Webuser Forums: GoldenKeylogger removal

After 3rd attempt, hope i got this right, anything here? But as it says 0 hidden files at end of ComboFix, guess not.

ComboFix 08-04-14.2 - Window on the world 2008-04-15 12:10:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1915 [GMT 1:00]
Running from: C:\Users\Window on the world\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-14 19:48 . 2008-04-14 19:48 <DIR> d-------- C:\Program Files\Bonjour
2008-04-14 19:47 . 2008-04-14 19:47 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-04-14 19:47 . 2008-04-14 19:47 <DIR> d-------- C:\Program Files\QuickTime
2008-04-14 19:47 . 2008-04-14 19:47 <DIR> d-------- C:\PROGRA~2\Apple Computer
2008-04-14 19:46 . 2008-04-14 19:46 <DIR> d-------- C:\Users\Window on the world\{42fb2db0-4436-484a-b634-6aa61d9629c7}
2008-04-14 19:46 . 2008-04-14 19:46 <DIR> d-------- C:\Users\All Users\Apple
2008-04-14 19:46 . 2008-04-14 19:46 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-14 19:46 . 2008-04-14 19:46 <DIR> d-------- C:\PROGRA~2\Apple
2008-04-14 19:35 . 2008-04-14 19:58 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\LimeWire
2008-04-14 19:34 . 2008-04-14 19:35 <DIR> d-------- C:\Program Files\LimeWire
2008-04-13 19:44 . 2008-04-13 19:44 <DIR> d-------- C:\epson
2008-04-13 18:08 . 2008-04-13 18:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-12 17:37 . 2008-04-12 17:39 <DIR> d-------- C:\Netgear
2008-04-11 19:14 . 2008-04-11 19:14 307 --a------ C:\Windows\game.ini
2008-04-11 18:55 . 2008-04-11 18:55 <DIR> d-------- C:\Program Files\Activision
2008-04-11 18:23 . 2008-04-11 18:23 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-11 18:23 . 2008-04-11 18:23 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-11 18:23 . 2008-04-11 18:23 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-11 18:23 . 2008-04-11 18:23 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-11 18:23 . 2008-04-11 18:23 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-11 18:23 . 2008-04-11 18:23 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-11 18:23 . 2008-04-11 18:23 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-11 18:23 . 2008-04-11 18:23 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-11 18:23 . 2008-04-11 18:23 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-11 18:23 . 2008-04-11 18:23 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-11 18:22 . 2008-04-11 18:22 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-11 18:20 . 2008-04-11 18:20 84,480 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-11 18:20 . 2008-04-11 18:20 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-11 17:57 . 2008-04-11 17:57 99,840 --a------ C:\Windows\System32\poqexec.exe
2008-04-06 14:41 . 2008-04-06 14:41 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-04-06 14:41 . 2008-04-06 14:41 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-04-06 14:39 . 2008-04-06 14:39 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-04-06 14:39 . 2008-04-06 14:39 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-04-06 14:39 . 2008-04-06 14:39 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-04-06 14:39 . 2008-04-06 14:39 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-04-06 14:39 . 2008-04-06 14:39 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-04-06 14:39 . 2008-04-06 14:39 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-04-06 14:39 . 2008-04-06 14:39 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-04-06 14:39 . 2008-04-06 14:39 2,048 --a------ C:\Windows\System32\asferror.dll
2008-04-06 14:37 . 2008-04-06 14:37 3,505,848 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-04-06 14:37 . 2008-04-06 14:37 3,472,056 --a------ C:\Windows\System32\ntoskrnl.exe
2008-04-06 14:37 . 2008-04-06 14:37 2,048 --a------ C:\Windows\System32\tzres.dll
2008-04-06 14:28 . 2008-04-06 14:28 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-04-06 14:28 . 2008-04-06 14:28 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-04-06 14:28 . 2008-04-06 14:28 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-04-06 14:28 . 2008-04-06 14:28 43,352 --a------ C:\Windows\System32\wups2.dll
2008-04-06 14:27 . 2008-04-06 14:27 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\Template
2008-04-06 14:27 . 2008-04-06 14:27 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-04-06 14:27 . 2008-04-06 14:27 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-04-06 14:27 . 2008-04-06 14:27 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-04-06 14:27 . 2008-04-06 14:27 33,624 --a------ C:\Windows\System32\wups.dll
2008-04-06 14:27 . 2008-04-06 14:27 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-04-06 14:27 . 2008-04-06 20:33 126 --a------ C:\Users\Window on the world\AppData\Roaming\wklnhst.dat
2008-04-04 12:56 . 2008-04-04 12:56 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\InstallShield
2008-04-04 10:01 . 2007-11-26 10:38 238,848 --a------ C:\Windows\UNBOC.EXE
2008-04-04 10:01 . 2007-05-08 17:01 208,896 --a------ C:\Windows\CMDLIC.DLL
2008-04-04 10:01 . 2006-11-02 10:46 14,848 --a------ C:\Windows\System32\wsock32.dlb
2008-04-04 10:00 . 2008-04-05 20:34 <DIR> d-------- C:\Program Files\Comodo
2008-04-03 10:30 . 2008-04-03 10:30 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\True Sword
2008-04-02 23:37 . 2008-04-02 23:37 0 --a------ C:\Windows\System32\SBRC.dat
2008-04-02 23:37 . 2008-04-02 23:37 0 --a------ C:\Windows\System32\SBFC.dat
2008-04-02 22:58 . 2008-04-02 22:58 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\Sunbelt Software
2008-04-02 22:29 . 2008-04-15 12:01 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\SiteAdvisor
2008-04-02 22:29 . 2008-04-02 22:29 <DIR> d-------- C:\Users\All Users\SiteAdvisor
2008-04-02 22:29 . 2008-04-02 22:29 <DIR> d-------- C:\Users\All Users\McAfee
2008-04-02 22:29 . 2008-04-02 22:29 <DIR> d-------- C:\PROGRA~2\SiteAdvisor
2008-04-02 22:29 . 2008-04-02 22:29 <DIR> d-------- C:\PROGRA~2\McAfee
2008-04-02 13:51 . 2008-04-03 00:53 <DIR> d-a------ C:\Users\All Users\TEMP
2008-04-02 13:51 . 2008-04-02 13:51 <DIR> d-------- C:\Users\All Users\Google
2008-04-02 13:51 . 2008-04-02 13:51 <DIR> d-------- C:\Program Files\Google
2008-04-02 13:51 . 2008-04-03 00:53 <DIR> d-a------ C:\PROGRA~2\TEMP
2008-04-02 12:36 . 2008-04-02 12:36 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-02 12:17 . 2008-04-02 12:17 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-02 12:16 . 2008-04-02 12:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 18:42 . 2008-04-01 18:42 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-04-01 18:40 . 2008-04-01 18:40 <DIR> d-------- C:\Windows\PCHEALTH
2008-04-01 18:37 . 2008-04-01 18:37 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-04-01 18:37 . 2008-04-01 18:40 <DIR> d-------- C:\Program Files\Windows Live
2008-04-01 18:37 . 2008-04-01 18:40 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-01 18:37 . 2008-04-01 18:37 <DIR> d-------- C:\PROGRA~2\WLInstaller
2008-04-01 13:16 . 2008-04-01 13:16 <DIR> d-------- C:\Program Files\Crawler
2008-04-01 13:15 . 2008-04-15 11:56 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\Spyware Terminator
2008-04-01 13:15 . 2008-04-15 11:58 <DIR> d-------- C:\Users\All Users\Spyware Terminator
2008-04-01 13:15 . 2008-04-15 11:58 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-01 13:15 . 2008-04-15 11:58 <DIR> d-------- C:\PROGRA~2\Spyware Terminator
2008-04-01 13:15 . 2008-04-01 13:15 138,752 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
2008-04-01 13:08 . 2008-04-02 12:17 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-01 13:08 . 2008-04-02 12:17 <DIR> d-------- C:\PROGRA~2\Lavasoft
2008-04-01 12:26 . 2008-04-01 12:29 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-01 12:26 . 2008-04-01 12:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-01 12:26 . 2008-04-01 12:29 <DIR> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-04-01 11:31 . 2008-04-15 11:56 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\AVG7
2008-04-01 11:30 . 2008-04-01 11:30 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-01 11:30 . 2008-04-01 11:33 <DIR> d-------- C:\Users\All Users\avg7
2008-04-01 11:30 . 2008-04-01 11:30 <DIR> d-------- C:\PROGRA~2\Grisoft
2008-04-01 11:30 . 2008-04-01 11:33 <DIR> d-------- C:\PROGRA~2\avg7
2008-04-01 11:30 . 2008-04-01 11:30 53,768 --a------ C:\Windows\System32\drivers\avgwfp.sys
2008-04-01 11:30 . 2008-04-01 11:30 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-04-01 10:49 . 2008-04-01 10:49 <DIR> d-------- C:\Program Files\VS Revo Group
2008-03-31 23:21 . 2008-03-31 23:21 0 --a------ C:\Windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 18:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 17:18 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-11 17:18 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-11 17:18 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-11 17:18 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-06 19:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-04 10:36 --------- d-----w C:\PROGRA~2\WildTangent
2008-04-01 11:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-01 10:29 --------- d-----w C:\PROGRA~2\Symantec
2008-03-30 22:39 --------- d-----w C:\PROGRA~2\Hewlett-Packard
2008-03-30 22:33 1,831 --sha-r C:\Windows\system32\drivers\103C_HP_CPC_KE545AA-ABU a6355.uk_YC_0Pavi_QCZH804_E81GBv3PrA4_49_INARRA3_SASUSTek Computer INC._V3.02_B5.05_T080104_WUH0_L409_M3070_J500_7AMD_8Phenom 9500 Quad-Core_92.2_#080330_N10DE03EF_Z_G10DE0421.MRK
2008-01-04 19:40 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-06 14:39 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-04 03:02 1783136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-02 13:51 171448]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-04 20:17 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 16:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 17:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-27 19:59 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-27 19:59 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-27 19:59 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 14:52 4702208 C:\Windows\RtHDVCpl.exe]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 11:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 01:24 54840]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 11:58 579584]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-01 13:15 2957824]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-01 11:30 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-04-01 11:30 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AC452B5A-0E30-4BAF-BBD8-DC23DCC970F3}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{FE586755-BA98-47C6-A1D3-9DDEC21D7C06}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{07E0AAF7-5BBD-4274-A749-53D402F47FD7}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{282BE039-F9D5-4E5D-940F-E2B9E3A4046A}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{997785A8-062D-430B-9E7D-E19FCE238E92}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{32E95D04-1E6D-4673-A318-8873BC986480}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-04-01 13:15]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-04-01 11:30]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2008-03-29 00:04]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-01 17:42:07 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-15 11:00:33 C:\Windows\Tasks\User_Feed_Synchronization-{100F61FD-9BE5-4D42-AC0B-E51A31386A94}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 12:12:52
Windows 6.0.6000 NTFS

scanning hidden processes ... ComboFix 08-04-14.2 - Window on the world 2008-04-15 12:10:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1915 [GMT 1:00]
Running from: C:\Users\Window on the world\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-14 19:48 . 2008-04-14 19:48 <DIR> d-------- C:\Program Files\Bonjour
2008-04-14 19:47 . 2008-04-14 19:47 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-04-14 19:47 . 2008-04-14 19:47 <DIR> d-------- C:\Program Files\QuickTime
2008-04-14 19:47 . 2008-04-14 19:47 <DIR> d-------- C:\PROGRA~2\Apple Computer
2008-04-14 19:46 . 2008-04-14 19:46 <DIR> d-------- C:\Users\Window on the world\{42fb2db0-4436-484a-b634-6aa61d9629c7}
2008-04-14 19:46 . 2008-04-14 19:46 <DIR> d-------- C:\Users\All Users\Apple
2008-04-14 19:46 . 2008-04-14 19:46 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-14 19:46 . 2008-04-14 19:46 <DIR> d-------- C:\PROGRA~2\Apple
2008-04-14 19:35 . 2008-04-14 19:58 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\LimeWire
2008-04-14 19:34 . 2008-04-14 19:35 <DIR> d-------- C:\Program Files\LimeWire
2008-04-13 19:44 . 2008-04-13 19:44 <DIR> d-------- C:\epson
2008-04-13 18:08 . 2008-04-13 18:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-12 17:37 . 2008-04-12 17:39 <DIR> d-------- C:\Netgear
2008-04-11 19:14 . 2008-04-11 19:14 307 --a------ C:\Windows\game.ini
2008-04-11 18:55 . 2008-04-11 18:55 <DIR> d-------- C:\Program Files\Activision
2008-04-11 18:23 . 2008-04-11 18:23 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-11 18:23 . 2008-04-11 18:23 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-11 18:23 . 2008-04-11 18:23 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-11 18:23 . 2008-04-11 18:23 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-11 18:23 . 2008-04-11 18:23 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-11 18:23 . 2008-04-11 18:23 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-11 18:23 . 2008-04-11 18:23 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-11 18:23 . 2008-04-11 18:23 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-11 18:23 . 2008-04-11 18:23 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-11 18:23 . 2008-04-11 18:23 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-11 18:22 . 2008-04-11 18:22 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-11 18:20 . 2008-04-11 18:20 84,480 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-11 18:20 . 2008-04-11 18:20 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-11 17:57 . 2008-04-11 17:57 99,840 --a------ C:\Windows\System32\poqexec.exe
2008-04-06 14:41 . 2008-04-06 14:41 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-04-06 14:41 . 2008-04-06 14:41 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-04-06 14:39 . 2008-04-06 14:39 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-04-06 14:39 . 2008-04-06 14:39 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-04-06 14:39 . 2008-04-06 14:39 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-04-06 14:39 . 2008-04-06 14:39 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-04-06 14:39 . 2008-04-06 14:39 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-04-06 14:39 . 2008-04-06 14:39 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-04-06 14:39 . 2008-04-06 14:39 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-04-06 14:39 . 2008-04-06 14:39 2,048 --a------ C:\Windows\System32\asferror.dll
2008-04-06 14:37 . 2008-04-06 14:37 3,505,848 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-04-06 14:37 . 2008-04-06 14:37 3,472,056 --a------ C:\Windows\System32\ntoskrnl.exe
2008-04-06 14:37 . 2008-04-06 14:37 2,048 --a------ C:\Windows\System32\tzres.dll
2008-04-06 14:28 . 2008-04-06 14:28 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-04-06 14:28 . 2008-04-06 14:28 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-04-06 14:28 . 2008-04-06 14:28 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-04-06 14:28 . 2008-04-06 14:28 43,352 --a------ C:\Windows\System32\wups2.dll
2008-04-06 14:27 . 2008-04-06 14:27 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\Template
2008-04-06 14:27 . 2008-04-06 14:27 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-04-06 14:27 . 2008-04-06 14:27 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-04-06 14:27 . 2008-04-06 14:27 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-04-06 14:27 . 2008-04-06 14:27 33,624 --a------ C:\Windows\System32\wups.dll
2008-04-06 14:27 . 2008-04-06 14:27 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-04-06 14:27 . 2008-04-06 20:33 126 --a------ C:\Users\Window on the world\AppData\Roaming\wklnhst.dat
2008-04-04 12:56 . 2008-04-04 12:56 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\InstallShield
2008-04-04 10:01 . 2007-11-26 10:38 238,848 --a------ C:\Windows\UNBOC.EXE
2008-04-04 10:01 . 2007-05-08 17:01 208,896 --a------ C:\Windows\CMDLIC.DLL
2008-04-04 10:01 . 2006-11-02 10:46 14,848 --a------ C:\Windows\System32\wsock32.dlb
2008-04-04 10:00 . 2008-04-05 20:34 <DIR> d-------- C:\Program Files\Comodo
2008-04-03 10:30 . 2008-04-03 10:30 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\True Sword
2008-04-02 23:37 . 2008-04-02 23:37 0 --a------ C:\Windows\System32\SBRC.dat
2008-04-02 23:37 . 2008-04-02 23:37 0 --a------ C:\Windows\System32\SBFC.dat
2008-04-02 22:58 . 2008-04-02 22:58 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\Sunbelt Software
2008-04-02 22:29 . 2008-04-15 12:01 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\SiteAdvisor
2008-04-02 22:29 . 2008-04-02 22:29 <DIR> d-------- C:\Users\All Users\SiteAdvisor
2008-04-02 22:29 . 2008-04-02 22:29 <DIR> d-------- C:\Users\All Users\McAfee
2008-04-02 22:29 . 2008-04-02 22:29 <DIR> d-------- C:\PROGRA~2\SiteAdvisor
2008-04-02 22:29 . 2008-04-02 22:29 <DIR> d-------- C:\PROGRA~2\McAfee
2008-04-02 13:51 . 2008-04-03 00:53 <DIR> d-a------ C:\Users\All Users\TEMP
2008-04-02 13:51 . 2008-04-02 13:51 <DIR> d-------- C:\Users\All Users\Google
2008-04-02 13:51 . 2008-04-02 13:51 <DIR> d-------- C:\Program Files\Google
2008-04-02 13:51 . 2008-04-03 00:53 <DIR> d-a------ C:\PROGRA~2\TEMP
2008-04-02 12:36 . 2008-04-02 12:36 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-02 12:17 . 2008-04-02 12:17 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-02 12:16 . 2008-04-02 12:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 18:42 . 2008-04-01 18:42 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-04-01 18:40 . 2008-04-01 18:40 <DIR> d-------- C:\Windows\PCHEALTH
2008-04-01 18:37 . 2008-04-01 18:37 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-04-01 18:37 . 2008-04-01 18:40 <DIR> d-------- C:\Program Files\Windows Live
2008-04-01 18:37 . 2008-04-01 18:40 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-01 18:37 . 2008-04-01 18:37 <DIR> d-------- C:\PROGRA~2\WLInstaller
2008-04-01 13:16 . 2008-04-01 13:16 <DIR> d-------- C:\Program Files\Crawler
2008-04-01 13:15 . 2008-04-15 11:56 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\Spyware Terminator
2008-04-01 13:15 . 2008-04-15 11:58 <DIR> d-------- C:\Users\All Users\Spyware Terminator
2008-04-01 13:15 . 2008-04-15 11:58 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-01 13:15 . 2008-04-15 11:58 <DIR> d-------- C:\PROGRA~2\Spyware Terminator
2008-04-01 13:15 . 2008-04-01 13:15 138,752 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
2008-04-01 13:08 . 2008-04-02 12:17 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-01 13:08 . 2008-04-02 12:17 <DIR> d-------- C:\PROGRA~2\Lavasoft
2008-04-01 12:26 . 2008-04-01 12:29 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-01 12:26 . 2008-04-01 12:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-01 12:26 . 2008-04-01 12:29 <DIR> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-04-01 11:31 . 2008-04-15 11:56 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\AVG7
2008-04-01 11:30 . 2008-04-01 11:30 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-01 11:30 . 2008-04-01 11:33 <DIR> d-------- C:\Users\All Users\avg7
2008-04-01 11:30 . 2008-04-01 11:30 <DIR> d-------- C:\PROGRA~2\Grisoft
2008-04-01 11:30 . 2008-04-01 11:33 <DIR> d-------- C:\PROGRA~2\avg7
2008-04-01 11:30 . 2008-04-01 11:30 53,768 --a------ C:\Windows\System32\drivers\avgwfp.sys
2008-04-01 11:30 . 2008-04-01 11:30 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-04-01 10:49 . 2008-04-01 10:49 <DIR> d-------- C:\Program Files\VS Revo Group
2008-03-31 23:21 . 2008-03-31 23:21 0 --a------ C:\Windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 18:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 17:18 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-11 17:18 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-11 17:18 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-11 17:18 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-06 19:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-04 10:36 --------- d-----w C:\PROGRA~2\WildTangent
2008-04-01 11:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-01 10:29 --------- d-----w C:\PROGRA~2\Symantec
2008-03-30 22:39 --------- d-----w C:\PROGRA~2\Hewlett-Packard
2008-03-30 22:33 1,831 --sha-r C:\Windows\system32\drivers\103C_HP_CPC_KE545AA-ABU a6355.uk_YC_0Pavi_QCZH804_E81GBv3PrA4_49_INARRA3_SASUSTek Computer INC._V3.02_B5.05_T080104_WUH0_L409_M3070_J500_7AMD_8Phenom 9500 Quad-Core_92.2_#080330_N10DE03EF_Z_G10DE0421.MRK
2008-01-04 19:40 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-06 14:39 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-04 03:02 1783136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-02 13:51 171448]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-04 20:17 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 16:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 17:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-27 19:59 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-27 19:59 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-27 19:59 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 14:52 4702208 C:\Windows\RtHDVCpl.exe]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 11:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 01:24 54840]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 11:58 579584]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-01 13:15 2957824]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-01 11:30 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-04-01 11:30 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AC452B5A-0E30-4BAF-BBD8-DC23DCC970F3}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{FE586755-BA98-47C6-A1D3-9DDEC21D7C06}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{07E0AAF7-5BBD-4274-A749-53D402F47FD7}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{282BE039-F9D5-4E5D-940F-E2B9E3A4046A}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{997785A8-062D-430B-9E7D-E19FCE238E92}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{32E95D04-1E6D-4673-A318-8873BC986480}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-04-01 13:15]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-04-01 11:30]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2008-03-29 00:04]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-01 17:42:07 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-15 11:00:33 C:\Windows\Tasks\User_Feed_Synchronization-{100F61FD-9BE5-4D42-AC0B-E51A31386A94}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 12:12:52
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-15 12:13:35
ComboFix-quarantined-files.txt 2008-04-15 11:13:32

Pre-Run: 404,584,284,160 bytes free
Post-Run: 404,779,753,472 bytes free
.
2008-04-12 18:57:03 --- E O F ---

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-15 12:13:35
ComboFix-quarantined-files.txt 2008-04-15 11:13:32

Pre-Run: 404,584,284,160 bytes free
Post-Run: 404,779,753,472 bytes free
.
2008-04-12 18:57:03 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:41, on 15/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8604 bytes

2008-04-14 19:48 . 2008-04-14 19:48 <DIR> d-------- C:\Program Files\Bonjour
2008-04-14 19:47 . 2008-04-14 19:47 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-04-14 19:47 . 2008-04-14 19:47 <DIR> d-------- C:\Program Files\QuickTime
2008-04-14 19:47 . 2008-04-14 19:47 <DIR> d-------- C:\PROGRA~2\Apple Computer
2008-04-14 19:46 . 2008-04-14 19:46 <DIR> d-------- C:\Users\Window on the world\{42fb2db0-4436-484a-b634-6aa61d9629c7}
2008-04-14 19:46 . 2008-04-14 19:46 <DIR> d-------- C:\Users\All Users\Apple
2008-04-14 19:46 . 2008-04-14 19:46 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-14 19:46 . 2008-04-14 19:46 <DIR> d-------- C:\PROGRA~2\Apple
2008-04-14 19:35 . 2008-04-14 19:58 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\LimeWire
2008-04-14 19:34 . 2008-04-14 19:35 <DIR> d-------- C:\Program Files\LimeWire
2008-04-13 19:44 . 2008-04-13 19:44 <DIR> d-------- C:\epson
2008-04-13 18:08 . 2008-04-13 18:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-12 17:37 . 2008-04-12 17:39 <DIR> d-------- C:\Netgear
2008-04-11 19:14 . 2008-04-11 19:14 307 --a------ C:\Windows\game.ini
2008-04-11 18:55 . 2008-04-11 18:55 <DIR> d-------- C:\Program Files\Activision
2008-04-11 18:23 . 2008-04-11 18:23 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-11 18:23 . 2008-04-11 18:23 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-11 18:23 . 2008-04-11 18:23 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-11 18:23 . 2008-04-11 18:23 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-11 18:23 . 2008-04-11 18:23 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-11 18:23 . 2008-04-11 18:23 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-11 18:23 . 2008-04-11 18:23 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-11 18:23 . 2008-04-11 18:23 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-11 18:23 . 2008-04-11 18:23 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-11 18:23 . 2008-04-11 18:23 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-11 18:22 . 2008-04-11 18:22 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-11 18:20 . 2008-04-11 18:20 84,480 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-11 18:20 . 2008-04-11 18:20 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-11 17:57 . 2008-04-11 17:57 99,840 --a------ C:\Windows\System32\poqexec.exe
2008-04-06 14:41 . 2008-04-06 14:41 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-04-06 14:41 . 2008-04-06 14:41 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-04-06 14:39 . 2008-04-06 14:39 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-04-06 14:39 . 2008-04-06 14:39 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-04-06 14:39 . 2008-04-06 14:39 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-04-06 14:39 . 2008-04-06 14:39 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-04-06 14:39 . 2008-04-06 14:39 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-04-06 14:39 . 2008-04-06 14:39 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-04-06 14:39 . 2008-04-06 14:39 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-04-06 14:39 . 2008-04-06 14:39 2,048 --a------ C:\Windows\System32\asferror.dll
2008-04-06 14:37 . 2008-04-06 14:37 3,505,848 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-04-06 14:37 . 2008-04-06 14:37 3,472,056 --a------ C:\Windows\System32\ntoskrnl.exe
2008-04-06 14:37 . 2008-04-06 14:37 2,048 --a------ C:\Windows\System32\tzres.dll
2008-04-06 14:28 . 2008-04-06 14:28 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-04-06 14:28 . 2008-04-06 14:28 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-04-06 14:28 . 2008-04-06 14:28 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-04-06 14:28 . 2008-04-06 14:28 43,352 --a------ C:\Windows\System32\wups2.dll
2008-04-06 14:27 . 2008-04-06 14:27 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\Template
2008-04-06 14:27 . 2008-04-06 14:27 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-04-06 14:27 . 2008-04-06 14:27 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-04-06 14:27 . 2008-04-06 14:27 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-04-06 14:27 . 2008-04-06 14:27 33,624 --a------ C:\Windows\System32\wups.dll
2008-04-06 14:27 . 2008-04-06 14:27 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-04-06 14:27 . 2008-04-06 20:33 126 --a------ C:\Users\Window on the world\AppData\Roaming\wklnhst.dat
2008-04-04 12:56 . 2008-04-04 12:56 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\InstallShield
2008-04-04 10:01 . 2007-11-26 10:38 238,848 --a------ C:\Windows\UNBOC.EXE
2008-04-04 10:01 . 2007-05-08 17:01 208,896 --a------ C:\Windows\CMDLIC.DLL
2008-04-04 10:01 . 2006-11-02 10:46 14,848 --a------ C:\Windows\System32\wsock32.dlb
2008-04-04 10:00 . 2008-04-05 20:34 <DIR> d-------- C:\Program Files\Comodo
2008-04-03 10:30 . 2008-04-03 10:30 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\True Sword
2008-04-02 23:37 . 2008-04-02 23:37 0 --a------ C:\Windows\System32\SBRC.dat
2008-04-02 23:37 . 2008-04-02 23:37 0 --a------ C:\Windows\System32\SBFC.dat
2008-04-02 22:58 . 2008-04-02 22:58 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\Sunbelt Software
2008-04-02 22:29 . 2008-04-15 12:01 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\SiteAdvisor
2008-04-02 22:29 . 2008-04-02 22:29 <DIR> d-------- C:\Users\All Users\SiteAdvisor
2008-04-02 22:29 . 2008-04-02 22:29 <DIR> d-------- C:\Users\All Users\McAfee
2008-04-02 22:29 . 2008-04-02 22:29 <DIR> d-------- C:\PROGRA~2\SiteAdvisor
2008-04-02 22:29 . 2008-04-02 22:29 <DIR> d-------- C:\PROGRA~2\McAfee
2008-04-02 13:51 . 2008-04-03 00:53 <DIR> d-a------ C:\Users\All Users\TEMP
2008-04-02 13:51 . 2008-04-02 13:51 <DIR> d-------- C:\Users\All Users\Google
2008-04-02 13:51 . 2008-04-02 13:51 <DIR> d-------- C:\Program Files\Google
2008-04-02 13:51 . 2008-04-03 00:53 <DIR> d-a------ C:\PROGRA~2\TEMP
2008-04-02 12:36 . 2008-04-02 12:36 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-02 12:17 . 2008-04-02 12:17 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-02 12:16 . 2008-04-02 12:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 18:42 . 2008-04-01 18:42 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-04-01 18:40 . 2008-04-01 18:40 <DIR> d-------- C:\Windows\PCHEALTH
2008-04-01 18:37 . 2008-04-01 18:37 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-04-01 18:37 . 2008-04-01 18:40 <DIR> d-------- C:\Program Files\Windows Live
2008-04-01 18:37 . 2008-04-01 18:40 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-01 18:37 . 2008-04-01 18:37 <DIR> d-------- C:\PROGRA~2\WLInstaller
2008-04-01 13:16 . 2008-04-01 13:16 <DIR> d-------- C:\Program Files\Crawler
2008-04-01 13:15 . 2008-04-15 11:56 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\Spyware Terminator
2008-04-01 13:15 . 2008-04-15 11:58 <DIR> d-------- C:\Users\All Users\Spyware Terminator
2008-04-01 13:15 . 2008-04-15 11:58 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-01 13:15 . 2008-04-15 11:58 <DIR> d-------- C:\PROGRA~2\Spyware Terminator
2008-04-01 13:15 . 2008-04-01 13:15 138,752 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
2008-04-01 13:08 . 2008-04-02 12:17 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-01 13:08 . 2008-04-02 12:17 <DIR> d-------- C:\PROGRA~2\Lavasoft
2008-04-01 12:26 . 2008-04-01 12:29 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-01 12:26 . 2008-04-01 12:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-01 12:26 . 2008-04-01 12:29 <DIR> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-04-01 11:31 . 2008-04-15 11:56 <DIR> d-------- C:\Users\Window on the world\AppData\Roaming\AVG7
2008-04-01 11:30 . 2008-04-01 11:30 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-01 11:30 . 2008-04-01 11:33 <DIR> d-------- C:\Users\All Users\avg7
2008-04-01 11:30 . 2008-04-01 11:30 <DIR> d-------- C:\PROGRA~2\Grisoft
2008-04-01 11:30 . 2008-04-01 11:33 <DIR> d-------- C:\PROGRA~2\avg7
2008-04-01 11:30 . 2008-04-01 11:30 53,768 --a------ C:\Windows\System32\drivers\avgwfp.sys
2008-04-01 11:30 . 2008-04-01 11:30 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-04-01 10:49 . 2008-04-01 10:49 <DIR> d-------- C:\Program Files\VS Revo Group
2008-03-31 23:21 . 2008-03-31 23:21 0 --a------ C:\Windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 18:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 17:18 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-11 17:18 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-11 17:18 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-11 17:18 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-06 19:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-04 10:36 --------- d-----w C:\PROGRA~2\WildTangent
2008-04-01 11:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-01 10:29 --------- d-----w C:\PROGRA~2\Symantec
2008-03-30 22:39 --------- d-----w C:\PROGRA~2\Hewlett-Packard
2008-03-30 22:33 1,831 --sha-r C:\Windows\system32\drivers\103C_HP_CPC_KE545AA-ABU a6355.uk_YC_0Pavi_QCZH804_E81GBv3PrA4_49_INARRA3_SASUSTek Computer INC._V3.02_B5.05_T080104_WUH0_L409_M3070_J500_7AMD_8Phenom 9500 Quad-Core_92.2_#080330_N10DE03EF_Z_G10DE0421.MRK
2008-01-04 19:40 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-06 14:39 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-04 03:02 1783136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-02 13:51 171448]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-04 20:17 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 16:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 17:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-27 19:59 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-27 19:59 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-27 19:59 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 14:52 4702208 C:\Windows\RtHDVCpl.exe]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 11:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 01:24 54840]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 11:58 579584]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-01 13:15 2957824]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-01 11:30 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-04-01 11:30 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AC452B5A-0E30-4BAF-BBD8-DC23DCC970F3}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{FE586755-BA98-47C6-A1D3-9DDEC21D7C06}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{07E0AAF7-5BBD-4274-A749-53D402F47FD7}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{282BE039-F9D5-4E5D-940F-E2B9E3A4046A}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{997785A8-062D-430B-9E7D-E19FCE238E92}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{32E95D04-1E6D-4673-A318-8873BC986480}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-04-01 13:15]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-04-01 11:30]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2008-03-29 00:04]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-01 17:42:07 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-15 11:00:33 C:\Windows\Tasks\User_Feed_Synchronization-{100F61FD-9BE5-4D42-AC0B-E51A31386A94}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 12:12:52
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-15 12:13:35
ComboFix-quarantined-files.txt 2008-04-15 11:13:32

Pre-Run: 404,584,284,160 bytes free
Post-Run: 404,779,753,472 bytes free
.
2008-04-12 18:57:03 --- E O F ---

Post Extras