Webuser Forums: conhook.d removal

Thanks for your help again

I have followed your instruction and the logs Are

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:37, on 21/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Windows\vVX6000.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CCC.lnk = ?
O4 - Startup: mapping.cmd
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EE7BBA6-5E00-491E-B1FD-DC994E269480}: NameServer = 212.50.160.100,213.249.130.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2E46692-B8B1-40B4-8DDE-BF562C86C571}: NameServer = 212.50.160.100,213.249.130.100
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 10737 bytes

COMBOFIX

ComboFix 08-04-17.1 - Administrator 2008-04-21 18:21:20.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1253 [GMT 1:00]
Running from: C:\Users\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.

2009-03-22 20:45 . 2009-03-22 20:45 89,600 --a------ C:\Windows\System32\atl71.dll
2008-04-21 00:54 . 2008-04-21 00:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-21 00:23 . 2008-04-21 00:23 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-21 00:17 . 2008-04-21 00:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 21:02 . 2008-04-20 21:02 268 --ah----- C:\sqmdata04.sqm
2008-04-20 21:02 . 2008-04-20 21:02 244 --ah----- C:\sqmnoopt04.sqm
2008-04-20 21:00 . 2008-04-20 21:00 <DIR> d-------- C:\VundoFix Backups
2008-04-18 20:30 . 2008-04-18 20:30 1,540,617 ---hs---- C:\Windows\System32\kkxetcmw.ini
2008-04-18 19:40 . 2008-04-18 20:08 <DIR> d-------- C:\!KillBox
2008-04-18 18:27 . 2008-04-18 18:27 268 --ah----- C:\sqmdata03.sqm
2008-04-18 18:27 . 2008-04-18 18:27 244 --ah----- C:\sqmnoopt03.sqm
2008-04-18 17:58 . 2008-04-18 19:12 1,540,737 ---hs---- C:\Windows\System32\pteeqwpa.ini
2008-04-18 17:36 . 2007-11-27 22:45 91,200 --a------ C:\Windows\System32\drivers\msfwdrv.sys
2008-04-18 17:36 . 2007-11-27 22:44 37,440 --a------ C:\Windows\System32\drivers\msfwhlpr.sys
2008-04-18 17:34 . 2008-04-18 17:36 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-04-18 17:34 . 2007-07-06 15:09 70,928 --a------ C:\Windows\System32\drivers\MpFilter.sys
2008-04-18 17:32 . 2008-04-21 07:13 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-04-18 06:10 . 2008-04-18 06:10 268 --ah----- C:\sqmdata02.sqm
2008-04-18 06:10 . 2008-04-18 06:10 244 --ah----- C:\sqmnoopt02.sqm
2008-04-17 23:55 . 2008-04-18 06:10 1,529,189 ---hs---- C:\Windows\System32\yqirtoww.ini
2008-04-17 22:46 . 2008-04-17 22:46 244 --ah----- C:\sqmnoopt01.sqm
2008-04-17 22:46 . 2008-04-17 22:46 232 --ah----- C:\sqmdata01.sqm
2008-04-17 19:38 . 2008-04-17 22:40 1,529,429 ---hs---- C:\Windows\System32\qmbdpugm.ini
2008-04-17 19:07 . 2008-04-17 19:07 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-04-15 18:30 . 2008-04-15 18:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-04-15 18:30 . 2008-04-15 18:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-04-15 18:30 . 2008-04-15 18:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-04-15 18:30 . 2008-04-15 18:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-04-15 18:30 . 2008-04-15 18:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-04-15 18:30 . 2008-04-15 18:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-04-15 18:30 . 2008-04-15 18:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-04-15 18:30 . 2008-04-15 18:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-04-13 17:14 . 2008-04-17 07:36 <DIR> d-------- C:\Program Files\avisplit
2008-04-13 16:51 . 2008-04-13 16:51 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Download Manager
2008-04-13 16:47 . 2008-04-13 16:52 <DIR> d-------- C:\Program Files\CasinoOnNet(2)
2008-04-13 16:47 . 2008-04-17 07:36 <DIR> d-------- C:\Program Files\CasinoOnNet
2008-04-13 13:19 . 2008-04-13 13:19 3,488 --a------ C:\Windows\wininit.ini
2008-04-13 13:03 . 2008-04-21 01:13 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-13 13:03 . 2008-04-21 01:13 <DIR> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-04-13 12:44 . 2008-02-28 13:26 1,414,440 --a------ C:\Windows\System32\ShellManager310E2D762.dll
2008-04-13 12:44 . 2008-02-28 13:01 774,144 --a------ C:\Windows\System32\NEROINSTAEC43759.DB
2008-04-13 11:55 . 2008-04-13 11:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 10:47 . 2008-04-21 00:23 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-13 10:47 . 2008-04-21 00:23 <DIR> d-------- C:\PROGRA~2\Lavasoft
2008-04-12 23:12 . 2008-04-12 23:12 0 --a------ C:\Windows\SMMVSplitter.INI
2008-04-12 22:52 . 2008-04-12 23:44 <DIR> d-------- C:\Program Files\Solveig Multimedia
2008-04-11 19:52 . 2008-04-11 19:52 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2008-04-11 19:51 . 2008-04-11 19:51 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-11 19:51 . 2008-04-11 19:51 <DIR> d-------- C:\PROGRA~2\Malwarebytes
2008-04-11 19:16 . 2007-01-18 13:00 3,968 --a------ C:\Windows\System32\drivers\AvgArCln.sys
2008-04-09 20:08 . 2008-04-09 20:08 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-09 13:40 . 2008-02-22 03:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-09 13:40 . 2008-02-22 06:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-07 20:27 . 2008-03-12 21:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-04-07 20:15 . 2008-04-07 20:15 <DIR> d-------- C:\Windows\System32\js
2008-04-07 20:15 . 2008-04-07 20:15 <DIR> d-------- C:\Windows\System32\images
2008-04-07 20:15 . 2008-04-07 20:15 <DIR> d-------- C:\Windows\System32\html
2008-04-07 20:15 . 2008-04-07 20:15 <DIR> d-------- C:\Windows\System32\css
2008-04-07 20:15 . 2008-04-07 20:15 <DIR> d-------- C:\Program Files\Business Objects
2008-04-07 20:11 . 2008-04-07 20:11 <DIR> d-------- C:\Program Files\Microsoft Device Emulator
2008-04-07 20:10 . 2008-04-07 20:10 <DIR> d-------- C:\Program Files\Windows Mobile 5.0 SDK R2
2008-04-07 20:09 . 2008-04-07 20:09 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-04-07 20:09 . 2008-04-07 20:09 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-07 20:00 . 2008-04-07 20:00 <DIR> d-------- C:\Users\All Users\PreEmptive Solutions
2008-04-07 20:00 . 2008-04-07 20:00 <DIR> d-------- C:\PROGRA~2\PreEmptive Solutions
2008-04-07 19:54 . 2008-04-07 19:54 <DIR> d-------- C:\Windows\symbols
2008-04-07 19:53 . 2008-04-07 19:53 <DIR> d-------- C:\Windows\System32\1033
2008-04-07 19:51 . 2008-04-07 20:15 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-07 19:51 . 2008-04-07 19:51 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-04-07 19:51 . 2008-04-07 19:56 <DIR> d-------- C:\Program Files\HTML Help Workshop
2008-04-07 19:51 . 2008-04-07 20:00 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-04-07 19:51 . 2008-04-07 19:51 <DIR> d-------- C:\Program Files\CE Remote Tools
2008-04-07 19:49 . 2008-04-07 19:49 <DIR> d-------- C:\Program Files\Microsoft Web Designer Tools
2008-04-06 23:27 . 2008-04-06 23:27 <DIR> d-------- C:\PerfLogs
2008-04-06 22:45 . 2008-04-06 22:05 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-04-06 22:45 . 2008-04-06 22:05 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-04-06 22:29 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-04-06 22:29 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-04-06 22:25 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-04-06 22:24 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-04-06 22:24 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-04-06 22:18 . 2008-01-18 23:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-06 22:16 . 2008-01-18 23:36 2,153,472 --a------ C:\Windows\System32\oobefldr.dll
2008-04-06 22:15 . 2008-01-18 23:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-04-06 22:14 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-04-06 22:13 . 2008-01-18 21:46 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-04-06 22:11 . 2008-01-18 23:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll
2008-04-06 22:05 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-04-06 21:21 . 2008-04-06 22:46 327,680 --a------ C:\Windows\SPInstall.etl
2008-04-05 16:34 . 2008-04-05 16:57 <DIR> d-------- C:\temp\ZUNE
2008-04-05 14:51 . 2008-04-05 14:51 <DIR> d-------- C:\Program Files\Audacity
2008-04-03 23:19 . 2008-04-21 18:36 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-03 23:19 . 2008-04-03 23:19 1,409 --a------ C:\Windows\QTFont.for
2008-04-03 23:18 . 2008-04-03 23:18 <DIR> d-------- C:\Program Files\iTunes
2008-04-03 23:18 . 2008-04-03 23:18 <DIR> d-------- C:\Program Files\iPod
2008-03-31 22:25 . 2008-03-31 22:25 831,488 --a------ C:\Windows\System32\divx_xx0a.dll
2008-03-31 22:25 . 2008-03-31 22:25 823,296 --a------ C:\Windows\System32\divx_xx0c.dll
2008-03-31 22:25 . 2008-03-31 22:25 823,296 --a------ C:\Windows\System32\divx_xx07.dll
2008-03-31 22:25 . 2008-03-31 22:25 802,816 --a------ C:\Windows\System32\divx_xx11.dll
2008-03-31 22:25 . 2008-03-31 22:25 682,496 --a------ C:\Windows\System32\DivX.dll
2008-03-31 22:25 . 2008-03-31 22:25 161,096 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-03-24 20:45 . 2008-03-24 20:45 630,784 --a------ C:\Windows\System32\divxdec.ax
2008-03-23 20:45 . 2008-03-23 20:47 <DIR> d-------- C:\Program Files\Windows Live
2008-03-23 20:45 . 2008-03-23 20:46 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-23 20:44 . 2008-03-23 20:44 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-03-23 20:44 . 2008-03-23 20:44 <DIR> d-------- C:\PROGRA~2\WLInstaller
2008-03-21 21:30 . 2008-03-21 21:30 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
2008-03-21 21:30 . 2008-03-21 21:30 1,044,480 --a------ C:\Windows\System32\libdivx.dll
2008-03-21 21:30 . 2008-03-21 21:30 524,288 --a------ C:\Windows\System32\DivXsm.exe
2008-03-21 21:30 . 2008-03-21 21:30 200,704 --a------ C:\Windows\System32\ssldivx.dll
2008-03-21 21:30 . 2008-03-21 21:30 4,816 --a------ C:\Windows\System32\divxsm.tlb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 19:45 503,808 ----a-w C:\Windows\System32\msvcp71.dll
2009-03-22 19:45 348,160 ----a-w C:\Windows\System32\msvcr71.dll
2008-04-21 00:04 --------- d---a-w C:\PROGRA~2\TEMP
2008-04-18 16:35 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-17 17:59 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-17 17:56 --------- d-----w C:\PROGRA~2\Nero
2008-04-17 06:36 --------- d-----w C:\Program Files\DivX
2008-04-17 06:36 --------- d-----w C:\Program Files\Any Video Converter Professional
2008-04-17 06:36 --------- d-----w C:\PROGRA~2\FLEXnet
2008-04-16 19:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 19:15 --------- d-----w C:\Program Files\Sony
2008-04-16 19:15 --------- d-----w C:\Program Files\Common Files\Sony Shared
2008-04-09 17:33 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 17:08 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-04-07 19:15 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-04-07 19:13 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-07 18:55 --------- d-----w C:\Program Files\MSBuild
2008-04-07 18:16 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-06 22:43 174 --sha-w C:\Program Files\desktop.ini
2008-04-06 22:31 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-06 22:31 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-06 22:31 --------- d-----w C:\Program Files\Windows Journal
2008-04-06 22:31 --------- d-----w C:\Program Files\Windows Defender
2008-04-06 22:31 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-06 22:31 --------- d-----w C:\Program Files\Windows Calendar
2008-04-06 21:53 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-06 21:53 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-03 22:17 --------- d-----w C:\Program Files\QuickTime
2008-03-28 19:51 --------- d-----w C:\Program Files\DVDlabPro
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-17 22:10 --------- d-----w C:\Program Files\Java
2008-03-11 23:51 --------- d-----w C:\Program Files\BitLocker
2008-03-02 15:21 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-01 17:31 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-01 14:36 --------- d-----w C:\Program Files\Red Kings Poker
2008-03-01 14:35 --------- d-----w C:\Program Files\HoldemInspector2
2008-03-01 14:34 --------- d-----w C:\Program Files\Full Tilt Poker
2008-03-01 14:33 --------- d-----w C:\Program Files\EuroPoker
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-28 16:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2008-02-26 15:14 972,072 ----a-w C:\Windows\UNRecode.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-18 15:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
2008-01-29 11:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll
2007-06-15 19:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-06-15 19:32 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-06-15 19:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-08-23 21:41 23 --sha-w C:\Windows\System32\cecefbae0_d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-17 22:35 171448]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\Windows\KHALMNPR.Exe]
"Logitech BT Wizard"="LBTWiz.exe" []
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 17:48 275800]
"VX6000"="C:\Windows\vVX6000.exe" [2006-12-19 11:29 994072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 23:46 624248]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-01-22 19:43 67112]

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [9/29/2006 9:57:36 AM 49152]
mapping.cmd [3/14/2008 10:55:02 AM 778]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [5/15/2007 9:41:58 PM 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [5/15/2007 9:37:25 PM 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-01-26 11:46 65536 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{583741E3-77DD-43E1-A813-6109B5F4A3F3}"= UDP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{5A19DD87-0FD2-435A-A20D-6232D95F84C5}"= TCP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{7349C6F3-4A2E-435E-921E-07E4DAA80092}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E1A945B7-DB5B-4619-BDEF-F788F7BD906B}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{ADC5F842-31ED-4538-ADBF-A68E55E36919}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4DC0B3EF-0E04-4C25-80E3-2C5B799C9561}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0ED8B05-EECC-4651-ADA8-B93FA896C9FF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3E674587-D177-4BE2-BC19-44D0E4AD09F5}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3F9CFDA9-25A0-4B28-BB20-823B9D0302AC}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{62DD989F-0AAE-405A-9B7F-6407675057A4}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{4A82B7FE-9081-4C36-9C29-8BC03BED3B7A}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{9DA07BDD-933D-4D21-9A80-457C960584E9}"= UDP:C:\Users\Administrator\AppData\Local\Temp\Rar$EX00.047\utorrent.exe:µTorrent
"{15BA7ED1-7E9B-427E-8199-FAD8546FB226}"= TCP:C:\Users\Administrator\AppData\Local\Temp\Rar$EX00.047\utorrent.exe:µTorrent
"{528530BB-20B8-47DA-AC32-FE09F0FA47C3}"= UDP:C:\Program Files\UTorrent\utorrent.exe:µTorrent
"{D89475C3-11A8-4447-80F3-571FB8E8D3DF}"= TCP:C:\Program Files\UTorrent\utorrent.exe:µTorrent
"TCP Query User{0FD73F83-E7D1-4FF2-A7FA-F404D9205015}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{C1E039E9-A25B-41F8-9EBB-9E56CB503938}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{46AA9CAC-F7A1-4F6C-BDA4-BFF894BC744D}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{D50D5519-CF31-4A5C-A7B3-22851267733F}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{E5B292D6-102D-403A-9854-35516265BE27}C:\\program files\\ultravnc\\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{7545D648-C64B-420D-AA7C-DC681027212E}C:\\program files\\ultravnc\\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:VNC server for Win32
"{907312EF-BD16-446E-A676-154E0B48B503}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{2C6EFE04-36A1-430C-8236-442599861046}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{1FC1EB6B-2B82-441D-99DB-69E9CD167709}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{7CB276E7-CF92-47B8-9D6B-01D05B336445}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{4DD2D589-FBBE-441C-8FB3-658D0827E970}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{B10C311C-CBA2-42E6-879C-3236B8087D2B}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{71A12125-8BEB-45F5-B47A-45E100D74F80}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{4FB89837-6BEE-47AC-A582-98D6301BB4C0}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"TCP Query User{D5A129EF-BACD-4361-9105-B1BA8A06A00A}C:\\program files\\microsoft lifecam\\lifecam.exe"= UDP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"UDP Query User{7D5812A9-971C-4356-A93A-6153896E4881}C:\\program files\\microsoft lifecam\\lifecam.exe"= TCP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"{629DE9B3-200E-409A-803F-F402FAB1EBDC}"= UDP:24684:BitComet 24684 TCP
"{61238605-86B6-4456-8BEC-0D95AA8666EA}"= TCP:24684:BitComet 24684 UDP
"TCP Query User{FED7F9CE-2416-471B-AFB9-B9A1BBDE66EF}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{413B8ABE-5E20-4082-A7A1-434389989D5E}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{DB40DD62-0886-49CF-AA2A-0BB2562CC4F3}"= UDP:3703:Adobe Version Cue CS3 Server
"{276C63B5-7496-4AA6-8BC1-D511E9103EE2}"= UDP:3704:Adobe Version Cue CS3 Server
"{8ABB2554-F527-4854-82A6-AC547CE84639}"= UDP:50900:Adobe Version Cue CS3 Server
"{3B536830-6C83-488C-93DD-C034D2D46FEE}"= UDP:50901:Adobe Version Cue CS3 Server
"{9CBD15ED-CD9A-401B-8184-E76506807A6D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A9F18D5A-6161-4555-96D1-B156D7024798}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{57741C25-BFC0-4889-9AB1-504C4CE0A3D4}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{C2A0DCCF-1F97-4BEB-B08D-AF7F10BD804F}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{F64FBFAA-4A18-4D1D-87C9-91FB1597E631}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D78FBD58-2D7D-492B-8876-3FC6976F5835}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{BBB00F08-E7E3-46DB-B85F-381E1322DDF3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8CE8969C-7210-4D95-B816-664AA29F0583}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EC07F62F-7542-4A96-AC86-D374843EF961}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{968CB003-FA7C-43AC-A3A2-F08BFC9BD602}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 14:13]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 vnccom;vnccom;C:\Windows\system32\Drivers\vnccom.SYS [2004-06-26 13:22]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-19 01:03]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-05-21 07:30]
R3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\system32\DRIVERS\VX6000Xp.sys [2006-12-19 11:29]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-19 01:03]
S3 sonydcam;Generic 1394 Desktop Camera;C:\Windows\system32\DRIVERS\sonydcam.sys [2006-11-02 09:55]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {F8487D71-8722-24E3-AC1E-8BA8B34E8832} /qb
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 18:35:08
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Windows\TEMP\TMP0000000B0CEA3B4EE0405281

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\IoctlSvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\net.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-04-21 18:41:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-21 17:40:47
ComboFix2.txt 2008-04-20 18:52:59
ComboFix3.txt 2008-04-20 18:28:15

Pre-Run: 193,346,314,240 bytes free
Post-Run: 193,006,571,520 bytes free
.
2008-04-17 13:21:03 --- E O F ---

Post Extras