================================================================================
================================================================================
COMBOFIX LOG
================================================================================
================================================================================
ComboFix 08-03-10.1 - Colin 2008-03-14 12:37:48.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1067 [GMT -7:00]
Running from: C:\Users\Colin\Desktop\ComboFix.exe
Command switches used :: C:\Users\Colin\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.
2008-03-13 01:54 . 2008-03-13 02:18 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-03-13 01:16 . 2008-03-13 01:16 <DIR> d-------- C:\Windows\Easy CD-DA Extractor 11.1
2008-03-13 01:15 . 2002-01-05 05:37 344,064 --a------ C:\Windows\System32\msvcr70.dll
2008-03-13 00:26 . 2008-03-13 00:26 34 --a------ C:\Windows\cdplayer.ini
2008-03-12 01:12 . 2007-12-16 15:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 01:12 . 2007-12-16 02:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-11 13:47 . 2008-03-12 02:49 54,156 --ah----- C:\Windows\QTFont.qfn
2008-03-11 13:47 . 2008-03-11 13:48 1,409 --a------ C:\Windows\QTFont.for
2008-03-11 13:46 . 2008-03-11 13:47 <DIR> d-------- C:\Program Files\QuickTime
2008-03-11 13:46 . 2008-03-11 13:46 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-11 13:46 . 2008-03-11 13:46 <DIR> d-------- C:\PROGRA~2\Apple Computer
2008-03-11 13:46 . 2008-03-11 13:46 <DIR> d-------- C:\PROGRA~2\Apple
2008-03-09 15:54 . 2008-03-09 15:54 <DIR> d-------- C:\Program Files\Sun
2008-03-09 15:48 . 2008-03-09 15:53 <DIR> d-------- C:\Program Files\Java
2008-03-09 15:48 . 2008-03-09 15:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-09 04:06 . 2008-03-09 04:06 <DIR> d-------- C:\_OTMoveIt
2008-03-09 03:34 . 2008-03-09 03:34 198,656 --a------ C:\Windows\System32\comdlg32.ocx
2008-03-06 13:58 . 2008-03-09 15:16 <DIR> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-03-06 12:22 . 2008-03-06 12:21 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-03-06 12:21 . 2008-03-06 13:29 <DIR> d-------- C:\Users\Colin\.housecall6.6
2008-03-04 01:02 . 2008-03-04 01:02 1,158 --a------ C:\Windows\mozver.dat
2008-03-03 22:42 . 2008-03-09 15:24 <DIR> d-------- C:\PROGRA~2\SiteAdvisor
2008-03-03 22:21 . 2008-03-09 15:27 <DIR> d-------- C:\PROGRA~2\McAfee
2008-03-03 21:32 . 2008-03-03 21:32 0 --a------ C:\Windows\nsreg.dat
2008-03-03 03:50 . 2008-03-03 03:51 <DIR> d-------- C:\Users\Colin\AppData\Roaming\SecondLife
2008-02-29 14:57 . 2008-02-29 15:07 <DIR> d-------- C:\Users\Colin\AppData\Roaming\Ahead
2008-02-29 03:17 . 2008-03-03 20:59 <DIR> d--hs---- C:\Users\Colin\'
2008-02-29 03:12 . 2008-03-13 01:54 <DIR> d-a------ C:\PROGRA~2\TEMP
2008-02-29 02:56 . 2008-03-03 22:37 <DIR> d-------- C:\PROGRA~2\Lavasoft
2008-02-28 12:36 . 2008-02-28 12:44 <DIR> d-------- C:\Program Files\MpcStar
2008-02-28 00:25 . 2008-02-28 00:25 <DIR> d-------- C:\PROGRA~2\Office Genuine Advantage
2008-02-28 00:18 . 2006-10-26 20:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-02-28 00:12 . 2008-02-28 00:12 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-27 16:33 . 2008-02-27 17:03 1,942 --a------ C:\Windows\asrc.ini
2008-02-27 14:29 . 2008-02-27 14:29 100,464 --a------ C:\Windows\System32\ICKHTTPS2.OCX
2008-02-26 23:52 . 2008-02-26 23:52 327,662,570 --a------ C:\Windows\MEMORY.DMP
2008-02-19 12:56 . 2008-02-19 12:56 <DIR> d-------- C:\Graphics
2008-02-19 12:56 . 2005-11-13 02:28 238,080 --------- C:\Windows\System32\mwgfx24.dll
2008-02-19 12:56 . 2008-01-06 15:05 190,464 --------- C:\Windows\System32\mwgfx.dll
2008-02-19 12:56 . 2008-01-09 13:43 104,960 --------- C:\Windows\System32\mwdds.dll
2008-02-19 12:56 . 2004-05-14 12:13 56,832 --------- C:\Windows\System32\mwace.dll
2008-02-19 12:56 . 2007-08-19 10:37 28,672 --------- C:\Windows\System32\mwgfxcopy.exe
2008-02-16 15:36 . 2008-02-16 15:36 <DIR> d-------- C:\Users\Colin\AppData\Roaming\Intel
2008-02-15 16:43 . 2008-01-09 22:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 09:16 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-03-12 10:16 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 08:46 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-03-04 06:07 13,025 ----a-w C:\Users\Colin\AppData\Roaming\nvModes.dat
2008-03-04 05:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-04 01:15 1,328 ----a-w C:\FSUIPC_reg.bin
2008-03-01 05:44 --------- d-----w C:\Users\Colin\AppData\Roaming\FrostWire
2008-02-29 22:51 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-28 07:17 --------- d-----w C:\Program Files\MSBuild
2008-02-14 00:32 --------- d-----w C:\PROGRA~2\Messenger Plus!
2008-02-13 08:03 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 08:03 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 08:01 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 08:01 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 08:01 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 08:01 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 08:01 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-13 08:01 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 08:01 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 08:00 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 08:00 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 08:00 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 08:00 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 08:00 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 08:00 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 08:00 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 08:00 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 08:00 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 08:00 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 08:00 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 07:57 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 07:57 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 07:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 07:57 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 07:55 --------- d-----w C:\Users\Colin\AppData\Roaming\Winamp
2008-02-13 06:22 --------- d-----w C:\Program Files\Common Files\NSV
2008-02-13 06:18 --------- d-----w C:\Program Files\Winamp
2008-02-07 02:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-07 01:26 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-02-07 01:26 --------- d-----w C:\PROGRA~2\Macrovision
2008-02-07 01:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-06 08:42 --------- d-----w C:\PROGRA~2\FLEXnet
2008-02-06 00:01 --------- d-----w C:\Program Files\Real Environment Pro
2008-02-05 02:37 --------- d-----w C:\Program Files\Google
2008-02-05 02:23 693,792 ----a-w C:\Windows\System32\OGACheckControl.DLL
2008-02-04 23:11 --------- d-----w C:\Program Files\DivX
2008-01-26 20:44 12,400 ----a-w C:\Windows\system32\drivers\secdrv.sys
2008-01-09 21:33 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-08 19:57 74,752 ----a-w C:\Windows\ST6UNST.EXE
2008-01-08 19:57 253,952 ------w C:\Windows\Setup1.exe
2007-12-21 21:54 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-21 21:53 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-21 21:53 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-04 20:40 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot_2008-03-12_14.42.59.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-28 07:17:12 118,112 ----a-w C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2008-03-13 09:13:48 120,408 ----a-w C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
- 2008-02-28 07:17:12 609,104 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2008-03-13 09:13:47 611,392 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
- 2008-03-12 21:34:19 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-14 19:09:36 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-13 08:16:51 473,600 ----a-w C:\Windows\Easy CD-DA Extractor 11.1\uninstall.exe
+ 2006-10-27 08:48:08 234,784 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\DRAT.EXE
+ 2006-10-26 22:04:58 75,576 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2006-10-27 08:48:40 1,555,232 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL
+ 2006-10-27 08:47:40 22,808 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\GROOVENEW.DLL
+ 2006-10-27 08:48:42 2,210,608 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\GROOVESHELLEXTENSIONS.DLL
+ 2006-10-27 08:48:02 222,512 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMSERVICES.DLL
+ 2006-10-27 08:48:34 955,680 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL
+ 2006-10-27 23:10:08 1,439,032 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 23:10:10 5,456,704 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 05:42:00 176,976 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2008-02-28 07:17:12 609,104 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL
+ 2008-02-28 07:17:12 118,112 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\IPOMINT.DLL
+ 2006-10-27 04:32:42 604,000 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 23:39:36 687,432 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 23:03:04 1,018,664 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-27 04:24:54 98,632 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-27 04:24:50 72,504 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-27 04:24:58 1,165,112 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 23:03:06 6,579,512 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-27 04:23:00 782,720 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-26 22:05:00 77,144 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2006-10-27 05:42:12 744,808 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-26 22:04:44 19,784 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-26 22:04:48 29,976 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 22:05:04 126,784 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-10-26 22:05:02 86,840 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 22:04:56 58,168 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 22:04:48 27,456 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 22:04:54 51,008 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 22:04:44 19,784 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 22:04:58 76,624 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-10-26 22:05:08 1,181,520 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-26 22:05:08 530,760 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2007-08-29 07:22:36 579,008 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACACEDAO.DLL
+ 2007-08-24 13:17:04 165,256 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACCWIZ.DLL
+ 2007-08-29 07:22:30 1,754,536 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACECORE.DLL
+ 2007-08-29 07:22:36 579,008 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACEDAO.DLL
+ 2007-08-29 07:22:38 50,616 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACEERR.DLL
+ 2007-08-29 07:22:40 193,992 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACEES.DLL
+ 2007-08-24 11:46:10 341,440 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACEEXCH.DLL
+ 2007-08-24 11:46:14 632,248 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACEEXCL.DLL
+ 2007-08-24 11:46:16 210,368 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACELTS.DLL
+ 2007-08-24 11:46:18 281,992 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACEODBC.DLL
+ 2007-08-24 11:46:20 17,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACEODDBS.DLL
+ 2007-08-24 11:46:22 17,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACEODEXL.DLL
+ 2007-08-24 11:46:22 17,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACEODPDX.DLL
+ 2007-08-24 11:46:22 17,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACEODTXT.DLL
+ 2007-08-29 07:22:44 390,600 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACEOLEDB.DLL
+ 2007-08-24 11:46:28 394,688 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACEPDE.DLL
+ 2007-08-24 11:46:30 263,616 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACER2X.DLL
+ 2007-08-24 11:46:32 292,288 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACER3X.DLL
+ 2007-08-24 11:46:34 58,760 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACERCLR.DLL
+ 2007-08-24 11:46:38 554,440 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACEREP.DLL
+ 2007-08-24 11:46:40 226,744 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACETXT.DLL
+ 2007-08-29 08:52:12 201,664 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACEWSS.DLL
+ 2007-08-24 11:46:44 374,200 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ACEXBE.DLL
+ 2007-08-29 08:53:12 402,784 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\CDLMSO.DLL
+ 2007-08-24 11:45:50 208,256 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\CLVIEW.EXE
+ 2007-08-24 13:38:36 67,952 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\COLLIMP.DLL
+ 2007-08-24 11:36:26 192,400 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\CONTACTPICKER.DLL
+ 2007-08-24 11:18:18 437,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\DWTRIG20.EXE
+ 2007-08-23 09:03:38 1,195,888 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\FM20.DLL
+ 2007-08-26 03:11:44 1,685,896 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\FPSRVUTL.DLL
+ 2007-08-29 07:45:00 985,496 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\FPWEC.DLL
+ 2007-10-03 03:45:34 2,530,864 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\GRAPH.EXE
+ 2007-08-24 11:36:58 175,968 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\IEAWSDC.DLL
+ 2007-10-06 04:31:06 5,287,984 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\IPEDITOR.DLL
+ 2007-08-29 08:45:54 831,856 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MEDCAT.DLL
+ 2007-08-29 07:38:10 500,648 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2007-08-29 07:13:52 10,367,352 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MSACCESS.EXE
+ 2007-08-24 13:17:48 69,520 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MSAEXP30.DLL
+ 2007-08-29 08:52:02 120,704 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MSCONV97.DLL
+ 2007-09-15 05:45:58 16,901,168 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-29 07:20:06 163,712 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MSOCF.DLL
+ 2007-08-29 07:20:12 17,304 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MSOCFU.DLL
+ 2007-09-07 01:55:08 431,456 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MSODCW.DLL
+ 2007-08-24 13:50:10 29,576 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MSOEURO.DLL
+ 2007-08-28 04:20:14 6,637,960 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MSORES.DLL
+ 2007-08-29 08:18:20 439,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MSORUN.DLL
+ 2007-08-29 07:38:46 9,584,512 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2007-08-24 11:40:16 674,664 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MSQRY32.EXE
+ 2007-08-23 09:12:20 507,768 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MSSOAP30.DLL
+ 2007-08-29 08:45:58 835,952 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MSTORDB.EXE
+ 2007-08-29 08:46:06 542,568 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\MSTORES.DLL
+ 2007-08-24 11:37:50 68,464 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\NAME.DLL
+ 2007-10-06 04:44:24 14,168,600 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\OART.DLL
+ 2007-10-03 03:51:22 8,436,776 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\OARTCONV.DLL
+ 2007-09-02 09:55:16 235,456 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\ODEPLOY.EXE
+ 2007-08-29 08:37:40 7,039,888 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\OFFOWC.DLL
+ 2007-08-29 08:19:24 1,654,648 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-24 12:06:28 277,384 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\OIS.EXE
+ 2007-08-24 12:06:32 1,000,848 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\OISAPP.DLL
+ 2007-08-24 12:06:38 288,152 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\OISGRAPH.DLL
+ 2007-09-02 09:55:54 6,540,656 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\OSETUP.DLL
+ 2007-06-08 03:51:00 465,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\OUTLFLTR.DLL
+ 2007-09-07 01:50:34 485,232 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\PORTCONN.DLL
+ 2007-08-29 07:06:16 467,840 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-29 07:06:44 7,990,144 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2007-08-29 08:38:22 2,016,656 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\PPTVIEW.EXE
+ 2007-08-24 11:43:28 138,648 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2007-08-29 07:39:14 625,560 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 11:43:36 593,296 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-24 13:50:10 41,832 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\REFEDIT.DLL
+ 2007-09-07 01:55:22 505,752 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\SELFCERT.EXE
+ 2007-09-02 09:55:34 442,240 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\SETUP.EXE
+ 2007-08-24 13:17:54 505,240 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\SOA.DLL
+ 2007-06-08 03:51:00 125,320 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\SSGEN.DLL
+ 2007-08-29 07:28:26 2,330,024 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\STSLIST.DLL
+ 2007-06-28 04:58:12 2,585,936 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\VBE6.DLL
+ 2007-08-24 15:10:14 1,846,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\VVIEWDWG.DLL
+ 2007-08-24 15:10:28 3,735,424 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\VVIEWER.DLL
+ 2007-08-29 07:16:00 350,064 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-07 02:03:02 4,280,176 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\WRD12CNV.DLL
+ 2007-08-29 08:07:58 24,928 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\WRD12EXE.EXE
+ 2007-09-07 01:56:32 17,490,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\
00002109030000000000000000F01FEC\12.0.6215\WWLIB.DLL
- 2008-03-12 10:03:59 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-03-13 09:16:05 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-03-12 10:03:59 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-03-13 09:16:05 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-03-12 10:03:59 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-03-13 09:16:05 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-03-12 10:03:59 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-03-13 09:16:05 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-03-12 10:03:59 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-13 09:16:05 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-03-12 10:03:59 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-03-13 09:16:05 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-03-12 10:03:59 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-03-13 09:16:05 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-03-12 10:03:59 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-03-13 09:16:05 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-03-12 10:03:59 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-03-13 09:16:05 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-03-12 10:03:59 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-03-13 09:16:05 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-03-12 10:03:59 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-03-13 09:16:05 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-03-12 10:03:59 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-03-13 09:16:05 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-03-12 10:04:12 1,165,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-03-13 09:16:25 1,165,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
- 2008-03-12 10:04:12 20,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-03-13 09:16:25 20,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-03-12 10:04:12 217,864 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-13 09:16:25 217,864 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
- 2008-03-12 10:04:12 18,704 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-03-13 09:16:25 18,704 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-03-12 10:04:13 35,088 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-03-13 09:16:25 35,088 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-03-12 10:04:12 845,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-03-13 09:16:25 845,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2008-03-12 10:04:12 922,384 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-03-13 09:16:25 922,384 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2008-03-12 10:04:12 272,648 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-03-13 09:16:25 272,648 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
- 2008-03-12 10:04:13 888,080 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-03-13 09:16:25 888,080 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-03-12 10:04:12 1,172,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-03-13 09:16:25 1,172,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-03-12 21:35:32 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-14 19:24:41 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-12 21:36:28 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-14 19:20:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-14 19:20:21 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-03-12 21:37:20 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-14 19:37:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-12 21:36:22 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-14 19:20:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-14 19:20:15 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-12 21:09:40 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-14 09:23:05 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-12 21:09:40 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-14 09:23:05 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-12 21:09:40 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-14 09:23:05 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-12 21:42:26 113,060 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-14 19:15:29 113,060 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-12 21:42:26 634,574 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-14 19:15:29 634,574 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-12 10:20:11 6,156,288 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-03-13 09:18:05 6,156,288 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2008-03-12 21:36:51 13,346 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3037727994-2318491079-2961448558-1000_UserData.bin
+ 2008-03-14 19:28:34 13,534 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3037727994-2318491079-2961448558-1000_UserData.bin
- 2008-03-12 21:36:51 77,868 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-14 19:28:33 77,924 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-12 21:36:49 53,310 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-14 19:28:32 53,310 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-13 09:14:45 13,448 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon]
@={A825576B-0042-4F0F-8FB0-93CE0F054E69}
[HKEY_CLASSES_ROOT\CLSID\{A825576B-0042-4F0F-8FB0-93CE0F054E69}]
2006-12-11 17:27 147456 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"NB Probe"="C:\Program Files\ASUS\NB Probe\NBProbe.exe" [2007-01-05 16:01 806912]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Pinyin IME Migration"="C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.exe" [2006-10-26 14:53 32560]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-14 10:07 4390912 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 10:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 06:24 857648]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 08:27 61440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-02 02:22 56080 C:\Windows\KHALMNPR.Exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 14:37 174872]
"DirectMessenger"="C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE" [2007-02-01 20:58 987648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
MultiFrame.lnk - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe [2007-07-30 23:28:30 991600]
SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe [2007-07-30 23:34:30 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=C:\Windows\pss\ExifLauncher2.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Colin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkMail]
--a------ 2007-03-20 18:12 741376 C:\Program Files\ChkMail\ChkMail\ChkMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-03-26 11:42 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-26 12:12 161328 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
--a------ 2007-01-15 15:17 778240 C:\Program Files\PowerForPhone\PowerForPhone.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EBC9C276-8866-4936-B37E-B5A03F010851}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2C3021C5-5994-44FA-A85A-F6F17DDCA18C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{4A110543-D3E6-479C-AD92-FCA87A495355}C:\windows\system32\dpnsvr.exe"= UDP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server|Desc=Microsoft DirectPlay8 Server
"UDP Query User{116C37C7-7E2A-48A6-A963-C63E69927D5B}C:\windows\system32\dpnsvr.exe"= TCP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server|Desc=Microsoft DirectPlay8 Server
"TCP Query User{ACA228CC-0F8C-4A0E-854E-E34180FD7F06}C:\program files\squawkbox3\squawkbox.exe"= UDP:C:\program files\squawkbox3\squawkbox.exe:squawkbox.exe|Desc=squawkbox.exe
"UDP Query User{FF194837-F8BC-40D6-AA93-2A07EEC191F9}C:\program files\squawkbox3\squawkbox.exe"= TCP:C:\program files\squawkbox3\squawkbox.exe:squawkbox.exe|Desc=squawkbox.exe
"TCP Query User{F1C151AB-830C-4AD3-88BC-E0EF1762B08D}C:\program files\microsoft games\flight simulator 9\fs9.exe"= UDP:C:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator|Desc=Microsoft Flight Simulator
"UDP Query User{BBA073CD-194F-4BCE-B8EE-84632EBBEE9C}C:\program files\microsoft games\flight simulator 9\fs9.exe"= TCP:C:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator|Desc=Microsoft Flight Simulator
"TCP Query User{717A03CC-CFA0-4D54-A0A9-F656182327B8}C:\users\colin\documents\mudmasterbuild27\mudmaster.exe"= UDP:C:\users\colin\documents\mudmasterbuild27\mudmaster.exe:mudmaster.exe|Desc=mudmaster.exe
"UDP Query User{48FB2C95-7553-49B1-A642-AE5B6C0C67BF}C:\users\colin\documents\mudmasterbuild27\mudmaster.exe"= TCP:C:\users\colin\documents\mudmasterbuild27\mudmaster.exe:mudmaster.exe|Desc=mudmaster.exe
"TCP Query User{83A01532-821C-48E5-B15C-8125873AD264}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{68F06ED9-46C2-4099-B6ED-57EC5CA370E3}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"TCP Query User{7EFF02C1-4B0A-428F-B91F-14EBB354A8AC}C:\program files\asrc\asrc.exe"= UDP:C:\program files\asrc\asrc.exe:ASRC executable|Desc=ASRC executable
"UDP Query User{6D0326CD-069F-4AE2-B5B7-2738672560CE}C:\program files\asrc\asrc.exe"= TCP:C:\program files\asrc\asrc.exe:ASRC executable|Desc=ASRC executable
"TCP Query User{ACEE2FA6-5E2B-4FD7-9532-4B7E642E114A}C:\program files\advanced voice client\avc.exe"= UDP:C:\program files\advanced voice client\avc.exe:VATSIM Advanced Voice Client|Desc=VATSIM Advanced Voice Client
"UDP Query User{329F1794-8150-44FF-A6AD-FAB2BAC84EAE}C:\program files\advanced voice client\avc.exe"= TCP:C:\program files\advanced voice client\avc.exe:VATSIM Advanced Voice Client|Desc=VATSIM Advanced Voice Client
"{B5BFBCB6-ED36-493E-8767-46A23669E20E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9E148F33-A4BC-4F0B-A4F6-4C48FF6F5EC1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{984A9587-FFB5-4B29-B869-ECB17FE05DDC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{87EDB76E-8C35-4629-BF06-8C21C39D2132}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{CB1E2BEA-57BA-4585-84F0-3CDC019D05DB}C:\program files\secondlife\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice|Desc=SLVoice
"UDP Query User{39B1761A-704A-4F15-8DD7-54581176BFA0}C:\program files\secondlife\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice|Desc=SLVoice
"TCP Query User{DF8A89E6-F153-4CE2-9C62-BD65B09594B0}C:\program files\wolfquest\wolfquest.exe"= UDP:C:\program files\wolfquest\wolfquest.exe:WolfQuest|Desc=WolfQuest
"UDP Query User{AC070987-270A-4E08-9EAF-387A83DB764F}C:\program files\wolfquest\wolfquest.exe"= TCP:C:\program files\wolfquest\wolfquest.exe:WolfQuest|Desc=WolfQuest
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 AsDsm;AsDsm;C:\Windows\system32\drivers\AsDsm.sys [2007-04-24 17:28]
R2 ADSMService;ADSM Service;C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-02-16 19:48]
R2 ASLDRService;ASLDR Service;C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 18:13]
R2 ASMMAP;ASMMAP;C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-02-05 04:53]
R2 ATKGFNEXSrv;ATKGFNEX Service;C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-03-09 19:57]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 06:14]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-03-29 20:30]
S2 ghaio;ghaio;C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2006-11-15 03:02]
S3 lvupdtio;lvupdtio;C:\Program Files\ASUS\ASUS Live Update\SYS64\lvupdtio.sys [2006-11-08 15:44]
S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 00:30]
S3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-01-15 07:28]
S3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys [2006-11-02 02:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-14 12:40:40
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Program Files\ASUS\Asus MultiFrame\HookTitle.dll
-> C:\Program Files\ASUS\ASUS Direct Console\MSNHOOK.DLL
.
Completion time: 2008-03-14 12:41:32
ComboFix-quarantined-files.txt 2008-03-14 19:41:30
ComboFix2.txt 2008-03-12 21:43:20
ComboFix3.txt 2008-03-12 08:49:27
.
2008-03-13 20:29:53 --- E O F ---
================================================================================
================================================================================
MALWAREBYTE ANTI-MALWARE LOG
================================================================================
================================================================================
Malwarebytes' Anti-Malware 1.08
Database version: 492
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 170161
Time elapsed: 32 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
================================================================================
================================================================================
KAPERSKY LOG
================================================================================
================================================================================
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 15, 2008 1:52:07 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/03/2008
Kaspersky Anti-Virus database records: 630343
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 135780
Number of viruses found: 2
Number of infected objects: 35
Number of suspicious objects: 0
Duration of the scan process: 01:57:22
Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bcdaa4eac609de99860fbeab35e1f939_71c5444f-625f-4ee6-9698-a43384488d9a Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ecbe2d46589059ed700c32fb8206c932_71c5444f-625f-4ee6-9698-a43384488d9a Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.88.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.88.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy124.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2F2A.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2F2B.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\fayanlmu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\hroyjqol.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\ixjrjkdy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\jdxohihg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\jlnqbhpk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jxa skipped
C:\QooBox\Quarantine\C\Windows\System32\khhii.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\oiuhksgv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\speglxly.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\syseysba.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\tnvestob.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\ufqwchfc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\vecranfv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\vtuuuus.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\wvursrr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\xciokwqj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-12_ 14614.98.zip/efcdd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-12_ 14614.98.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Colin\.housecall6.6\Quarantine\cvglmuaj.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\efcdd.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\joppdjvn.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\nnkgivlg.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\rloiqyva.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\tsykfjjl.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\udhgrgwc.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\umyirvkd.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\uqusjqpn.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\vkngvokq.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\UsrClass.dat{485d24e1-a0e3-11dc-9e24-001bfca81f9a}.TM.blf Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\UsrClass.dat{485d24e1-a0e3-11dc-9e24-001bfca81f9a}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\UsrClass.dat{485d24e1-a0e3-11dc-9e24-001bfca81f9a}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0812e293\Report.cab/ahpfaoep.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0812e293\Report.cab CAB: infected - 1 skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report082e1391\Report.cab/efcdd.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report082e1391\Report.cab CAB: infected - 1 skipped
C:\Users\Colin\AppData\Local\Temp\~DF4C7D.tmp Object is locked skipped
C:\Users\Colin\AppData\Local\Temp\~DF4C87.tmp Object is locked skipped
C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Colin\Desktop\backups\backup-20080309-040214-326.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\Desktop\backups\backup-20080311-142605-427.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\Desktop\backups\backup-20080311-150316-591.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\Desktop\backups\backup-20080311-150400-636.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\ntuser.dat Object is locked skipped
C:\Users\Colin\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Colin\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Colin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Colin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Colin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{e8d09c81-e717-11dc-825f-91b0dba7077d}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{e8d09c81-e717-11dc-825f-91b0dba7077d}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{e8d09c81-e717-11dc-825f-91b0dba7077d}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{e8d09c81-e717-11dc-825f-91b0dba7077d}.TxR.blf Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
Scan process completed.
========================
========================
HJT LOG
========================
========================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:08 AM, on 15/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Colin\Desktop\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: MultiFrame.lnk = ?
O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w2/resourc ... den-ca.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
--
End of file - 7083 bytes