Alright, before I even read the second half of your post, I'm going to settle a couple of things.
I have removed and uninstalled all P2P programs. Whatever you're seeing is remnants I can't find or that were left inplace by the program after the uninstall. All those programs were at one time on my computer, but I haven't used since the infection and will not use P2P. That's it, that's all. If there's something left, tell me where it is and how to get rid of it, because if I knew, I would've done it myself already. And of course there's holes in my firewall, I've also removed and disabled and wiped out all signs of Anti-Virus as far as I can with Add-Remove programs and the host uninstall program. Which also covers your third point. I do not have Norton, either. I don't know how that got there. Nor can I use the Norton uninstall tool you gave me becase I HAVE NO IDEA WHICH VERSION OF NORTON WAS INSTALLED BECAUSE I NEVER INSTALLED IT. Which makes your link rather useless.
I didn't go to University and get a degree on computer technology, so stop pretending everyone else should know as much as you or else they're stupid. I'm not computer incompetent, but I'm not highly skilled either.
I followed your last post exactly. As far as my computer's performance goes, it's been running well since I ran ComboFix the first time. I can access My Documents and Windows Explorer, no problems, no popups. Don't go and whine because I didn't follow your last post because "VundoFixSvc" is still in the HJTlog. I 'Fix Checked' and went to remove NT Service, and it woiuld say it's running. Chicken and egg situation. I have to disable it to remove it, but whenever I disable it, it comes back up.
===========
ComboFix 08-03-10.1 - Colin 2008-03-12 14:37:46.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1139 [GMT -7:00]
Running from: C:\Users\Colin\Desktop\ComboFix.exe
Command switches used :: C:\Users\Colin\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Windows\System32\3282.bat
C:\Windows\System32\5571.bat
C:\Windows\System32\7892.bat
C:\Windows\System32\bwpjkfhs.dllbox
C:\Windows\System32\cwgrghdu.ini
C:\Windows\System32\jaumlgvc.ini
C:\Windows\System32\jfxgowdx.ini
C:\Windows\System32\khgawgxa.ini
C:\Windows\System32\kpwznbpb.dllbox
C:\Windows\System32\qivgspxi.ini
C:\Windows\system32\rrhikdum.dll
C:\Windows\system32\tsykfjjl.dll
C:\Windows\SYSTEM32\VundoFixSVC.exe
C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Colin.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\BitComet
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\BitComet\BitComet.xml
C:\Program Files\BitComet\cache\post_info.xml
C:\Program Files\BitComet\cache\rss_index.xml
C:\Program Files\BitComet\Downloads.xml
C:\Program Files\BitComet\Favourite.xml
C:\Program Files\BitComet\rules\dhtnodes.dat
C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
C:\Program Files\BitComet\tools\UPNP.exe
C:\Program Files\BitComet\torrents\FS2004 - PMDG - 737NG - 800-900.torrent
C:\Program Files\BitComet\torrents\FS2004 - PMDG - 737NG - 800-900.xml
C:\Program Files\BitComet\torrents\swat 4.rar.torrent
C:\Program Files\BitComet\torrents\swat 4.rar.xml
C:\Program Files\BitLord
C:\Program Files\BitLord\BitLord.xml
C:\Program Files\BitLord\Downloads.xml
C:\Program Files\BitLord\Downloads\Ad-Aware 2007 + working crack.rar.bc!
C:\Program Files\BitLord\Downloads\Microsoft Office 2007 Complete Version + CD Key\Microsoft Office 2007 Complete Version + CD Key.uif
C:\Program Files\BitLord\Downloads\Microsoft Office 2007 Complete Version + CD Key\Readme.txt
C:\Program Files\BitLord\Downloads\Microsoft Office 2007 Complete Version + CD Key\tracked_by_h33t_com.txt
C:\Program Files\BitLord\Downloads\PMDG - 737-800-900 V1-1.Retail.rar
C:\Program Files\BitLord\lang\lang_ar_ae.xml
C:\Program Files\BitLord\lang\lang_bg_bg.xml
C:\Program Files\BitLord\lang\lang_ca_es.xml
C:\Program Files\BitLord\lang\lang_cz_cz.xml
C:\Program Files\BitLord\lang\lang_da_dk.xml
C:\Program Files\BitLord\lang\lang_de_de.xml
C:\Program Files\BitLord\lang\lang_el_gr.xml
C:\Program Files\BitLord\lang\lang_en_us.xml
C:\Program Files\BitLord\lang\lang_es_ar.xml
C:\Program Files\BitLord\lang\lang_es_es.xml
C:\Program Files\BitLord\lang\lang_et_ee.xml
C:\Program Files\BitLord\lang\lang_fi_fi.xml
C:\Program Files\BitLord\lang\lang_fr_fr.xml
C:\Program Files\BitLord\lang\lang_gl_es.xml
C:\Program Files\BitLord\lang\lang_he_il.xml
C:\Program Files\BitLord\lang\lang_hu_hu.xml
C:\Program Files\BitLord\lang\lang_it_it.xml
C:\Program Files\BitLord\lang\lang_jp_jp.xml
C:\Program Files\BitLord\lang\lang_ko_kr.xml
C:\Program Files\BitLord\lang\lang_nb_no.xml
C:\Program Files\BitLord\lang\lang_nl_nl.xml
C:\Program Files\BitLord\lang\lang_pl_pl.xml
C:\Program Files\BitLord\lang\lang_pt_br.xml
C:\Program Files\BitLord\lang\lang_pt_pt.xml
C:\Program Files\BitLord\lang\lang_ro_ro.xml
C:\Program Files\BitLord\lang\lang_ru_ru.xml
C:\Program Files\BitLord\lang\lang_sk_sk.xml
C:\Program Files\BitLord\lang\lang_sl_si.xml
C:\Program Files\BitLord\lang\lang_sr_sr.xml
C:\Program Files\BitLord\lang\lang_sv_se.xml
C:\Program Files\BitLord\lang\lang_th_th.xml
C:\Program Files\BitLord\lang\lang_tr_tr.xml
C:\Program Files\BitLord\lang\lang_va_es.xml
C:\Program Files\BitLord\lang\lang_zh_tw.xml
C:\Program Files\BitLord\rules\ipfilter.dat
C:\Program Files\BitLord\Torrents\Ad-Aware 2007 + working crack.rar.torrent
C:\Program Files\BitLord\Torrents\Ad-Aware 2007 + working crack.rar.xml
C:\Program Files\BitLord\Torrents\PMDG - 737-800-900 V1-1.Retail.rar.torrent
C:\Program Files\BitLord\Torrents\PMDG - 737-800-900 V1-1.Retail.rar.xml
C:\Program Files\DNA
C:\Program Files\DNA\btdna.exe
C:\Users\Colin\AppData\Roaming\BitTorrent
C:\Users\Colin\AppData\Roaming\BitTorrent\dht.dat
C:\Users\Colin\AppData\Roaming\BitTorrent\Emergency3.exe.torrent
C:\Users\Colin\AppData\Roaming\BitTorrent\resume.dat
C:\Users\Colin\AppData\Roaming\BitTorrent\resume.dat.old
C:\Users\Colin\AppData\Roaming\BitTorrent\settings.dat
C:\Users\Colin\AppData\Roaming\PeerNetworking
C:\Windows\System32\3282.bat
C:\Windows\System32\5571.bat
C:\Windows\System32\7892.bat
C:\Windows\System32\bwpjkfhs.dllbox
C:\Windows\System32\cwgrghdu.ini
C:\Windows\System32\jaumlgvc.ini
C:\Windows\System32\jfxgowdx.ini
C:\Windows\System32\khgawgxa.ini
C:\Windows\System32\kpwznbpb.dllbox
C:\Windows\System32\qivgspxi.ini
C:\Windows\SYSTEM32\VundoFixSVC.exe
C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Colin.job
.
((((((((((((((((((((((((( Files Created from 2008-02-12 to 2008-03-12 )))))))))))))))))))))))))))))))
.
2008-03-12 01:12 . 2007-12-16 15:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 01:12 . 2007-12-16 02:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-11 13:47 . 2008-03-12 02:49 54,156 --ah----- C:\Windows\QTFont.qfn
2008-03-11 13:47 . 2008-03-11 13:48 1,409 --a------ C:\Windows\QTFont.for
2008-03-11 13:46 . 2008-03-11 13:47 <DIR> d-------- C:\Program Files\QuickTime
2008-03-11 13:46 . 2008-03-11 13:46 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-11 13:46 . 2008-03-11 13:46 <DIR> d-------- C:\PROGRA~2\Apple Computer
2008-03-11 13:46 . 2008-03-11 13:46 <DIR> d-------- C:\PROGRA~2\Apple
2008-03-10 02:40 . 2008-03-11 15:09 <DIR> d-------- C:\Program Files\WolfQuest
2008-03-09 15:54 . 2008-03-09 15:54 <DIR> d-------- C:\Program Files\Sun
2008-03-09 15:48 . 2008-03-09 15:53 <DIR> d-------- C:\Program Files\Java
2008-03-09 15:48 . 2008-03-09 15:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-09 04:06 . 2008-03-09 04:06 <DIR> d-------- C:\_OTMoveIt
2008-03-09 03:34 . 2008-03-09 03:34 198,656 --a------ C:\Windows\System32\comdlg32.ocx
2008-03-06 15:22 . 2008-03-11 14:21 <DIR> d-------- C:\VundoFix Backups
2008-03-06 13:58 . 2008-03-09 15:16 <DIR> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-03-06 12:22 . 2008-03-06 12:21 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-03-06 12:21 . 2008-03-06 13:29 <DIR> d-------- C:\Users\Colin\.housecall6.6
2008-03-04 01:02 . 2008-03-04 01:02 1,158 --a------ C:\Windows\mozver.dat
2008-03-03 22:42 . 2008-03-09 15:24 <DIR> d-------- C:\PROGRA~2\SiteAdvisor
2008-03-03 22:21 . 2008-03-09 15:27 <DIR> d-------- C:\PROGRA~2\McAfee
2008-03-03 21:32 . 2008-03-03 21:32 0 --a------ C:\Windows\nsreg.dat
2008-03-03 03:50 . 2008-03-03 03:51 <DIR> d-------- C:\Users\Colin\AppData\Roaming\SecondLife
2008-02-29 14:57 . 2008-02-29 15:07 <DIR> d-------- C:\Users\Colin\AppData\Roaming\Ahead
2008-02-29 03:17 . 2008-03-03 20:59 <DIR> d--hs---- C:\Users\Colin\'
2008-02-29 03:12 . 2008-02-29 22:55 <DIR> d-a------ C:\PROGRA~2\TEMP
2008-02-29 02:56 . 2008-03-03 22:37 <DIR> d-------- C:\PROGRA~2\Lavasoft
2008-02-28 12:36 . 2008-02-28 12:44 <DIR> d-------- C:\Program Files\MpcStar
2008-02-28 00:25 . 2008-02-28 00:25 <DIR> d-------- C:\PROGRA~2\Office Genuine Advantage
2008-02-28 00:18 . 2006-10-26 20:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-02-28 00:12 . 2008-02-28 00:12 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-27 16:33 . 2008-02-27 17:03 1,942 --a------ C:\Windows\asrc.ini
2008-02-27 14:29 . 2008-02-27 14:29 100,464 --a------ C:\Windows\System32\ICKHTTPS2.OCX
2008-02-26 23:52 . 2008-02-26 23:52 327,662,570 --a------ C:\Windows\MEMORY.DMP
2008-02-19 12:56 . 2008-02-19 12:56 <DIR> d-------- C:\Graphics
2008-02-19 12:56 . 2005-11-13 02:28 238,080 --------- C:\Windows\System32\mwgfx24.dll
2008-02-19 12:56 . 2008-01-06 15:05 190,464 --------- C:\Windows\System32\mwgfx.dll
2008-02-19 12:56 . 2008-01-09 13:43 104,960 --------- C:\Windows\System32\mwdds.dll
2008-02-19 12:56 . 2004-05-14 12:13 56,832 --------- C:\Windows\System32\mwace.dll
2008-02-19 12:56 . 2007-08-19 10:37 28,672 --------- C:\Windows\System32\mwgfxcopy.exe
2008-02-16 15:36 . 2008-02-16 15:36 <DIR> d-------- C:\Users\Colin\AppData\Roaming\Intel
2008-02-15 16:43 . 2008-01-09 22:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-13 14:53 . 2008-03-03 18:15 1,328 --a------ C:\FSUIPC_reg.bin
2008-02-13 01:03 . 2008-02-13 01:03 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 01:03 . 2008-02-13 01:03 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 01:01 . 2008-02-13 01:01 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 01:01 . 2008-02-13 01:01 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-13 01:01 . 2008-02-13 01:01 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-13 01:01 . 2008-02-13 01:01 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-13 01:01 . 2008-02-13 01:01 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-13 01:01 . 2008-02-13 01:01 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-13 01:01 . 2008-02-13 01:01 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-13 01:00 . 2008-02-13 01:00 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 01:00 . 2008-02-13 01:00 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 01:00 . 2008-02-13 01:00 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-13 01:00 . 2008-02-13 01:00 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-13 01:00 . 2008-02-13 01:00 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-13 01:00 . 2008-02-13 01:00 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-13 01:00 . 2008-02-13 01:00 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-12 23:22 . 2008-02-12 23:22 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-02-12 23:17 . 2008-02-13 00:55 <DIR> d-------- C:\Users\Colin\AppData\Roaming\Winamp
2008-02-12 23:17 . 2008-02-12 23:18 <DIR> d-------- C:\Program Files\Winamp
2008-02-12 23:17 . 2007-03-07 16:51 129,784 --------- C:\Windows\System32\pxafs.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 10:16 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 10:04 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-03-12 08:46 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-03-04 06:07 13,025 ----a-w C:\Users\Colin\AppData\Roaming\nvModes.dat
2008-03-04 05:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 05:44 --------- d-----w C:\Users\Colin\AppData\Roaming\FrostWire
2008-02-29 22:51 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-28 07:17 --------- d-----w C:\Program Files\MSBuild
2008-02-14 00:32 --------- d-----w C:\PROGRA~2\Messenger Plus!
2008-02-13 08:00 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 08:00 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 08:00 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 08:00 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 07:57 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 07:57 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 07:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 07:57 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-07 02:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-07 01:26 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-02-07 01:26 --------- d-----w C:\PROGRA~2\Macrovision
2008-02-07 01:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-06 08:42 --------- d-----w C:\PROGRA~2\FLEXnet
2008-02-06 00:01 --------- d-----w C:\Program Files\Real Environment Pro
2008-02-05 02:37 --------- d-----w C:\Program Files\Google
2008-02-05 02:23 693,792 ----a-w C:\Windows\System32\OGACheckControl.DLL
2008-02-04 23:11 --------- d-----w C:\Program Files\DivX
2008-01-26 20:44 12,400 ----a-w C:\Windows\system32\drivers\secdrv.sys
2008-01-09 21:33 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-08 19:57 74,752 ----a-w C:\Windows\ST6UNST.EXE
2008-01-08 19:57 253,952 ------w C:\Windows\Setup1.exe
2007-12-21 21:54 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-21 21:53 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-21 21:53 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-04 20:40 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-03-12_ 1.49.02.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-12 08:45:53 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-12 21:34:19 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-02-13 08:31:01 665,600 ----a-w C:\Windows\inf\drvindex.dat
+ 2008-03-12 10:16:51 665,600 ----a-w C:\Windows\inf\drvindex.dat
- 2008-02-13 08:31:36 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-03-12 10:16:51 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-02-13 08:31:36 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-03-12 10:16:50 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-02-13 08:31:36 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-03-12 10:16:50 86,016 ----a-w C:\Windows\inf\infstrng.dat
- 2008-02-28 09:21:09 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-03-12 10:03:59 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-02-28 09:21:09 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-03-12 10:03:59 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-02-28 09:21:09 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-03-12 10:03:59 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-02-28 09:21:09 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-03-12 10:03:59 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-02-28 09:21:09 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-12 10:03:59 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-02-28 09:21:09 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-03-12 10:03:59 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-02-28 09:21:09 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-03-12 10:03:59 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-02-28 09:21:09 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-03-12 10:03:59 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-02-28 09:21:09 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-03-12 10:03:59 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-02-28 09:21:09 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-03-12 10:03:59 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-02-28 09:21:09 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-03-12 10:03:59 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-02-28 09:21:09 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-03-12 10:03:59 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-02-13 08:01:13 1,165,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-03-12 10:04:12 1,165,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
- 2008-02-13 08:01:13 20,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-03-12 10:04:12 20,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-02-13 08:01:13 217,864 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-12 10:04:12 217,864 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
- 2008-02-13 08:01:13 18,704 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-03-12 10:04:12 18,704 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-02-13 08:01:13 35,088 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-03-12 10:04:13 35,088 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-02-13 08:01:13 845,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-03-12 10:04:12 845,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2008-02-13 08:01:13 922,384 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-03-12 10:04:12 922,384 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2008-02-13 08:01:13 272,648 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-03-12 10:04:12 272,648 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
- 2008-02-13 08:01:13 888,080 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-03-12 10:04:13 888,080 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-02-13 08:01:13 1,172,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-03-12 10:04:12 1,172,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-03-12 08:12:32 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-12 21:35:32 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-12 08:46:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-12 21:36:28 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-12 21:36:28 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-03-12 08:40:27 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-12 21:37:20 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-12 08:46:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-12 21:36:22 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-12 21:36:22 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-12 08:40:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-12 21:09:40 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-12 08:40:23 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-12 21:09:40 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-12 08:40:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-12 21:09:40 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-16 09:56:45 41,984 ----a-w C:\Windows\System32\DriverStore\FileRepository\monitor.inf_1a316eff\monitor.sys
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\Windows\System32\mrt.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\Windows\System32\mrt.exe
- 2008-03-12 08:11:28 113,060 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-12 21:42:26 113,060 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-12 08:11:28 634,574 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-12 21:42:26 634,574 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-12 08:44:02 6,156,288 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-03-12 10:20:11 6,156,288 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2008-03-12 08:09:15 12,826 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3037727994-2318491079-2961448558-1000_UserData.bin
+ 2008-03-12 21:36:51 13,346 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3037727994-2318491079-2961448558-1000_UserData.bin
- 2008-03-12 08:09:15 77,656 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-12 21:36:51 77,868 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-12 08:09:12 53,138 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-12 21:36:49 53,310 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-12-16 22:50:41 1,060,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346\ntfs.sys
+ 2007-12-16 22:52:59 1,061,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20740_none_a4e9483239031830\ntfs.sys
+ 2008-01-15 00:00:51 2,414,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16643_none_f0799cac6e717dff\OESpamFilter.dat
+ 2008-01-15 00:00:38 2,414,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20778_none_f0e7cb2587a2f04f\OESpamFilter.dat
+ 2007-12-16 09:56:45 41,984 ----a-w C:\Windows\winsxs\x86_monitor.inf_31bf3856ad364e35_6.0.6000.16615_none_4117345983213804\monitor.sys
+ 2007-12-16 09:50:45 41,984 ----a-w C:\Windows\winsxs\x86_monitor.inf_31bf3856ad364e35_6.0.6000.20740_none_417b5fee9c5bacee\monitor.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon]
@={A825576B-0042-4F0F-8FB0-93CE0F054E69}
[HKEY_CLASSES_ROOT\CLSID\{A825576B-0042-4F0F-8FB0-93CE0F054E69}]
2006-12-11 17:27 147456 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]
"NB Probe"="C:\Program Files\ASUS\NB Probe\NBProbe.exe" [2007-01-05 16:01 806912]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Pinyin IME Migration"="C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.exe" [2006-10-26 14:53 32560]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-14 10:07 4390912 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 10:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 06:24 857648]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 08:27 61440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-02 02:22 56080 C:\Windows\KHALMNPR.Exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 14:37 174872]
"DirectMessenger"="C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE" [2007-02-01 20:58 987648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [ ]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
MultiFrame.lnk - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe [2007-07-30 23:28:30 991600]
SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe [2007-07-30 23:34:30 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=C:\Windows\pss\ExifLauncher2.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Colin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkMail]
--a------ 2007-03-20 18:12 741376 C:\Program Files\ChkMail\ChkMail\ChkMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-03-26 11:42 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-26 12:12 161328 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
--a------ 2007-01-15 15:17 778240 C:\Program Files\PowerForPhone\PowerForPhone.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EBC9C276-8866-4936-B37E-B5A03F010851}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2C3021C5-5994-44FA-A85A-F6F17DDCA18C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{4A110543-D3E6-479C-AD92-FCA87A495355}C:\windows\system32\dpnsvr.exe"= UDP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server|Desc=Microsoft DirectPlay8 Server
"UDP Query User{116C37C7-7E2A-48A6-A963-C63E69927D5B}C:\windows\system32\dpnsvr.exe"= TCP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server|Desc=Microsoft DirectPlay8 Server
"TCP Query User{ACA228CC-0F8C-4A0E-854E-E34180FD7F06}C:\program files\squawkbox3\squawkbox.exe"= UDP:C:\program files\squawkbox3\squawkbox.exe:squawkbox.exe|Desc=squawkbox.exe
"UDP Query User{FF194837-F8BC-40D6-AA93-2A07EEC191F9}C:\program files\squawkbox3\squawkbox.exe"= TCP:C:\program files\squawkbox3\squawkbox.exe:squawkbox.exe|Desc=squawkbox.exe
"TCP Query User{F1C151AB-830C-4AD3-88BC-E0EF1762B08D}C:\program files\microsoft games\flight simulator 9\fs9.exe"= UDP:C:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator|Desc=Microsoft Flight Simulator
"UDP Query User{BBA073CD-194F-4BCE-B8EE-84632EBBEE9C}C:\program files\microsoft games\flight simulator 9\fs9.exe"= TCP:C:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator|Desc=Microsoft Flight Simulator
"TCP Query User{717A03CC-CFA0-4D54-A0A9-F656182327B8}C:\users\colin\documents\mudmasterbuild27\mudmaster.exe"= UDP:C:\users\colin\documents\mudmasterbuild27\mudmaster.exe:mudmaster.exe|Desc=mudmaster.exe
"UDP Query User{48FB2C95-7553-49B1-A642-AE5B6C0C67BF}C:\users\colin\documents\mudmasterbuild27\mudmaster.exe"= TCP:C:\users\colin\documents\mudmasterbuild27\mudmaster.exe:mudmaster.exe|Desc=mudmaster.exe
"TCP Query User{83A01532-821C-48E5-B15C-8125873AD264}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{68F06ED9-46C2-4099-B6ED-57EC5CA370E3}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"TCP Query User{B24F5BA9-400C-4C06-BAD4-DF182D4E0DB0}C:\program files\bitlord\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord|Desc=BitLord
"UDP Query User{0D9D90DA-08DC-4CB2-AD37-DA33287B681C}C:\program files\bitlord\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord|Desc=BitLord
"TCP Query User{7EFF02C1-4B0A-428F-B91F-14EBB354A8AC}C:\program files\asrc\asrc.exe"= UDP:C:\program files\asrc\asrc.exe:ASRC executable|Desc=ASRC executable
"UDP Query User{6D0326CD-069F-4AE2-B5B7-2738672560CE}C:\program files\asrc\asrc.exe"= TCP:C:\program files\asrc\asrc.exe:ASRC executable|Desc=ASRC executable
"TCP Query User{ACEE2FA6-5E2B-4FD7-9532-4B7E642E114A}C:\program files\advanced voice client\avc.exe"= UDP:C:\program files\advanced voice client\avc.exe:VATSIM Advanced Voice Client|Desc=VATSIM Advanced Voice Client
"UDP Query User{329F1794-8150-44FF-A6AD-FAB2BAC84EAE}C:\program files\advanced voice client\avc.exe"= TCP:C:\program files\advanced voice client\avc.exe:VATSIM Advanced Voice Client|Desc=VATSIM Advanced Voice Client
"TCP Query User{F7C9E664-30DA-4C1F-AD7A-0E53C4A09894}C:\program files\bitcomet\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client
"UDP Query User{550871E9-F60E-48F6-AB69-91236EA7F4CE}C:\program files\bitcomet\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client
"{B5BFBCB6-ED36-493E-8767-46A23669E20E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9E148F33-A4BC-4F0B-A4F6-4C48FF6F5EC1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{984A9587-FFB5-4B29-B869-ECB17FE05DDC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{87EDB76E-8C35-4629-BF06-8C21C39D2132}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{CB1E2BEA-57BA-4585-84F0-3CDC019D05DB}C:\program files\secondlife\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice|Desc=SLVoice
"UDP Query User{39B1761A-704A-4F15-8DD7-54581176BFA0}C:\program files\secondlife\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice|Desc=SLVoice
"TCP Query User{DF8A89E6-F153-4CE2-9C62-BD65B09594B0}C:\program files\wolfquest\wolfquest.exe"= UDP:C:\program files\wolfquest\wolfquest.exe:WolfQuest|Desc=WolfQuest
"UDP Query User{AC070987-270A-4E08-9EAF-387A83DB764F}C:\program files\wolfquest\wolfquest.exe"= TCP:C:\program files\wolfquest\wolfquest.exe:WolfQuest|Desc=WolfQuest
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 AsDsm;AsDsm;C:\Windows\system32\drivers\AsDsm.sys [2007-04-24 17:28]
R2 ADSMService;ADSM Service;C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-02-16 19:48]
R2 ASLDRService;ASLDR Service;C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 18:13]
R2 ASMMAP;ASMMAP;C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-02-05 04:53]
R2 ATKGFNEXSrv;ATKGFNEX Service;C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-03-09 19:57]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 06:14]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-03-29 20:30]
S2 ghaio;ghaio;C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2006-11-15 03:02]
S3 lvupdtio;lvupdtio;C:\Program Files\ASUS\ASUS Live Update\SYS64\lvupdtio.sys [2006-11-08 15:44]
S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 00:30]
S3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-01-15 07:28]
S3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys [2006-11-02 02:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-12 14:42:24
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-12 14:43:19
ComboFix-quarantined-files.txt 2008-03-12 21:43:18
ComboFix2.txt 2008-03-12 08:49:27
.
2008-03-12 10:04:14 --- E O F ---
=================
=================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:34 PM, on 12/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Colin\Desktop\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: MultiFrame.lnk = ?
O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w2/resourc ... den-ca.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Unknown owner - VundoFixSVC.exe (file missing)
--
End of file - 7255 bytes