Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HJT Log from Canada::

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HJT Log from Canada::

Unread postby Gary R » March 12th, 2008, 5:51 pm

You would be well advised to moderate your tone when speaking to Chryssi (or any other helper) in this forum, you did not seem to be following her instructions after she repeated them several times, nor did you offer any explanation when she asked you why not. She was quite right to point this out to you.

If you want to explain things to her, do so in a calm and rational way.

Any repeat of this kind of outburst from you and your thread will be closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Re: HJT Log from Canada::

Unread postby railker » March 12th, 2008, 6:11 pm

I must apologize for that. :oops: I read over the forum, I guess the thought went only halfway to my fingers to make mention of those things. I know I certainly intended to, but then got busy with logs with most of these posts being right before work or at 3:00AM after it, I was either rushed to leave or rather braindead. :?
railker
Regular Member
 
Posts: 17
Joined: March 6th, 2008, 6:38 pm

Re: HJT Log from Canada::

Unread postby Gary R » March 12th, 2008, 6:48 pm

Just remember, all our helpers are volunteers, they do not get paid for doing this, they help people out because that's the kind of people they are.

Also remember that the only way they have of knowing what your problems are is if you tell them. They are not mind readers, nor do most of them have access to a crystal ball, so the only information they have to go by are the logs they request and any additional information you may supply.

If you have difficulties following any of their instructions let them know, and in most cases they will attempt to find ways to resolve them.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: HJT Log from Canada::

Unread postby chryssi2001 » March 13th, 2008, 1:56 pm

Hello railker,

I will just comment that you could tell me for Symantec, as you are saying to me now about VundoFixSvc because i can't know unless you tell me these stuff.
I am glad your pc works better now. :)
------------------------------------------------------
Can you please uninstall Ad-Aware 2007? Since it's not disabled it can interfere with my fix. You can install it again after we finish.
Disable Ad-Watch first, see my previous instruction and then uninstall the program.
------------------------------------------------------
Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following Folder:

C:\VundoFix Backups

Please delete the whole folder.
------------------------------------------------------
Now let's try and see if this will work on that VundoFixSvc.

DELETE SERVICES IN VISTA
  • Open a new notepad window (Start>All Programs>Accessories>Notepad)
  • Copy & paste the contents of the following codebox into the notepad window
Code: Select all
sc stop VundoFixSvc
sc delete VundoFixSvc

  • Click File > Save as
  • In the box labelled File name copy and paste FixServices.bat
  • Change Save as type to All Files
  • Save it to your desktop
  • Close the notepad window
  • Right click on FixServices.bat and click Run as administrator
  • If windows tells you that it needs your permission to continue, click Continue
  • A DOS window will come up briefly and then disappear, this is normal
------------------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

O23 - Service: VundoFix Service (VundoFixSvc) - Unknown owner - VundoFixSVC.exe (file missing)


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
------------------------------------------------------
There are some stubborn registry entries which are still there and need to go.
Some Firewall ports are still open.
I need some advice before i post the new fix to remove them.

So please do this for now, and post back a new HijackThis log, to see if it worked.
I'll be back with a fix asap.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: HJT Log from Canada::

Unread postby chryssi2001 » March 13th, 2008, 3:21 pm

Hi railker, i am back.

Open a new notepad window (Start>All Programs>Accessories>Notepad)
Copy & paste the contents of the following codebox into the notepad window.

Code: Select all
@echo off
swreg query "hklm\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy" /s > Log.txt
Start Notepad Log.txt
Nircmd wait 1000
del Log.txt
del %0


Save this as check.bat Choose to "Save type as - All Files"
It should look like this: Image
Right click on check.bat & select "Run As Administrator"
It should create a log for us.

Go >here<
Just add the link to this topic, browse and find the above file check.bat and submit it.

Let me know if you submitted the file when you will post the new HijackThis log as per my previous post.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: HJT Log from Canada::

Unread postby railker » March 13th, 2008, 4:15 pm

I uninstalled AdAware not long after these problems started, realizing it wasn't helping all that much. So if there's anything left, I am not sure where to find it and delete it. AdAware is already gone from the Add/Remove Programs window, and I can't find it in Program Files. That's the only two places I know of :?

I'll see if we can get rid of that first, and then I'll go on to fixing the last few bits and pieces.
railker
Regular Member
 
Posts: 17
Joined: March 6th, 2008, 6:38 pm

Re: HJT Log from Canada::

Unread postby chryssi2001 » March 14th, 2008, 3:23 am

Hello railker,

Ad-Aware 2007 is in Lavasoft Folder. Check it out, using Windows Explore.
C:\Program Files\Lavasoft\Ad-Aware 2007
------------------------------------
Can you please do this as we need it to move on?
We need some information for that certain Registry key and the file which will created and uploaded will give us the information we need to proceed.

viewtopic.php?p=274887#p274887
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: HJT Log from Canada::

Unread postby railker » March 14th, 2008, 4:19 am

Performed a computer search for all files and folders containing 'Lavasoft' and 'Ad-Aware'/'AdAware' and got rid of them.

File uploaded to the link you provided, and here's the HJT log ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:53 AM, on 14/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Users\Colin\Desktop\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: MultiFrame.lnk = ?
O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resourc ... den-ca.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 6962 bytes
railker
Regular Member
 
Posts: 17
Joined: March 6th, 2008, 6:38 pm

Re: HJT Log from Canada::

Unread postby chryssi2001 » March 14th, 2008, 4:28 am

Thanks, we'll have a look at the file you uploaded and i will be back.

Oh yes :cheers: we managed to remove that line:
O23 - Service: VundoFix Service (VundoFixSvc) - Unknown owner - VundoFixSVC.exe (file missing)

Nice job railker :)
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: HJT Log from Canada::

Unread postby railker » March 14th, 2008, 4:35 am

Stubborn-ass viruses, eh? :twisted: We'll get them all. Muahahaha!
railker
Regular Member
 
Posts: 17
Joined: March 6th, 2008, 6:38 pm

Re: HJT Log from Canada::

Unread postby chryssi2001 » March 14th, 2008, 3:25 pm

Hello railker,

A reminder!
Do not forget to right-click and run all tools as administrator.
-------------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
-------------------------------------------------
COMBOFIX-Script
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{B24F5BA9-400C-4C06-BAD4-DF182D4E0DB0}C:\\program files\\bitlord\\bitlord.exe"=-
    "UDP Query User{0D9D90DA-08DC-4CB2-AD37-DA33287B681C}C:\\program files\\bitlord\\bitlord.exe"=-
    "TCP Query User{F7C9E664-30DA-4C1F-AD7A-0E53C4A09894}C:\\program files\\bitcomet\\bitcomet.exe"=-
    "UDP Query User{550871E9-F60E-48F6-AB69-91236EA7F4CE}C:\\program files\\bitcomet\\bitcomet.exe"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=-
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
-------------------------------------------------
Please download ATF cleaner
Make sure that all browser windows are closed.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
-------------------------------------------------
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.
-------------------------------------------------
Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
-------------------------------------------------
Run HijackThis again.
-------------------------------------------------
Post back:
Combofix report.
Malwarebytes' Anti-Malware report.
Kaspersky report.
A new HijackThis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: HJT Log from Canada::

Unread postby railker » March 15th, 2008, 4:53 am

================================================================================
================================================================================
COMBOFIX LOG
================================================================================
================================================================================

ComboFix 08-03-10.1 - Colin 2008-03-14 12:37:48.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1067 [GMT -7:00]
Running from: C:\Users\Colin\Desktop\ComboFix.exe
Command switches used :: C:\Users\Colin\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.

2008-03-13 01:54 . 2008-03-13 02:18 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-03-13 01:16 . 2008-03-13 01:16 <DIR> d-------- C:\Windows\Easy CD-DA Extractor 11.1
2008-03-13 01:15 . 2002-01-05 05:37 344,064 --a------ C:\Windows\System32\msvcr70.dll
2008-03-13 00:26 . 2008-03-13 00:26 34 --a------ C:\Windows\cdplayer.ini
2008-03-12 01:12 . 2007-12-16 15:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 01:12 . 2007-12-16 02:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-11 13:47 . 2008-03-12 02:49 54,156 --ah----- C:\Windows\QTFont.qfn
2008-03-11 13:47 . 2008-03-11 13:48 1,409 --a------ C:\Windows\QTFont.for
2008-03-11 13:46 . 2008-03-11 13:47 <DIR> d-------- C:\Program Files\QuickTime
2008-03-11 13:46 . 2008-03-11 13:46 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-11 13:46 . 2008-03-11 13:46 <DIR> d-------- C:\PROGRA~2\Apple Computer
2008-03-11 13:46 . 2008-03-11 13:46 <DIR> d-------- C:\PROGRA~2\Apple
2008-03-09 15:54 . 2008-03-09 15:54 <DIR> d-------- C:\Program Files\Sun
2008-03-09 15:48 . 2008-03-09 15:53 <DIR> d-------- C:\Program Files\Java
2008-03-09 15:48 . 2008-03-09 15:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-09 04:06 . 2008-03-09 04:06 <DIR> d-------- C:\_OTMoveIt
2008-03-09 03:34 . 2008-03-09 03:34 198,656 --a------ C:\Windows\System32\comdlg32.ocx
2008-03-06 13:58 . 2008-03-09 15:16 <DIR> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-03-06 12:22 . 2008-03-06 12:21 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-03-06 12:21 . 2008-03-06 13:29 <DIR> d-------- C:\Users\Colin\.housecall6.6
2008-03-04 01:02 . 2008-03-04 01:02 1,158 --a------ C:\Windows\mozver.dat
2008-03-03 22:42 . 2008-03-09 15:24 <DIR> d-------- C:\PROGRA~2\SiteAdvisor
2008-03-03 22:21 . 2008-03-09 15:27 <DIR> d-------- C:\PROGRA~2\McAfee
2008-03-03 21:32 . 2008-03-03 21:32 0 --a------ C:\Windows\nsreg.dat
2008-03-03 03:50 . 2008-03-03 03:51 <DIR> d-------- C:\Users\Colin\AppData\Roaming\SecondLife
2008-02-29 14:57 . 2008-02-29 15:07 <DIR> d-------- C:\Users\Colin\AppData\Roaming\Ahead
2008-02-29 03:17 . 2008-03-03 20:59 <DIR> d--hs---- C:\Users\Colin\'
2008-02-29 03:12 . 2008-03-13 01:54 <DIR> d-a------ C:\PROGRA~2\TEMP
2008-02-29 02:56 . 2008-03-03 22:37 <DIR> d-------- C:\PROGRA~2\Lavasoft
2008-02-28 12:36 . 2008-02-28 12:44 <DIR> d-------- C:\Program Files\MpcStar
2008-02-28 00:25 . 2008-02-28 00:25 <DIR> d-------- C:\PROGRA~2\Office Genuine Advantage
2008-02-28 00:18 . 2006-10-26 20:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-02-28 00:12 . 2008-02-28 00:12 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-27 16:33 . 2008-02-27 17:03 1,942 --a------ C:\Windows\asrc.ini
2008-02-27 14:29 . 2008-02-27 14:29 100,464 --a------ C:\Windows\System32\ICKHTTPS2.OCX
2008-02-26 23:52 . 2008-02-26 23:52 327,662,570 --a------ C:\Windows\MEMORY.DMP
2008-02-19 12:56 . 2008-02-19 12:56 <DIR> d-------- C:\Graphics
2008-02-19 12:56 . 2005-11-13 02:28 238,080 --------- C:\Windows\System32\mwgfx24.dll
2008-02-19 12:56 . 2008-01-06 15:05 190,464 --------- C:\Windows\System32\mwgfx.dll
2008-02-19 12:56 . 2008-01-09 13:43 104,960 --------- C:\Windows\System32\mwdds.dll
2008-02-19 12:56 . 2004-05-14 12:13 56,832 --------- C:\Windows\System32\mwace.dll
2008-02-19 12:56 . 2007-08-19 10:37 28,672 --------- C:\Windows\System32\mwgfxcopy.exe
2008-02-16 15:36 . 2008-02-16 15:36 <DIR> d-------- C:\Users\Colin\AppData\Roaming\Intel
2008-02-15 16:43 . 2008-01-09 22:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 09:16 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-03-12 10:16 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 08:46 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-03-04 06:07 13,025 ----a-w C:\Users\Colin\AppData\Roaming\nvModes.dat
2008-03-04 05:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-04 01:15 1,328 ----a-w C:\FSUIPC_reg.bin
2008-03-01 05:44 --------- d-----w C:\Users\Colin\AppData\Roaming\FrostWire
2008-02-29 22:51 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-28 07:17 --------- d-----w C:\Program Files\MSBuild
2008-02-14 00:32 --------- d-----w C:\PROGRA~2\Messenger Plus!
2008-02-13 08:03 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 08:03 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 08:01 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 08:01 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 08:01 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 08:01 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 08:01 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-13 08:01 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 08:01 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 08:00 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 08:00 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 08:00 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 08:00 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 08:00 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 08:00 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 08:00 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 08:00 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 08:00 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 08:00 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 08:00 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 07:57 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 07:57 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 07:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 07:57 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 07:55 --------- d-----w C:\Users\Colin\AppData\Roaming\Winamp
2008-02-13 06:22 --------- d-----w C:\Program Files\Common Files\NSV
2008-02-13 06:18 --------- d-----w C:\Program Files\Winamp
2008-02-07 02:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-07 01:26 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-02-07 01:26 --------- d-----w C:\PROGRA~2\Macrovision
2008-02-07 01:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-06 08:42 --------- d-----w C:\PROGRA~2\FLEXnet
2008-02-06 00:01 --------- d-----w C:\Program Files\Real Environment Pro
2008-02-05 02:37 --------- d-----w C:\Program Files\Google
2008-02-05 02:23 693,792 ----a-w C:\Windows\System32\OGACheckControl.DLL
2008-02-04 23:11 --------- d-----w C:\Program Files\DivX
2008-01-26 20:44 12,400 ----a-w C:\Windows\system32\drivers\secdrv.sys
2008-01-09 21:33 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-08 19:57 74,752 ----a-w C:\Windows\ST6UNST.EXE
2008-01-08 19:57 253,952 ------w C:\Windows\Setup1.exe
2007-12-21 21:54 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-21 21:53 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-21 21:53 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-04 20:40 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-03-12_14.42.59.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-28 07:17:12 118,112 ----a-w C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2008-03-13 09:13:48 120,408 ----a-w C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
- 2008-02-28 07:17:12 609,104 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2008-03-13 09:13:47 611,392 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
- 2008-03-12 21:34:19 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-14 19:09:36 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-13 08:16:51 473,600 ----a-w C:\Windows\Easy CD-DA Extractor 11.1\uninstall.exe
+ 2006-10-27 08:48:08 234,784 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DRAT.EXE
+ 2006-10-26 22:04:58 75,576 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2006-10-27 08:48:40 1,555,232 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL
+ 2006-10-27 08:47:40 22,808 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVENEW.DLL
+ 2006-10-27 08:48:42 2,210,608 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESHELLEXTENSIONS.DLL
+ 2006-10-27 08:48:02 222,512 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMSERVICES.DLL
+ 2006-10-27 08:48:34 955,680 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL
+ 2006-10-27 23:10:08 1,439,032 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 23:10:10 5,456,704 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 05:42:00 176,976 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2008-02-28 07:17:12 609,104 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL
+ 2008-02-28 07:17:12 118,112 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMINT.DLL
+ 2006-10-27 04:32:42 604,000 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 23:39:36 687,432 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 23:03:04 1,018,664 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-27 04:24:54 98,632 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-27 04:24:50 72,504 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-27 04:24:58 1,165,112 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 23:03:06 6,579,512 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-27 04:23:00 782,720 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-26 22:05:00 77,144 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2006-10-27 05:42:12 744,808 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-26 22:04:44 19,784 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-26 22:04:48 29,976 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 22:05:04 126,784 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-10-26 22:05:02 86,840 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 22:04:56 58,168 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 22:04:48 27,456 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 22:04:54 51,008 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 22:04:44 19,784 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 22:04:58 76,624 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-10-26 22:05:08 1,181,520 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-26 22:05:08 530,760 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2007-08-29 07:22:36 579,008 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACACEDAO.DLL
+ 2007-08-24 13:17:04 165,256 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACCWIZ.DLL
+ 2007-08-29 07:22:30 1,754,536 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACECORE.DLL
+ 2007-08-29 07:22:36 579,008 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEDAO.DLL
+ 2007-08-29 07:22:38 50,616 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEERR.DLL
+ 2007-08-29 07:22:40 193,992 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEES.DLL
+ 2007-08-24 11:46:10 341,440 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEEXCH.DLL
+ 2007-08-24 11:46:14 632,248 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEEXCL.DLL
+ 2007-08-24 11:46:16 210,368 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACELTS.DLL
+ 2007-08-24 11:46:18 281,992 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODBC.DLL
+ 2007-08-24 11:46:20 17,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODDBS.DLL
+ 2007-08-24 11:46:22 17,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODEXL.DLL
+ 2007-08-24 11:46:22 17,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODPDX.DLL
+ 2007-08-24 11:46:22 17,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODTXT.DLL
+ 2007-08-29 07:22:44 390,600 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEOLEDB.DLL
+ 2007-08-24 11:46:28 394,688 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEPDE.DLL
+ 2007-08-24 11:46:30 263,616 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACER2X.DLL
+ 2007-08-24 11:46:32 292,288 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACER3X.DLL
+ 2007-08-24 11:46:34 58,760 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACERCLR.DLL
+ 2007-08-24 11:46:38 554,440 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEREP.DLL
+ 2007-08-24 11:46:40 226,744 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACETXT.DLL
+ 2007-08-29 08:52:12 201,664 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEWSS.DLL
+ 2007-08-24 11:46:44 374,200 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEXBE.DLL
+ 2007-08-29 08:53:12 402,784 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\CDLMSO.DLL
+ 2007-08-24 11:45:50 208,256 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\CLVIEW.EXE
+ 2007-08-24 13:38:36 67,952 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\COLLIMP.DLL
+ 2007-08-24 11:36:26 192,400 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\CONTACTPICKER.DLL
+ 2007-08-24 11:18:18 437,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\DWTRIG20.EXE
+ 2007-08-23 09:03:38 1,195,888 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FM20.DLL
+ 2007-08-26 03:11:44 1,685,896 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FPSRVUTL.DLL
+ 2007-08-29 07:45:00 985,496 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FPWEC.DLL
+ 2007-10-03 03:45:34 2,530,864 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GRAPH.EXE
+ 2007-08-24 11:36:58 175,968 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\IEAWSDC.DLL
+ 2007-10-06 04:31:06 5,287,984 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\IPEDITOR.DLL
+ 2007-08-29 08:45:54 831,856 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MEDCAT.DLL
+ 2007-08-29 07:38:10 500,648 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2007-08-29 07:13:52 10,367,352 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSACCESS.EXE
+ 2007-08-24 13:17:48 69,520 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSAEXP30.DLL
+ 2007-08-29 08:52:02 120,704 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSCONV97.DLL
+ 2007-09-15 05:45:58 16,901,168 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-29 07:20:06 163,712 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSOCF.DLL
+ 2007-08-29 07:20:12 17,304 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSOCFU.DLL
+ 2007-09-07 01:55:08 431,456 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSODCW.DLL
+ 2007-08-24 13:50:10 29,576 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSOEURO.DLL
+ 2007-08-28 04:20:14 6,637,960 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSORES.DLL
+ 2007-08-29 08:18:20 439,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSORUN.DLL
+ 2007-08-29 07:38:46 9,584,512 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2007-08-24 11:40:16 674,664 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSQRY32.EXE
+ 2007-08-23 09:12:20 507,768 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSSOAP30.DLL
+ 2007-08-29 08:45:58 835,952 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSTORDB.EXE
+ 2007-08-29 08:46:06 542,568 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSTORES.DLL
+ 2007-08-24 11:37:50 68,464 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\NAME.DLL
+ 2007-10-06 04:44:24 14,168,600 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OART.DLL
+ 2007-10-03 03:51:22 8,436,776 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OARTCONV.DLL
+ 2007-09-02 09:55:16 235,456 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ODEPLOY.EXE
+ 2007-08-29 08:37:40 7,039,888 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OFFOWC.DLL
+ 2007-08-29 08:19:24 1,654,648 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-24 12:06:28 277,384 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OIS.EXE
+ 2007-08-24 12:06:32 1,000,848 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OISAPP.DLL
+ 2007-08-24 12:06:38 288,152 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OISGRAPH.DLL
+ 2007-09-02 09:55:54 6,540,656 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OSETUP.DLL
+ 2007-06-08 03:51:00 465,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OUTLFLTR.DLL
+ 2007-09-07 01:50:34 485,232 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PORTCONN.DLL
+ 2007-08-29 07:06:16 467,840 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-29 07:06:44 7,990,144 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2007-08-29 08:38:22 2,016,656 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPTVIEW.EXE
+ 2007-08-24 11:43:28 138,648 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2007-08-29 07:39:14 625,560 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 11:43:36 593,296 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-24 13:50:10 41,832 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\REFEDIT.DLL
+ 2007-09-07 01:55:22 505,752 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SELFCERT.EXE
+ 2007-09-02 09:55:34 442,240 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SETUP.EXE
+ 2007-08-24 13:17:54 505,240 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SOA.DLL
+ 2007-06-08 03:51:00 125,320 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SSGEN.DLL
+ 2007-08-29 07:28:26 2,330,024 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\STSLIST.DLL
+ 2007-06-28 04:58:12 2,585,936 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VBE6.DLL
+ 2007-08-24 15:10:14 1,846,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWDWG.DLL
+ 2007-08-24 15:10:28 3,735,424 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWER.DLL
+ 2007-08-29 07:16:00 350,064 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-07 02:03:02 4,280,176 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WRD12CNV.DLL
+ 2007-08-29 08:07:58 24,928 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WRD12EXE.EXE
+ 2007-09-07 01:56:32 17,490,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WWLIB.DLL
- 2008-03-12 10:03:59 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-03-13 09:16:05 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-03-12 10:03:59 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-03-13 09:16:05 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-03-12 10:03:59 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-03-13 09:16:05 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-03-12 10:03:59 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-03-13 09:16:05 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-03-12 10:03:59 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-13 09:16:05 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-03-12 10:03:59 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-03-13 09:16:05 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-03-12 10:03:59 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-03-13 09:16:05 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-03-12 10:03:59 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-03-13 09:16:05 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-03-12 10:03:59 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-03-13 09:16:05 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-03-12 10:03:59 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-03-13 09:16:05 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-03-12 10:03:59 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-03-13 09:16:05 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-03-12 10:03:59 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-03-13 09:16:05 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-03-12 10:04:12 1,165,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-03-13 09:16:25 1,165,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
- 2008-03-12 10:04:12 20,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-03-13 09:16:25 20,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-03-12 10:04:12 217,864 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-13 09:16:25 217,864 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
- 2008-03-12 10:04:12 18,704 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-03-13 09:16:25 18,704 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-03-12 10:04:13 35,088 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-03-13 09:16:25 35,088 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-03-12 10:04:12 845,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-03-13 09:16:25 845,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2008-03-12 10:04:12 922,384 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-03-13 09:16:25 922,384 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2008-03-12 10:04:12 272,648 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-03-13 09:16:25 272,648 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
- 2008-03-12 10:04:13 888,080 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-03-13 09:16:25 888,080 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-03-12 10:04:12 1,172,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-03-13 09:16:25 1,172,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-03-12 21:35:32 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-14 19:24:41 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-12 21:36:28 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-14 19:20:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-14 19:20:21 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-03-12 21:37:20 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-14 19:37:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-12 21:36:22 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-14 19:20:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-14 19:20:15 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-12 21:09:40 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-14 09:23:05 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-12 21:09:40 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-14 09:23:05 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-12 21:09:40 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-14 09:23:05 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-12 21:42:26 113,060 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-14 19:15:29 113,060 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-12 21:42:26 634,574 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-14 19:15:29 634,574 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-12 10:20:11 6,156,288 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-03-13 09:18:05 6,156,288 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2008-03-12 21:36:51 13,346 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3037727994-2318491079-2961448558-1000_UserData.bin
+ 2008-03-14 19:28:34 13,534 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3037727994-2318491079-2961448558-1000_UserData.bin
- 2008-03-12 21:36:51 77,868 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-14 19:28:33 77,924 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-12 21:36:49 53,310 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-14 19:28:32 53,310 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-13 09:14:45 13,448 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon]
@={A825576B-0042-4F0F-8FB0-93CE0F054E69}

[HKEY_CLASSES_ROOT\CLSID\{A825576B-0042-4F0F-8FB0-93CE0F054E69}]
2006-12-11 17:27 147456 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"NB Probe"="C:\Program Files\ASUS\NB Probe\NBProbe.exe" [2007-01-05 16:01 806912]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Pinyin IME Migration"="C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.exe" [2006-10-26 14:53 32560]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-14 10:07 4390912 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 10:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 06:24 857648]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 08:27 61440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-02 02:22 56080 C:\Windows\KHALMNPR.Exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 14:37 174872]
"DirectMessenger"="C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE" [2007-02-01 20:58 987648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
MultiFrame.lnk - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe [2007-07-30 23:28:30 991600]
SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe [2007-07-30 23:34:30 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=C:\Windows\pss\ExifLauncher2.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Colin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkMail]
--a------ 2007-03-20 18:12 741376 C:\Program Files\ChkMail\ChkMail\ChkMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-03-26 11:42 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-26 12:12 161328 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
--a------ 2007-01-15 15:17 778240 C:\Program Files\PowerForPhone\PowerForPhone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EBC9C276-8866-4936-B37E-B5A03F010851}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2C3021C5-5994-44FA-A85A-F6F17DDCA18C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{4A110543-D3E6-479C-AD92-FCA87A495355}C:\windows\system32\dpnsvr.exe"= UDP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server|Desc=Microsoft DirectPlay8 Server
"UDP Query User{116C37C7-7E2A-48A6-A963-C63E69927D5B}C:\windows\system32\dpnsvr.exe"= TCP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server|Desc=Microsoft DirectPlay8 Server
"TCP Query User{ACA228CC-0F8C-4A0E-854E-E34180FD7F06}C:\program files\squawkbox3\squawkbox.exe"= UDP:C:\program files\squawkbox3\squawkbox.exe:squawkbox.exe|Desc=squawkbox.exe
"UDP Query User{FF194837-F8BC-40D6-AA93-2A07EEC191F9}C:\program files\squawkbox3\squawkbox.exe"= TCP:C:\program files\squawkbox3\squawkbox.exe:squawkbox.exe|Desc=squawkbox.exe
"TCP Query User{F1C151AB-830C-4AD3-88BC-E0EF1762B08D}C:\program files\microsoft games\flight simulator 9\fs9.exe"= UDP:C:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator|Desc=Microsoft Flight Simulator
"UDP Query User{BBA073CD-194F-4BCE-B8EE-84632EBBEE9C}C:\program files\microsoft games\flight simulator 9\fs9.exe"= TCP:C:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator|Desc=Microsoft Flight Simulator
"TCP Query User{717A03CC-CFA0-4D54-A0A9-F656182327B8}C:\users\colin\documents\mudmasterbuild27\mudmaster.exe"= UDP:C:\users\colin\documents\mudmasterbuild27\mudmaster.exe:mudmaster.exe|Desc=mudmaster.exe
"UDP Query User{48FB2C95-7553-49B1-A642-AE5B6C0C67BF}C:\users\colin\documents\mudmasterbuild27\mudmaster.exe"= TCP:C:\users\colin\documents\mudmasterbuild27\mudmaster.exe:mudmaster.exe|Desc=mudmaster.exe
"TCP Query User{83A01532-821C-48E5-B15C-8125873AD264}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{68F06ED9-46C2-4099-B6ED-57EC5CA370E3}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"TCP Query User{7EFF02C1-4B0A-428F-B91F-14EBB354A8AC}C:\program files\asrc\asrc.exe"= UDP:C:\program files\asrc\asrc.exe:ASRC executable|Desc=ASRC executable
"UDP Query User{6D0326CD-069F-4AE2-B5B7-2738672560CE}C:\program files\asrc\asrc.exe"= TCP:C:\program files\asrc\asrc.exe:ASRC executable|Desc=ASRC executable
"TCP Query User{ACEE2FA6-5E2B-4FD7-9532-4B7E642E114A}C:\program files\advanced voice client\avc.exe"= UDP:C:\program files\advanced voice client\avc.exe:VATSIM Advanced Voice Client|Desc=VATSIM Advanced Voice Client
"UDP Query User{329F1794-8150-44FF-A6AD-FAB2BAC84EAE}C:\program files\advanced voice client\avc.exe"= TCP:C:\program files\advanced voice client\avc.exe:VATSIM Advanced Voice Client|Desc=VATSIM Advanced Voice Client
"{B5BFBCB6-ED36-493E-8767-46A23669E20E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9E148F33-A4BC-4F0B-A4F6-4C48FF6F5EC1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{984A9587-FFB5-4B29-B869-ECB17FE05DDC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{87EDB76E-8C35-4629-BF06-8C21C39D2132}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{CB1E2BEA-57BA-4585-84F0-3CDC019D05DB}C:\program files\secondlife\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice|Desc=SLVoice
"UDP Query User{39B1761A-704A-4F15-8DD7-54581176BFA0}C:\program files\secondlife\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice|Desc=SLVoice
"TCP Query User{DF8A89E6-F153-4CE2-9C62-BD65B09594B0}C:\program files\wolfquest\wolfquest.exe"= UDP:C:\program files\wolfquest\wolfquest.exe:WolfQuest|Desc=WolfQuest
"UDP Query User{AC070987-270A-4E08-9EAF-387A83DB764F}C:\program files\wolfquest\wolfquest.exe"= TCP:C:\program files\wolfquest\wolfquest.exe:WolfQuest|Desc=WolfQuest

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AsDsm;AsDsm;C:\Windows\system32\drivers\AsDsm.sys [2007-04-24 17:28]
R2 ADSMService;ADSM Service;C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-02-16 19:48]
R2 ASLDRService;ASLDR Service;C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 18:13]
R2 ASMMAP;ASMMAP;C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-02-05 04:53]
R2 ATKGFNEXSrv;ATKGFNEX Service;C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-03-09 19:57]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 06:14]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-03-29 20:30]
S2 ghaio;ghaio;C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2006-11-15 03:02]
S3 lvupdtio;lvupdtio;C:\Program Files\ASUS\ASUS Live Update\SYS64\lvupdtio.sys [2006-11-08 15:44]
S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 00:30]
S3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-01-15 07:28]
S3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys [2006-11-02 02:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 12:40:40
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Program Files\ASUS\Asus MultiFrame\HookTitle.dll
-> C:\Program Files\ASUS\ASUS Direct Console\MSNHOOK.DLL
.
Completion time: 2008-03-14 12:41:32
ComboFix-quarantined-files.txt 2008-03-14 19:41:30
ComboFix2.txt 2008-03-12 21:43:20
ComboFix3.txt 2008-03-12 08:49:27
.
2008-03-13 20:29:53 --- E O F ---


================================================================================
================================================================================
MALWAREBYTE ANTI-MALWARE LOG
================================================================================
================================================================================


Malwarebytes' Anti-Malware 1.08
Database version: 492

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 170161
Time elapsed: 32 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

================================================================================
================================================================================
KAPERSKY LOG
================================================================================
================================================================================

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 15, 2008 1:52:07 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/03/2008
Kaspersky Anti-Virus database records: 630343
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 135780
Number of viruses found: 2
Number of infected objects: 35
Number of suspicious objects: 0
Duration of the scan process: 01:57:22

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bcdaa4eac609de99860fbeab35e1f939_71c5444f-625f-4ee6-9698-a43384488d9a Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ecbe2d46589059ed700c32fb8206c932_71c5444f-625f-4ee6-9698-a43384488d9a Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.88.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.88.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy124.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2F2A.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2F2B.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\fayanlmu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\hroyjqol.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\ixjrjkdy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\jdxohihg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\jlnqbhpk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jxa skipped
C:\QooBox\Quarantine\C\Windows\System32\khhii.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\oiuhksgv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\speglxly.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\syseysba.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\tnvestob.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\ufqwchfc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\vecranfv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\vtuuuus.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\wvursrr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\xciokwqj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-12_ 14614.98.zip/efcdd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-12_ 14614.98.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Colin\.housecall6.6\Quarantine\cvglmuaj.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\efcdd.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\joppdjvn.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\nnkgivlg.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\rloiqyva.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\tsykfjjl.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\udhgrgwc.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\umyirvkd.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\uqusjqpn.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\.housecall6.6\Quarantine\vkngvokq.dll.bac_a00408 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\UsrClass.dat{485d24e1-a0e3-11dc-9e24-001bfca81f9a}.TM.blf Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\UsrClass.dat{485d24e1-a0e3-11dc-9e24-001bfca81f9a}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\UsrClass.dat{485d24e1-a0e3-11dc-9e24-001bfca81f9a}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0812e293\Report.cab/ahpfaoep.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0812e293\Report.cab CAB: infected - 1 skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report082e1391\Report.cab/efcdd.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report082e1391\Report.cab CAB: infected - 1 skipped
C:\Users\Colin\AppData\Local\Temp\~DF4C7D.tmp Object is locked skipped
C:\Users\Colin\AppData\Local\Temp\~DF4C87.tmp Object is locked skipped
C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Colin\Desktop\backups\backup-20080309-040214-326.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\Desktop\backups\backup-20080311-142605-427.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\Desktop\backups\backup-20080311-150316-591.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\Desktop\backups\backup-20080311-150400-636.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\Colin\ntuser.dat Object is locked skipped
C:\Users\Colin\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Colin\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Colin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Colin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Colin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{e8d09c81-e717-11dc-825f-91b0dba7077d}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{e8d09c81-e717-11dc-825f-91b0dba7077d}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{e8d09c81-e717-11dc-825f-91b0dba7077d}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{e8d09c81-e717-11dc-825f-91b0dba7077d}.TxR.blf Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped

Scan process completed.

========================
========================
HJT LOG
========================
========================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:08 AM, on 15/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Colin\Desktop\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: MultiFrame.lnk = ?
O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resourc ... den-ca.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 7083 bytes
railker
Regular Member
 
Posts: 17
Joined: March 6th, 2008, 6:38 pm

Re: HJT Log from Canada::

Unread postby chryssi2001 » March 15th, 2008, 10:24 am

Hello railker,

Please download the OTMoveIt2 by OldTimer and Save it to your Desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    C:\Users\Colin\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0812e293 
    C:\Users\Colin\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report082e1391
    C:\Users\Colin\Desktop\backups\backup-20080309-040214-326.dll
    C:\Users\Colin\Desktop\backups\backup-20080311-142605-427.dll
    C:\Users\Colin\Desktop\backups\backup-20080311-150316-591.dll
    C:\Users\Colin\Desktop\backups\backup-20080311-150400-636.dll
    

  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
------------------------------------------------
Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following Folder:

C:\Users\Colin\.housecall6.6\Quarantine

Right-click and empty all it's contents.
------------------------------------------------
Post back:
OTMoveIt2 report.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: HJT Log from Canada::

Unread postby railker » March 15th, 2008, 12:44 pm

C:\Users\Colin\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0812e293 moved successfully.
C:\Users\Colin\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report082e1391 moved successfully.
DllUnregisterServer procedure not found in C:\Users\Colin\Desktop\backups\backup-20080309-040214-326.dll
C:\Users\Colin\Desktop\backups\backup-20080309-040214-326.dll NOT unregistered.
C:\Users\Colin\Desktop\backups\backup-20080309-040214-326.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\Colin\Desktop\backups\backup-20080311-142605-427.dll
C:\Users\Colin\Desktop\backups\backup-20080311-142605-427.dll NOT unregistered.
C:\Users\Colin\Desktop\backups\backup-20080311-142605-427.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\Colin\Desktop\backups\backup-20080311-150316-591.dll
C:\Users\Colin\Desktop\backups\backup-20080311-150316-591.dll NOT unregistered.
C:\Users\Colin\Desktop\backups\backup-20080311-150316-591.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\Colin\Desktop\backups\backup-20080311-150400-636.dll
C:\Users\Colin\Desktop\backups\backup-20080311-150400-636.dll NOT unregistered.
C:\Users\Colin\Desktop\backups\backup-20080311-150400-636.dll moved successfully.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03152008_094154




And the contents of .housecall6. were emptied as well.
railker
Regular Member
 
Posts: 17
Joined: March 6th, 2008, 6:38 pm

Re: HJT Log from Canada::

Unread postby chryssi2001 » March 15th, 2008, 1:24 pm

Hi railker,

Very well done! :)
------------------------------------------
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Image
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
------------------------------------------
Congratulations you are clean! :cheers:

Here are some free programs I recommend that could help you improve your computer's security.
(Vista users must ensure that any programs are Vista compatible BEFORE installing)

Spybot Search and Destroy 1.5.2
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here
Find here changes from older version 1.4 here

Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Happy safe surfing!
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 492 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware