -c--a-w C:\WINDOWS\system32\dllcache\fp4awebs.dll
+ 2004-08-04 07:56:42 876,653 -c--a-w C:\WINDOWS\system32\dllcache\fp4awel.dll
+ 2004-08-04 07:56:49 15,120 -c--a-w C:\WINDOWS\system32\dllcache\fp98sadm.exe
+ 2004-08-04 07:56:49 109,840 -c--a-w C:\WINDOWS\system32\dllcache\fp98swin.exe
+ 2004-08-04 07:56:42 94,208 -c--a-w C:\WINDOWS\system32\dllcache\fpencode.dll
+ 2004-08-04 07:56:42 20,541 -c--a-w C:\WINDOWS\system32\dllcache\fpexedll.dll
+ 2004-08-04 07:56:42 598,071 -c--a-w C:\WINDOWS\system32\dllcache\fpmmc.dll
+ 2004-08-04 07:56:06 208,896 -c--a-w C:\WINDOWS\system32\dllcache\fpmmcsat.dll
+ 2004-08-04 07:56:07 9,728 -c--a-w C:\WINDOWS\system32\dllcache\gpkrsrc.dll
+ 2004-08-04 07:56:42 123,904 -c--a-w C:\WINDOWS\system32\dllcache\guitrn.dll
+ 2004-08-04 07:56:42 108,544 -c--a-w C:\WINDOWS\system32\dllcache\guitrn_a.dll
+ 2004-08-04 07:56:42 57,344 -c--a-w C:\WINDOWS\system32\dllcache\h323cc.dll
+ 2004-08-04 07:56:42 614,912 -c--a-w C:\WINDOWS\system32\dllcache\h323msp.dll
+ 2004-08-04 07:56:42 7,168 -c--a-w C:\WINDOWS\system32\dllcache\hccoin.dll
+ 2004-08-04 07:56:50 18,944 -c--a-w C:\WINDOWS\system32\dllcache\hscupd.exe
+ 2004-08-04 07:56:42 119,808 -c--a-w C:\WINDOWS\system32\dllcache\iasrad.dll
+ 2004-08-04 07:56:42 73,728 -c--a-w C:\WINDOWS\system32\dllcache\icwdial.dll
+ 2004-08-04 07:56:42 120,832 -c--a-w C:\WINDOWS\system32\dllcache\idq.dll
+ 2004-08-04 07:56:42 216,576 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2004-08-04 07:56:42 62,976 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2004-08-04 07:56:42 81,920 -c--a-w C:\WINDOWS\system32\dllcache\ils.dll
+ 2004-08-04 07:56:42 274,432 -c--a-w C:\WINDOWS\system32\dllcache\inetcfg.dll
+ 2004-08-04 07:56:42 349,696 -c--a-w C:\WINDOWS\system32\dllcache\ipsecsnp.dll
+ 2004-08-04 07:56:42 384,000 -c--a-w C:\WINDOWS\system32\dllcache\ipsmsnap.dll
+ 2004-08-04 07:56:42 81,920 -c--a-w C:\WINDOWS\system32\dllcache\isign32.dll
+ 2004-08-04 07:56:42 54,272 -c--a-w C:\WINDOWS\system32\dllcache\ixsso.dll
+ 2004-08-04 07:56:10 7,168 -c--a-w C:\WINDOWS\system32\dllcache\kbdfi1.dll
+ 2004-08-04 07:56:10 7,168 -c--a-w C:\WINDOWS\system32\dllcache\kbdno1.dll
+ 2004-08-04 07:56:10 7,168 -c--a-w C:\WINDOWS\system32\dllcache\kbdukx.dll
+ 2004-08-04 05:59:23 7,424 -c--a-w C:\WINDOWS\system32\dllcache\kd1394.dll
+ 2002-08-29 04:23:06 42,537 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.sys
+ 2004-08-04 07:56:42 24,576 -c--a-w C:\WINDOWS\system32\dllcache\krnlprov.dll
+ 2004-08-04 07:56:42 221,696 -c--a-w C:\WINDOWS\system32\dllcache\localsec.dll
+ 2004-08-04 07:56:42 11,776 -c--a-w C:\WINDOWS\system32\dllcache\localui.dll
+ 2004-08-04 07:56:42 19,968 -c--a-w C:\WINDOWS\system32\dllcache\log.dll
+ 2004-08-04 07:56:42 22,016 -c--a-w C:\WINDOWS\system32\dllcache\lpk.dll
+ 2004-08-04 07:56:42 10,240 -c--a-w C:\WINDOWS\system32\dllcache\lprhelp.dll
+ 2004-08-04 07:56:42 84,480 -c--a-w C:\WINDOWS\system32\dllcache\mciavi32.dll
+ 2004-08-04 07:56:42 118,272 -c--a-w C:\WINDOWS\system32\dllcache\mdminst.dll
+ 2001-08-18 12:00:00 147,968 -c--a-w C:\WINDOWS\system32\dllcache\mdwmdmsp.dll
+ 2004-08-04 07:56:42 14,848 -c--a-w C:\WINDOWS\system32\dllcache\mgmtapi.dll
+ 2004-08-04 07:56:42 201,216 -c--a-w C:\WINDOWS\system32\dllcache\migism.dll
+ 2004-08-04 07:56:42 192,512 -c--a-w C:\WINDOWS\system32\dllcache\migism_a.dll
+ 2004-08-04 07:56:42 60,928 -c--a-w C:\WINDOWS\system32\dllcache\miglibnt.dll
+ 2004-08-04 07:56:50 103,424 -c--a-w C:\WINDOWS\system32\dllcache\migload.exe
+ 2004-08-04 07:56:51 236,032 -c--a-w C:\WINDOWS\system32\dllcache\migwiz_a.exe
+ 2004-08-04 07:56:42 17,408 -c--a-w C:\WINDOWS\system32\dllcache\mmfutil.dll
+ 2004-08-04 07:56:42 34,560 -c--a-w C:\WINDOWS\system32\dllcache\mnmdd.dll
+ 2004-08-04 07:56:42 207,360 -c--a-w C:\WINDOWS\system32\dllcache\mobsync.dll
+ 2004-08-04 07:56:42 61,440 -c--a-w C:\WINDOWS\system32\dllcache\msadcf.dll
+ 2004-08-04 07:56:12 16,384 -c--a-w C:\WINDOWS\system32\dllcache\msadcfr.dll
+ 2004-08-04 07:56:42 53,248 -c--a-w C:\WINDOWS\system32\dllcache\msadcs.dll
+ 2004-08-04 07:56:42 155,648 -c--a-w C:\WINDOWS\system32\dllcache\msadds.dll
+ 2004-08-04 07:56:12 24,576 -c--a-w C:\WINDOWS\system32\dllcache\msaddsr.dll
+ 2004-08-04 07:56:12 24,576 -c--a-w C:\WINDOWS\system32\dllcache\msader15.dll
+ 2004-08-04 07:56:42 57,344 -c--a-w C:\WINDOWS\system32\dllcache\msador15.dll
+ 2004-08-04 07:56:12 3,584 -c--a-w C:\WINDOWS\system32\dllcache\msafd.dll
+ 2004-08-04 07:56:42 220,160 -c--a-w C:\WINDOWS\system32\dllcache\mscandui.dll
+ 2004-08-04 07:56:42 69,632 -c--a-w C:\WINDOWS\system32\dllcache\msconf.dll
+ 2004-08-04 07:56:42 69,120 -c--a-w C:\WINDOWS\system32\dllcache\msctfp.dll
+ 2004-08-04 07:56:42 4,096 -c--a-w C:\WINDOWS\system32\dllcache\msdadc.dll
+ 2004-08-04 07:56:42 118,784 -c--a-w C:\WINDOWS\system32\dllcache\msdadiag.dll
+ 2004-08-04 07:56:42 4,096 -c--a-w C:\WINDOWS\system32\dllcache\msdaenum.dll
+ 2004-08-04 07:56:42 4,096 -c--a-w C:\WINDOWS\system32\dllcache\msdaer.dll
+ 2004-08-04 07:56:43 233,472 -c--a-w C:\WINDOWS\system32\dllcache\msdaora.dll
+ 2004-08-04 07:56:13 16,384 -c--a-w C:\WINDOWS\system32\dllcache\msdaorar.dll
+ 2004-08-04 07:56:43 77,824 -c--a-w C:\WINDOWS\system32\dllcache\msdaosp.dll
+ 2004-08-04 07:56:13 16,384 -c--a-w C:\WINDOWS\system32\dllcache\msdaprsr.dll
+ 2004-08-04 07:56:43 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msdaprst.dll
+ 2004-08-04 07:56:43 204,800 -c--a-w C:\WINDOWS\system32\dllcache\msdaps.dll
+ 2004-08-04 07:56:43 118,784 -c--a-w C:\WINDOWS\system32\dllcache\msdarem.dll
+ 2004-08-04 07:56:13 16,384 -c--a-w C:\WINDOWS\system32\dllcache\msdaremr.dll
+ 2004-08-04 07:56:43 4,096 -c--a-w C:\WINDOWS\system32\dllcache\msdasc.dll
+ 2004-08-04 07:56:43 315,392 -c--a-w C:\WINDOWS\system32\dllcache\msdasql.dll
+ 2004-08-04 07:56:13 16,384 -c--a-w C:\WINDOWS\system32\dllcache\msdasqlr.dll
+ 2004-08-04 07:56:43 94,208 -c--a-w C:\WINDOWS\system32\dllcache\msdatl3.dll
+ 2004-08-04 07:56:43 20,480 -c--a-w C:\WINDOWS\system32\dllcache\msdatt.dll
+ 2004-08-04 07:56:43 4,096 -c--a-w C:\WINDOWS\system32\dllcache\msdaurl.dll
+ 2004-08-04 07:56:43 36,864 -c--a-w C:\WINDOWS\system32\dllcache\msdfmap.dll
+ 2004-08-04 07:56:43 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2004-08-04 07:56:43 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2004-08-04 07:56:43 3,166,208 -c--a-w C:\WINDOWS\system32\dllcache\msgr3en.dll
+ 2004-08-04 07:56:43 25,088 -c--a-w C:\WINDOWS\system32\dllcache\mslbui.dll
+ 2004-08-04 07:56:43 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2004-08-04 07:56:43 39,936 -c--a-w C:\WINDOWS\system32\dllcache\mslwvtts.dll
+ 2004-08-04 07:56:43 122,368 -c--a-w C:\WINDOWS\system32\dllcache\msobcomm.dll
+ 2004-08-04 07:56:43 16,384 -c--a-w C:\WINDOWS\system32\dllcache\msobdl.dll
+ 2004-08-04 07:56:43 30,720 -c--a-w C:\WINDOWS\system32\dllcache\msobshel.dll
+ 2004-08-04 07:56:43 18,944 -c--a-w C:\WINDOWS\system32\dllcache\msobweb.dll
+ 2004-08-04 07:56:18 2,479,616 -c--a-w C:\WINDOWS\system32\dllcache\msoeres.dll
+ 2004-08-04 07:56:43 143,360 -c--a-w C:\WINDOWS\system32\dllcache\msorcl32.dll
+ 2004-08-04 07:56:43 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2004-08-04 07:56:43 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2004-08-04 07:56:43 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2004-08-04 07:56:43 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2004-08-04 07:56:43 134,656 -c--a-w C:\WINDOWS\system32\dllcache\mssap.dll
+ 2004-08-04 07:56:43 274,432 -c--a-w C:\WINDOWS\system32\dllcache\mst120.dll
+ 2004-08-04 07:56:43 57,344 -c--a-w C:\WINDOWS\system32\dllcache\mst123.dll
+ 2004-08-04 07:56:43 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2004-08-04 05:59:43 655,360 -c--a-w C:\WINDOWS\system32\dllcache\mstscax.dll
+ 2004-08-04 07:56:43 195,072 -c--a-w C:\WINDOWS\system32\dllcache\msutb.dll
+ 2004-08-04 07:56:43 72,704 -c--a-w C:\WINDOWS\system32\dllcache\msw3prt.dll
+ 2004-08-04 07:56:44 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2004-08-04 07:56:44 204,288 -c--a-w C:\WINDOWS\system32\dllcache\mswebdvd.dll
+ 2004-08-04 07:56:44 24,576 -c--a-w C:\WINDOWS\system32\dllcache\msxactps.dll
+ 2004-08-04 07:56:44 701,440 -c--a-w C:\WINDOWS\system32\dllcache\msxml2.dll
+ 2004-08-04 07:56:44 1,737,856 -c--a-w C:\WINDOWS\system32\dllcache\mtxparhd.dll
+ 2004-08-04 07:56:44 221,184 -c--a-w C:\WINDOWS\system32\dllcache\nac.dll
+ 2004-08-04 07:56:44 57,344 -c--a-w C:\WINDOWS\system32\dllcache\ndisnpp.dll
+ 2004-08-04 07:56:44 875,008 -c--a-w C:\WINDOWS\system32\dllcache\netplwiz.dll
+ 2004-08-04 07:56:44 229,376 -c--a-w C:\WINDOWS\system32\dllcache\nmas.dll
+ 2004-08-04 07:56:44 28,672 -c--a-w C:\WINDOWS\system32\dllcache\nmasnt.dll
+ 2004-08-04 07:56:44 81,920 -c--a-w C:\WINDOWS\system32\dllcache\nmchat.dll
+ 2004-08-04 07:56:44 77,824 -c--a-w C:\WINDOWS\system32\dllcache\nmcom.dll
+ 2004-08-04 07:56:44 151,552 -c--a-w C:\WINDOWS\system32\dllcache\nmft.dll
+ 2004-08-04 07:56:44 172,032 -c--a-w C:\WINDOWS\system32\dllcache\nmoldwb.dll
+ 2004-08-04 07:56:54 15,360 -c--a-w C:\WINDOWS\system32\dllcache\nppagent.exe
+ 2004-08-04 05:45:08 33,840 -c--a-w C:\WINDOWS\system32\dllcache\ntio.sys
+ 2004-08-04 05:45:14 34,560 -c--a-w C:\WINDOWS\system32\dllcache\ntio404.sys
+ 2004-08-04 05:45:10 35,648 -c--a-w C:\WINDOWS\system32\dllcache\ntio411.sys
+ 2004-08-04 05:45:15 35,424 -c--a-w C:\WINDOWS\system32\dllcache\ntio412.sys
+ 2004-08-04 05:45:12 34,560 -c--a-w C:\WINDOWS\system32\dllcache\ntio804.sys
+ 2004-08-04 07:56:44 179,712 -c--a-w C:\WINDOWS\system32\dllcache\ntmsdba.dll
+ 2004-08-04 07:56:44 488,448 -c--a-w C:\WINDOWS\system32\dllcache\ntmsmgr.dll
+ 2004-08-04 07:56:44 285,696 -c--a-w C:\WINDOWS\system32\dllcache\objsel.dll
+ 2004-08-04 07:56:22 405,504 -c--a-w C:\WINDOWS\system32\dllcache\obrb041b.dll
+ 2004-08-04 07:56:22 408,576 -c--a-w C:\WINDOWS\system32\dllcache\obrb0424.dll
+ 2004-08-04 07:56:44 135,168 -c--a-w C:\WINDOWS\system32\dllcache\odbcconf.dll
+ 2004-08-04 07:56:44 278,559 -c--a-w C:\WINDOWS\system32\dllcache\odbcjt32.dll
+ 2004-08-04 07:56:44 147,456 -c--a-w C:\WINDOWS\system32\dllcache\odbctrac.dll
+ 2004-08-04 07:56:44 20,510 -c--a-w C:\WINDOWS\system32\dllcache\odexl32.dll
+ 2004-08-04 07:56:44 20,510 -c--a-w C:\WINDOWS\system32\dllcache\odfox32.dll
+ 2004-08-04 07:56:44 20,510 -c--a-w C:\WINDOWS\system32\dllcache\odpdx32.dll
+ 2004-08-04 07:56:44 104,448 -c--a-w C:\WINDOWS\system32\dllcache\oeimport.dll
+ 2004-08-04 07:56:54 60,416 -c--a-w C:\WINDOWS\system32\dllcache\oemig50.exe
+ 2004-08-04 07:56:44 35,328 -c--a-w C:\WINDOWS\system32\dllcache\oemiglib.dll
+ 2004-08-04 07:56:44 120,832 -c--a-w C:\WINDOWS\system32\dllcache\offfilt.dll
+ 2004-08-04 07:56:54 51,200 -c--a-w C:\WINDOWS\system32\dllcache\oobebaln.exe
+ 2004-08-04 07:56:44 713,728 -c--a-w C:\WINDOWS\system32\dllcache\opengl32.dll
+ 2004-08-04 07:56:44 312,320 -c--a-w C:\WINDOWS\system32\dllcache\p2pgraph.dll
+ 2004-08-04 07:56:44 88,064 -c--a-w C:\WINDOWS\system32\dllcache\p2pnetsh.dll
+ 2004-08-04 07:56:44 526,848 -c--a-w C:\WINDOWS\system32\dllcache\p2psvc.dll
+ 2001-08-18 12:00:00 157,696 -c--a-w C:\WINDOWS\system32\dllcache\paqsp.dll
+ 2004-08-04 07:56:44 62,976 -c--a-w C:\WINDOWS\system32\dllcache\pautoenr.dll
+ 2004-08-04 07:56:44 176,128 -c--a-w C:\WINDOWS\system32\dllcache\photowiz.dll
+ 2004-08-04 07:56:44 35,328 -c--a-w C:\WINDOWS\system32\dllcache\pid.dll
+ 2004-08-04 07:56:44 237,056 -c--a-w C:\WINDOWS\system32\dllcache\provthrd.dll
+ 2004-08-04 07:56:44 279,040 -c--a-w C:\WINDOWS\system32\dllcache\qdv.dll
+ 2004-08-04 07:56:24 733,696 -c--a-w C:\WINDOWS\system32\dllcache\qedwipes.dll
+ 2004-08-04 07:56:44 16,896 -c--a-w C:\WINDOWS\system32\dllcache\rassapi.dll
+ 2004-08-04 07:56:44 147,968 -c--a-w C:\WINDOWS\system32\dllcache\rdchost.dll
+ 2004-08-04 07:56:44 19,968 -c--a-w C:\WINDOWS\system32\dllcache\rdpsnd.dll
+ 2004-08-04 08:01:08 87,176 -c--a-w C:\WINDOWS\system32\dllcache\rdpwsx.dll
+ 2004-08-04 07:56:44 59,904 -c--a-w C:\WINDOWS\system32\dllcache\regsvc.dll
+ 2004-08-04 07:56:44 397,824 -c--a-w C:\WINDOWS\system32\dllcache\regwizc.dll
+ 2004-08-04 07:56:44 61,440 -c--a-w C:\WINDOWS\system32\dllcache\rrcm.dll
+ 2004-08-04 07:56:44 18,944 -c--a-w C:\WINDOWS\system32\dllcache\rsmps.dll
+ 2004-08-04 07:56:44 397,056 -c--a-w C:\WINDOWS\system32\dllcache\s3gnb.dll
+ 2004-08-04 07:56:44 29,696 -c--a-w C:\WINDOWS\system32\dllcache\safrdm.dll
+ 2004-08-04 07:56:44 45,568 -c--a-w C:\WINDOWS\system32\dllcache\safrslv.dll
+ 2004-08-04 07:56:44 270,848 -c--a-w C:\WINDOWS\system32\dllcache\sbe.dll
+ 2004-08-04 07:56:44 159,232 -c--a-w C:\WINDOWS\system32\dllcache\sbeio.dll
+ 2004-08-04 07:56:55 36,864 -c--a-w C:\WINDOWS\system32\dllcache\scrcons.exe
+ 2004-08-04 07:56:44 202,752 -c--a-w C:\WINDOWS\system32\dllcache\script.dll
+ 2004-08-04 07:56:44 188,416 -c--a-w C:\WINDOWS\system32\dllcache\script_a.dll
+ 2004-08-04 07:56:57 9,216 -c--a-w C:\WINDOWS\system32\dllcache\scrnsave.scr
+ 2004-08-04 07:56:45 20,536 -c--a-w C:\WINDOWS\system32\dllcache\shtml.dll
+ 2004-08-04 07:56:45 13,312 -c--a-w C:\WINDOWS\system32\dllcache\sigtab.dll
+ 2004-08-04 07:56:45 3,901 -c--a-w C:\WINDOWS\system32\dllcache\siint5.dll
+ 2004-08-04 07:56:45 73,832 -c--a-w C:\WINDOWS\system32\dllcache\slcoinst.dll
+ 2004-08-04 07:56:45 286,792 -c--a-w C:\WINDOWS\system32\dllcache\slextspk.dll
+ 2004-08-04 07:56:45 188,508 -c--a-w C:\WINDOWS\system32\dllcache\slgen.dll
+ 2004-08-04 07:56:45 363,008 -c--a-w C:\WINDOWS\system32\dllcache\smlogcfg.dll
+ 2004-08-04 07:56:45 34,816 -c--a-w C:\WINDOWS\system32\dllcache\sniffpol.dll
+ 2004-08-04 07:56:45 182,272 -c--a-w C:\WINDOWS\system32\dllcache\snmpsnap.dll
+ 2004-08-04 07:56:45 130,048 -c--a-w C:\WINDOWS\system32\dllcache\softkbd.dll
+ 2004-08-04 07:56:29 62,976 -c--a-w C:\WINDOWS\system32\dllcache\spgrmr.dll
+ 2001-08-18 12:00:00 69,632 -c--a-w C:\WINDOWS\system32\dllcache\spnike.dll
+ 2004-08-04 07:56:29 193,024 -c--a-w C:\WINDOWS\system32\dllcache\spra041b.dll
+ 2004-08-04 07:56:29 192,512 -c--a-w C:\WINDOWS\system32\dllcache\spra0424.dll
+ 2004-08-04 07:56:29 757,248 -c--a-w C:\WINDOWS\system32\dllcache\sprb041b.dll
+ 2004-08-04 07:56:30 732,160 -c--a-w C:\WINDOWS\system32\dllcache\sprb0424.dll
+ 2004-08-04 07:56:45 151,552 -c--a-w C:\WINDOWS\system32\dllcache\sqldb20.dll
+ 2004-08-04 07:56:45 462,848 -c--a-w C:\WINDOWS\system32\dllcache\sqlqp20.dll
+ 2004-08-04 07:56:45 110,592 -c--a-w C:\WINDOWS\system32\dllcache\sqlse20.dll
+ 2004-08-04 07:56:45 180,800 -c--a-w C:\WINDOWS\system32\dllcache\sqlunirl.dll
+ 2004-08-04 07:56:45 217,088 -c--a-w C:\WINDOWS\system32\dllcache\sqlxmlx.dll
+ 2004-08-04 07:56:57 704,512 -c--a-w C:\WINDOWS\system32\dllcache\ss3dfo.scr
+ 2004-08-04 07:56:57 19,968 -c--a-w C:\WINDOWS\system32\dllcache\ssbezier.scr
+ 2004-08-04 07:56:57 20,992 -c--a-w C:\WINDOWS\system32\dllcache\ssmarque.scr
+ 2004-08-04 07:56:57 47,104 -c--a-w C:\WINDOWS\system32\dllcache\ssmypics.scr
+ 2004-08-04 07:56:57 18,944 -c--a-w C:\WINDOWS\system32\dllcache\ssmyst.scr
+ 2004-08-04 07:56:57 610,304 -c--a-w C:\WINDOWS\system32\dllcache\sspipes.scr
+ 2004-08-04 07:56:57 14,336 -c--a-w C:\WINDOWS\system32\dllcache\ssstars.scr
+ 2004-08-04 07:56:57 679,936 -c--a-w C:\WINDOWS\system32\dllcache\sstext3d.scr
+ 2004-08-04 07:56:45 33,280 -c--a-w C:\WINDOWS\system32\dllcache\sstub.dll
+ 2004-08-04 07:56:45 86,528 -c--a-w C:\WINDOWS\system32\dllcache\stdprov.dll
+ 2004-08-04 07:56:45 75,776 -c--a-w C:\WINDOWS\system32\dllcache\strmfilt.dll
+ 2004-08-04 07:56:46 191,488 -c--a-w C:\WINDOWS\system32\dllcache\syncui.dll
+ 2004-08-04 07:56:46 168,960 -c--a-w C:\WINDOWS\system32\dllcache\sysmod.dll
+ 2004-08-04 07:56:46 155,648 -c--a-w C:\WINDOWS\system32\dllcache\sysmod_a.dll
+ 2004-08-04 07:56:46 858,624 -c--a-w C:\WINDOWS\system32\dllcache\tapi3.dll
+ 2004-08-04 07:56:46 14,848 -c--a-w C:\WINDOWS\system32\dllcache\tcpmib.dll
+ 2004-08-04 07:56:34 16,384 -c--a-w C:\WINDOWS\system32\dllcache\tcptsat.dll
+ 2004-08-04 08:01:07 12,168 -c--a-w C:\WINDOWS\system32\dllcache\tsddd.dll
+ 2004-08-04 07:56:46 279,040 -c--a-w C:\WINDOWS\system32\dllcache\tshoot.dll
+ 2004-08-04 07:56:46 316,416 -c--a-w C:\WINDOWS\system32\dllcache\untfs.dll
+ 2004-08-04 07:56:57 150,528 -c--a-w C:\WINDOWS\system32\dllcache\uploadm.exe
+ 2004-08-04 07:56:46 239,616 -c--a-w C:\WINDOWS\system32\dllcache\upnpui.dll
+ 2001-08-18 12:00:00 61,500 -c--a-w C:\WINDOWS\system32\dllcache\usrcntra.dll
+ 2001-08-18 12:00:00 69,699 -c--a-w C:\WINDOWS\system32\dllcache\usrcoina.dll
+ 2001-08-18 12:00:00 77,890 -c--a-w C:\WINDOWS\system32\dllcache\usrdpa.dll
+ 2001-08-18 12:00:00 323,641 -c--a-w C:\WINDOWS\system32\dllcache\usrdtea.dll
+ 2001-08-18 12:00:00 53,305 -c--a-w C:\WINDOWS\system32\dllcache\usrlbva.dll
+ 2001-08-18 12:00:00 77,883 -c--a-w C:\WINDOWS\system32\dllcache\usrrtosa.dll
+ 2001-08-18 12:00:00 49,209 -c--a-w C:\WINDOWS\system32\dllcache\usrv80a.dll
+ 2001-08-18 12:00:00 49,211 -c--a-w C:\WINDOWS\system32\dllcache\usrvpa.dll
+ 2004-08-04 07:56:46 11,325 -c--a-w C:\WINDOWS\system32\dllcache\vchnt5.dll
+ 2004-08-04 07:56:46 131,584 -c--a-w C:\WINDOWS\system32\dllcache\viewprov.dll
+ 2004-08-04 07:56:46 196,608 -c--a-w C:\WINDOWS\system32\dllcache\wbemcntl.dll
+ 2004-08-04 07:56:46 43,008 -c--a-w C:\WINDOWS\system32\dllcache\wbemperf.dll
+ 2004-08-04 07:56:57 116,224 -c--a-w C:\WINDOWS\system32\dllcache\wbemtest.exe
+ 2004-08-04 07:56:46 197,120 -c--a-w C:\WINDOWS\system32\dllcache\wbemupgd.dll
+ 2004-08-04 07:56:46 124,416 -c--a-w C:\WINDOWS\system32\dllcache\wiadss.dll
+ 2004-08-04 07:56:46 111,104 -c--a-w C:\WINDOWS\system32\dllcache\wiavideo.dll
+ 2004-08-04 07:56:35 937,984 -c--a-w C:\WINDOWS\system32\dllcache\winbrand.dll
+ 2004-08-04 07:56:35 764,928 -c--a-w C:\WINDOWS\system32\dllcache\winntbbu.dll
+ 2004-08-04 07:56:35 6,656 -c--a-w C:\WINDOWS\system32\dllcache\wmiapres.dll
+ 2004-08-04 07:56:46 89,088 -c--a-w C:\WINDOWS\system32\dllcache\wmiaprpl.dll
+ 2004-08-04 07:56:46 60,928 -c--a-w C:\WINDOWS\system32\dllcache\wmicookr.dll
+ 2004-08-04 07:56:46 140,800 -c--a-w C:\WINDOWS\system32\dllcache\wmidcprv.dll
+ 2004-08-04 07:56:46 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wmipdskq.dll
+ 2004-08-04 07:56:46 62,464 -c--a-w C:\WINDOWS\system32\dllcache\wmipiprt.dll
+ 2004-08-04 07:56:46 62,976 -c--a-w C:\WINDOWS\system32\dllcache\wmipjobj.dll
+ 2004-08-04 07:56:46 41,472 -c--a-w C:\WINDOWS\system32\dllcache\wmipsess.dll
+ 2004-08-04 07:56:46 167,936 -c--a-w C:\WINDOWS\system32\dllcache\wmm2ae.dll
+ 2004-08-04 07:56:46 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmm2eres.dll
+ 2004-08-04 07:56:46 7,680 -c--a-w C:\WINDOWS\system32\dllcache\wmm2ext.dll
+ 2004-08-04 07:56:46 402,432 -c--a-w C:\WINDOWS\system32\dllcache\wmm2filt.dll
+ 2004-08-04 07:56:46 502,272 -c--a-w C:\WINDOWS\system32\dllcache\wmm2fxa.dll
+ 2004-08-04 07:56:46 325,632 -c--a-w C:\WINDOWS\system32\dllcache\wmm2fxb.dll
+ 2004-08-04 07:56:46 4,256,768 -c--a-w C:\WINDOWS\system32\dllcache\wmm2res.dll
+ 2004-08-04 07:56:46 5,632 -c--a-w C:\WINDOWS\system32\dllcache\wmm2res2.dll
+ 2004-08-04 07:56:46 115,200 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe.dll
+ 2004-08-04 07:56:46 303,616 -c--a-w C:\WINDOWS\system32\dllcache\wmstream.dll
+ 2001-08-18 12:00:00 3,200 -c--a-w C:\WINDOWS\system32\dllcache\wowfax.dll
+ 2004-08-04 07:56:46 28,672 -c--a-w C:\WINDOWS\system32\dllcache\wshcon.dll
+ 2004-08-04 07:56:46 14,336 -c--a-w C:\WINDOWS\system32\dllcache\wship6.dll
+ 2004-08-04 07:56:46 11,776 -c--a-w C:\WINDOWS\system32\dllcache\wshrm.dll
+ 2004-08-04 07:56:46 42,496 -c--a-w C:\WINDOWS\system32\dllcache\wsnmp32.dll
+ 2004-07-17 18:39:14 174,200 -c--a-w C:\WINDOWS\system32\dllcache\xenroll.dll
- 2006-06-22 17:44:58 2,078,344 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-11-20 20:52:00 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-11-20 20:52:00 218,496 -c--a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2008-01-03 12:27 111968 --a------ C:\Program Files\AOL Search\AOLSearch.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39 147456]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 15:30 86016]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 11:55 32768]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 15:16 5058560]
"nwiz"="nwiz.exe" [2003-10-06 15:16 741376 C:\WINDOWS\system32\nwiz.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 10:43 188416]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 21:54 116072]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 17:03 36640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 09:52 218232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-03-21 15:00 78848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-04-10 17:44 679936 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-04-11 15:25 212992 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2003-06-25 11:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a--c--- 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"EPSONStatusAgent2"=2 (0x2)
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM95\\AIM95_c5\\aim.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=


*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 21:32:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-03-10 21:41:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-11 01:41:38
ComboFix2.txt 2008-03-10 01:49:27
ComboFix3.txt 2008-03-10 01:20:21
.
2008-03-04 08:09:03 --- E O F ---
  • 0

#6
kahdah
Posted 10 March 2008 - 09:01 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Okay please go ahead with the MAlware bytes antimalware program.
Thanks.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP