131093.exe showed up as a process under windows task manager [RESOLVED

Back to square 1.
as you can see from HJT, the 2 server IPs are back....

O17 - HKLM\System\CCS\Services\Tcpip\..\{90773143-72A1-4E7B-933B-696371ED1598}: NameServer = 207.164.234.129 207.164.234.193

I cannot run my ATF-cleaner now ..the application runs for few seconds then disappear
tried to install SpyBOT S&D...and when SpyBOT tried to make a backup copy of the registry, the screen went blue....had to reboot

then, the folder system32 just popedup at log in, I did not open it before when I was in...
here is a fresh HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:36 PM, on 8/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\xxxwindowCleaners\4HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CCC.lnk = ?
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...S/wlscctrl2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{90773143-72A1-4E7B-933B-696371ED1598}: NameServer = 207.164.234.129 207.164.234.193
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11887 bytes
=======
=======

I think my HD is infected, al vermins are back again
I will not connect my HD, before finding a way to clean it....
I will take the same process
combo-fix and HJT
################################################################################
################################################################################
#
################################################################################
#
################################################################################
#
#######OK, I am back again,
did the same process
and my sys is cleannnn now, AGAIN
How to do the same process for my HD ??now, the HD is 100% infected, how to disinfect it?? thank you

################################################################################
################################################################################
#
################################################################################
#
################################################################################
#
#######
ComboFix 08-08-14.05 - suser 2008-08-15 17:44:56.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1634 [GMT -4:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\suser\AppData\Roaming\m
C:\Users\suser\AppData\Roaming\m\data.oct
C:\Users\suser\AppData\Roaming\m\flec006.exe
C:\Users\suser\AppData\Roaming\m\list.oct
C:\Windows\system32\ban_list.txt
C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\downld\100937.exe
C:\Windows\system32\drivers\downld\107890.exe
C:\Windows\system32\drivers\downld\179671.exe
C:\Windows\system32\drivers\downld\189281.exe
C:\Windows\system32\drivers\downld\192593.exe
C:\Windows\system32\drivers\downld\201750.exe
C:\Windows\system32\drivers\downld\206515.exe
C:\Windows\system32\drivers\downld\216734.exe
C:\Windows\system32\drivers\downld\226593.exe
C:\Windows\system32\drivers\downld\241796.exe
C:\Windows\system32\drivers\downld\246968.exe
C:\Windows\system32\drivers\downld\283703.exe
C:\Windows\system32\drivers\downld\287734.exe
C:\Windows\system32\drivers\downld\305203.exe
C:\Windows\system32\drivers\downld\309031.exe
C:\Windows\system32\drivers\downld\321687.exe
C:\Windows\system32\drivers\downld\324875.exe
C:\Windows\system32\drivers\downld\382171.exe
C:\Windows\system32\drivers\downld\404062.exe
C:\Windows\system32\drivers\downld\415906.exe
C:\Windows\system32\drivers\downld\417781.exe
C:\Windows\system32\drivers\downld\440109.exe
C:\Windows\system32\drivers\downld\451593.exe
C:\Windows\system32\drivers\downld\89343.exe
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\drivers\srosa.sys
C:\Windows\system32\mdelk.exe
C:\Windows\system32\wintems.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.

2008-08-15 04:38 . 2008-08-15 04:38 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-08-14 23:35 . 2008-08-15 17:02 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-14 23:35 . 2008-08-15 17:02 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-14 22:59 . 2008-08-14 22:59 55 --a------ C:\$DRVLTR$
2008-08-14 22:57 . 2008-08-14 22:57 0 -rahs---- C:\$lsdrive$
2008-08-14 22:57 . 2008-08-14 22:57 0 -rahs---- C:\$dwnlvldrive$
2008-08-14 22:57 . 2008-08-14 22:57 0 -rahs---- C:\$bootdrive$
2008-08-14 21:50 . 2008-08-14 22:59 1,887 --a------ C:\Windows\diagwrn.xml
2008-08-14 21:50 . 2008-08-14 22:59 1,887 --a------ C:\Windows\diagerr.xml
2008-08-14 18:31 . 2008-08-14 18:31 <DIR> d-------- C:\Users\suser\AppData\Roaming\Sunbelt
2008-08-14 18:31 . 2008-08-14 18:31 <DIR> d-------- C:\Users\All Users\Sunbelt
2008-08-14 18:31 . 2008-08-14 18:31 <DIR> d-------- C:\ProgramData\Sunbelt
2008-08-14 18:29 . 2008-04-28 14:48 202,160 --a------ C:\Windows\System32\drivers\sbtis.sys
2008-08-14 18:28 . 2008-08-14 18:28 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-08-14 15:17 . 2008-08-14 17:53 <DIR> d-------- C:\Users\suser\AppData\Roaming\m1
2008-08-14 15:06 . 2008-08-14 15:06 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-14 14:59 . 2008-08-14 14:59 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-14 14:59 . 2008-08-14 14:59 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-14 14:59 . 2008-08-14 14:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-14 13:56 . 2008-08-15 17:27 <DIR> d-------- C:\xxxwindowCleaners
2008-08-14 07:40 . 2008-08-14 07:40 <DIR> d-------- C:\Windows\Sun
2008-08-13 14:21 . 2008-07-15 21:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 14:07 . 2008-08-13 14:08 <DIR> d-------- C:\Temp\aaaaaMicrosoftANTIvirus
2008-08-13 13:32 . 2008-08-13 13:37 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-13 13:25 . 2008-08-13 13:26 <DIR> d-------- C:\Microsoft® Windows® Malicious Software Removal Tool
2008-08-13 13:22 . 2008-08-13 13:23 <DIR> d-------- C:\windowsDefender
2008-08-13 03:02 . 2008-08-14 10:15 <DIR> d-------- C:\Temp\idealratings
2008-08-13 00:25 . 2008-08-13 00:25 <DIR> d--h----- C:\Windows\PIF
2008-08-12 15:27 . 2008-06-18 23:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-12 15:26 . 2008-06-26 21:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-12 15:26 . 2008-06-27 00:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-12 15:26 . 2008-04-10 01:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-12 15:26 . 2008-04-18 01:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-11 21:26 . 2008-08-11 21:26 <DIR> d-------- C:\Users\suser\AppData\Roaming\proDAD
2008-08-11 21:18 . 2008-08-11 21:18 <DIR> d-------- C:\Program Files\Boris FX, Inc
2008-08-11 21:18 . 2003-06-26 10:04 237,568 --------- C:\Windows\System32\qtmlClient.dll
2008-08-11 21:18 . 2003-07-01 16:49 69,632 --------- C:\Windows\System32\MtxPreview.dll
2008-08-11 21:18 . 2003-07-01 16:49 49,152 --------- C:\Windows\System32\MtxParhBFXPreview.dll
2008-08-11 21:18 . 2003-01-20 09:08 49,152 --------- C:\Windows\System32\CvoAPI.dll
2008-08-11 21:18 . 2003-07-09 10:43 45,056 --------- C:\Windows\System32\BFXSrcFilter.ax
2008-08-11 21:18 . 2008-08-15 00:12 2,625 --a------ C:\Windows\Graffiti5.2Pin.ini
2008-08-11 20:48 . 2008-08-11 20:48 <DIR> d-------- C:\Program Files\Common Files\Pinnacle
2008-08-11 20:47 . 2008-08-11 20:47 <DIR> d-------- C:\Users\All Users\Pinnacle Studio Ultimate
2008-08-11 20:47 . 2008-08-11 20:47 <DIR> d-------- C:\ProgramData\Pinnacle Studio Ultimate
2008-08-11 20:12 . 2008-08-12 03:08 <DIR> d-------- C:\Program Files\Pinnacle
2008-08-11 19:58 . 2008-08-12 03:08 <DIR> d-------- C:\Users\All Users\Pinnacle
2008-08-11 19:58 . 2008-08-12 03:08 <DIR> d-------- C:\ProgramData\Pinnacle
2008-08-09 13:06 . 2008-08-09 13:06 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-09 13:04 . 2008-08-09 13:05 <DIR> d-------- C:\Program Files\iTunes
2008-08-09 13:04 . 2008-08-09 13:04 <DIR> d-------- C:\Program Files\iPod
2008-08-04 01:16 . 2008-08-04 01:16 <DIR> d-------- C:\Program Files\Common Files\TortoiseOverlays
2008-07-26 09:59 . 2008-07-26 09:59 <DIR> d-------- C:\Program Files\Bonjour
2008-07-25 04:36 . 2008-07-25 04:36 4,816 --------- C:\Windows\System32\divxsm.tlb
2008-07-23 12:48 . 2008-07-23 12:48 1,044,480 --------- C:\Windows\System32\libdivx.dll
2008-07-23 12:48 . 2008-07-23 12:48 200,704 --------- C:\Windows\System32\ssldivx.dll
2008-07-23 12:47 . 2008-07-23 12:47 416 --------- C:\Windows\System32\dtu100.dll.manifest
2008-07-23 12:47 . 2008-07-23 12:47 416 --------- C:\Windows\System32\dpl100.dll.manifest
2008-07-23 12:46 . 2008-07-23 12:46 12,288 --------- C:\Windows\System32\DivXWMPExtType.dll
2008-07-21 22:01 . 2008-07-21 22:01 59,176 --a------ C:\Windows\System32\sbbd.exe
2008-07-18 18:27 . 2008-07-18 18:27 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-18 17:30 . 2008-07-18 17:30 <DIR> d-------- C:\Users\suser\AppData\Roaming\ShariahOne.19D89DE8475AF7CD2955032923EA67AE70162BDD.1
2008-07-18 16:32 . 2008-07-18 16:32 <DIR> d-------- C:\Program Files\ShariahOne
2008-07-17 21:08 . 2008-07-17 21:08 <DIR> d-------- C:\Program Files\Sun
2008-07-17 14:58 . 2008-07-17 14:58 <DIR> d-------- C:\Program Files\TechSmith
2008-07-17 13:05 . 2008-07-17 13:05 <DIR> d-------- C:\Program Files\Sling Media
2008-07-15 13:48 . 2007-07-19 18:14 3,727,720 --------- C:\Windows\System32\d3dx9_35.dll
2008-07-15 13:48 . 2006-09-28 16:05 2,414,360 --------- C:\Windows\System32\d3dx9_31.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 20:52 --------- d-----w C:\Users\suser\AppData\Roaming\Skype
2008-08-15 08:38 --------- d-----w C:\Program Files\MSECache
2008-08-15 08:23 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-15 08:02 --------- d-----w C:\Program Files\MagicISO
2008-08-15 07:55 --------- d-----w C:\Program Files\MagicDisc
2008-08-15 06:56 --------- d-----w C:\Program Files\Azureus
2008-08-15 03:55 --------- d-----w C:\ProgramData\eMule
2008-08-14 20:52 --------- d-----w C:\Program Files\eMule
2008-08-14 16:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-13 10:51 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 01:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-07 10:02 --------- d-----w C:\Program Files\Java
2008-08-07 00:15 --------- d-----w C:\Program Files\DivX
2008-07-27 05:04 --------- d-----w C:\Users\suser\AppData\Roaming\bsplayer
2008-07-25 08:36 524,288 ------w C:\Windows\System32\DivXsm.exe
2008-07-23 16:50 3,596,288 ------w C:\Windows\System32\qt-dx331.dll
2008-07-14 16:05 --------- d-----w C:\Users\suser\AppData\Roaming\InterVideo
2008-07-14 16:03 --------- d-----w C:\ProgramData\InstallShield
2008-07-14 16:02 --------- d-----w C:\Program Files\InterVideo
2008-07-14 16:02 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-07-14 16:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-14 14:12 --------- d-----w C:\ProgramData\GRETECH
2008-07-14 14:11 --------- d-----w C:\Users\suser\AppData\Roaming\GRETECH
2008-07-14 14:11 --------- d-----w C:\Program Files\GRETECH
2008-07-13 15:04 --------- d-----w C:\Users\suser\AppData\Roaming\DivX
2008-07-13 04:03 --------- d-----w C:\Program Files\WMV9_VCM
2008-07-13 03:56 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-07-13 03:49 21,764 ------w C:\Windows\System32\CoreAAC-uninstall.exe
2008-07-05 16:40 --------- d-----w C:\Program Files\activePDF
2008-07-04 03:57 --------- d-----w C:\Users\suser\AppData\Roaming\TortoiseSVN
2008-07-02 20:07 --------- d-----w C:\Users\suser\AppData\Roaming\skypePM
2008-07-01 07:07 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-07-01 07:07 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-06-30 10:39 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-29 09:27 --------- d-----w C:\Users\suser\AppData\Roaming\Subversion
2008-06-28 19:42 174 --sha-w C:\Program Files\desktop.ini
2008-06-28 19:29 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-28 19:29 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-28 19:29 --------- d-----w C:\Program Files\Windows Journal
2008-06-28 19:29 --------- d-----w C:\Program Files\Windows Defender
2008-06-28 19:29 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-28 19:29 --------- d-----w C:\Program Files\Windows Calendar
2008-06-28 19:11 82,432 ------w C:\Windows\System32\axaltocm.dll
2008-06-28 19:11 101,888 ------w C:\Windows\System32\ifxcardm.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-11 00:07 129,784 ------w C:\Windows\System32\pxafs.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-02-10 02:27 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-10 02:27 32 ----a-w C:\ProgramData\ezsid.dat
2007-05-04 19:38 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-05-04 19:38 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-05-04 19:38 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-15_14.14.40.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-15 09:03:51 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-08-15 21:34:49 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-08-15 09:03:51 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-08-15 21:34:49 143,360 ----a-w C:\Windows\inf\infstrng.dat
- 2008-08-15 18:05:17 13,749,912 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-08-15 21:29:42 13,749,912 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-08-15 18:07:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-15 21:44:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-08-15 18:07:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-08-15 21:44:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-15 18:07:25 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-15 21:46:33 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-08-15 18:07:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-15 21:46:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-08-15 08:50:16 16,384 ------w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-15 18:19:42 16,384 ------w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-15 08:50:16 32,768 ------w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-15 18:19:42 32,768 ------w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-15 08:50:16 16,384 ------w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-15 18:19:42 16,384 ------w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-14 23:47:01 101,350 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-15 21:23:21 101,350 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-14 23:47:01 595,684 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-15 21:23:21 595,684 ----a-w C:\Windows\System32\perfh009.dat
- 2008-08-15 18:09:04 11,256 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1038192643-3975570624-1541393284-1000_UserData.bin
+ 2008-08-15 21:46:24 11,470 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1038192643-3975570624-1541393284-1000_UserData.bin
- 2008-08-15 18:09:04 63,490 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-15 21:46:24 63,960 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-15 20:05:07 2,876 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-08-15 18:09:02 41,296 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-15 21:46:17 41,850 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2005-01-17 04:02 708616]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
"Jing"="C:\Program Files\TechSmith\Jing\Jing.exe" [2008-07-16 13:44 726272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-01-17 04:02 708616]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-05 19:02 184320]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56 317152]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32 472800]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2007-11-20 17:40 731136]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24 620152]

C:\Users\suser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 09:57:36 49152]
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-05-01 23:34:15 546816]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-11-10 15:48:23 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 17:55:50 703280]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-07-14 11:58:55 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i263_32.drv
"VIDC.X264"= x264vfw.dll
"VIDC.DIV3"= DivXc32.dll
"VIDC.DIV4"= DivXc32f.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"VIDC.MPG4"= msmpeg4.dll
"VIDC.MP42"= msmpeg4.dll
"VIDC.MP43"= msmpeg4.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= msaud32_divx.acm
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1038192643-3975570624-1541393284-1000]
"EnableNotificationsRef"=dword:00000006

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{FC6ACF01-00C3-42E7-9D80-E3C4DC82DAD1}C:\\program files\\bittyrant\\azureus.exe"= UDP:C:\program files\bittyrant\azureus.exe:Azureus
"UDP Query User{38A7A466-BE6B-4F6D-8467-0D4DBE1CFD7A}C:\\program files\\bittyrant\\azureus.exe"= TCP:C:\program files\bittyrant\azureus.exe:Azureus
"{0A214F54-CA60-4AA7-8F7F-1E6D766E9055}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{AF582C28-CA0B-4779-96A0-119145DCC440}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7C15FE9B-F6DF-4103-ACC8-5A8344F3D1E4}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{E5DBEA06-724F-4EA8-A342-1260EAF5E09D}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B6078EB2-BE30-489C-AA93-D54BD3718C7B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{77C54D98-E7B7-40FC-B180-674996920F49}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D4DCEFE3-AB16-4531-B13C-FD5459BB7231}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3F714FF8-DB9F-44D3-82D1-3AFDE35556B9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E80F5E5-F418-4C3B-B6A4-0714AA5F612B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{8CFE93AC-275E-42B5-916E-656692C8AACF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{093CF3BF-D297-4B55-A7B4-0954A3A7E9E6}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C77F2F15-0A7E-4D2E-845E-AB345164194C}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8D9109A3-2372-46E1-85F5-9D481EC50346}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{F530D326-CBC1-42EA-9C34-30E22BE07D38}C:\\windows\\system32\\wfs.exe"= UDP:C:\windows\system32\wfs.exe:Microsoft Windows Fax and Scan
"UDP Query User{E8C6F56F-D42F-42D9-8ACB-02C20E7F663C}C:\\windows\\system32\\wfs.exe"= TCP:C:\windows\system32\wfs.exe:Microsoft Windows Fax and Scan
"{C2B626AA-FFCD-42A4-B907-4D5510916682}"= UDP:C:\RECYCLER\msnmrsgrs.exe:RSXB
"{6CABF682-7F75-46CB-8F4A-0F584F38298D}"= TCP:C:\RECYCLER\msnmrsgrs.exe:RSXB
"{B0D72CD0-35F3-40CC-9442-821670EC34F9}"= UDP:6667:irc
"TCP Query User{38F2CD98-F238-4CFA-9476-BC829D08DAAF}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{0A80F3F8-6110-400A-BD27-D18918B2CAD7}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"TCP Query User{3253EA1D-4230-44F9-9A56-018AABD481F3}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{DB754407-39EA-482A-980B-79433272367D}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{CD8867EE-1DC5-4ACB-979F-FAE65BA03C68}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E4C3D8EA-6EE5-4F40-85B2-BAE67A495306}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4D6BE946-732C-43EA-BEF0-D8CD406578FC}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{162B6780-4DCD-445F-B04F-0128C7FA1634}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BF07BD08-7F60-45B4-83B5-700C77C738FC}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{39D4B611-6F72-4764-9B17-36DA79ABC7B7}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{5B1A2FB0-E02A-485B-B440-619A47BA6AAA}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{766B3510-DDA0-4B8E-A55D-8C2A780A6267}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F998642C-5829-4A2F-B68A-9CF22F90C6DD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{86D739D2-6258-4A5A-8F77-F153FC021A72}"= UDP:F:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{34846A13-4D18-4BC6-8872-AE2908110E73}"= TCP:F:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{DBCC0485-993E-4A38-93B1-42847A0AB779}"= UDP:F:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{713939AA-9272-47B4-8D2F-A7D02700C3F0}"= TCP:F:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{AFDCDF01-2DC5-498D-A090-0495356474CC}"= UDP:F:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{5C629682-8CC4-4B3F-BD57-4F805D571936}"= TCP:F:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:umi

R1 sbtis;sbtis;C:\Windows\system32\drivers\sbtis.sys [2008-04-28 14:48]
R3 b57nd60x;%SvcDispName%;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 00:25]
R3 HSX_DPV;HSX_DPV;C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-13 13:51]
S2 SBAMSvc;Sunbelt VIPRE Antivirus Service;C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe []
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 12:54]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 12:54]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 12:54]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 12:53]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 12:53]
S3 Pscdeiddpu;Pscdeiddpu;C:\Windows\system32\drivers\afd.sys [2008-01-19 01:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{043b1754-c954-11dc-a0bf-0017082fb4ca}]
\shell\AutoRun\command - F:\wd_windows_tools\WDEULA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {B8D03542-FFB4-8617-0686-40DF3B577C64} /qb
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SBAMTray - C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\suser\AppData\Roaming\Mozilla\Firefox\Profiles\xeyrb68t.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
FF -: plugin - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Virtools\3D Life Player\npvirtools.dll
FF -: plugin - C:\Program Files\Virtual Earth 3D\npVE3D.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 17:49:50
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\runonce.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2008-08-15 17:51:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-15 21:51:23
ComboFix2.txt 2008-08-15 18:15:43

Pre-Run: 52,207,194,112 bytes free
Post-Run: 52,171,280,384 bytes free

421 --- E O F --- 2008-08-14 16:47:35

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:14 PM, on 8/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\xxxwindowCleaners\4HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /dete

Edited by iglooo101, 15 August 2008 - 04:15 PM.

Hmm, I just put together the next lot of instructions.

Looks like I will have to go back to the drawing board.

Might take a little time.

emeraldnzl

Hello iglooo101,

Question: Do you recognise this? "C:\Program Files\ShariahOne"

is there a thread where somebody posted HOW TO IMMUNE VISTA..

I will make some suggestions once we have got rid of all your computers infection and when we go to clean up.

Now

Please download DirLook by jpshortstuff from here.

• Double-click DirLook.exe to run it.
• Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
• Copy the content of the following codebox into the main textfield:
  
  

  C:\Temp\aaaaaMicrosoftANTIvirus
  C:\Users\suser\AppData\Roaming\m1

• Click the DirLook button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\dl_log.txt)

Note: Scanning may take longer for large folders.

Next

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{043b1754-c954-11dc-a0bf-0017082fb4ca}]

Sysrst::

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Lastly

Kaspersky only works if you are using Internet Explorer.

Please do an online scan with Kaspersky WebScanner.

Click on the Kaspersky Online Scanner button. A box will come up, click Accept, this will allow it to install an ActiveX component and download its latest anti-virus database. (Note: It may take a couple of minutes)

• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  * Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  * Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:
  Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  * Now click on the Save as Text button:
• Save the file to your desktop.

Copy and paste that information in your next post.

So when you come back please post

• Dirlook log
• ComboFix text report
• Kaspersky scan results

After combo-fixe has done its trick
the folder m1 is still there and full of vermins <<<<<<<<<<<<<<<
will move one to the steps mentioned in the previous post
###############################
here is the 1st log
#############################################################################
DirLook.exe by jpshortstuff
Log created at 19:32:52 on Fri 08/15/2008

==============================

Contents of "C:\Temp\aaaaaMicrosoftANTIvirus" (inc. hidden/system files/folders)

---FOLDERS---


---FILES---

microsoft antiVirus Steps.txt (13 bytes, created: 08/13/2008 02:08 PM) --a------

==============================

Contents of "C:\Users\suser\AppData\Roaming\m1" (inc. hidden/system files/folders)

---FOLDERS---

shared (created: 08/14/2008 05:42 PM) d--------

---FILES---

flec006.exe (94317 bytes, created: 08/14/2008 05:02 PM) ---------

==============================

=EOF=
#############################################################################
here is the 2nd log

ComboFix 08-08-14.05 - suser 2008-08-15 19:43:37.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1508 [GMT -4:00]
Running from: C:\xxxwindowCleaners\Combo-Fix.exe
Command switches used :: C:\xxxwindowCleaners\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.

2008-08-15 04:38 . 2008-08-15 04:38 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-08-14 22:57 . 2008-08-14 22:57 0 -rahs---- C:\$lsdrive$
2008-08-14 22:57 . 2008-08-14 22:57 0 -rahs---- C:\$dwnlvldrive$
2008-08-14 22:57 . 2008-08-14 22:57 0 -rahs---- C:\$bootdrive$
2008-08-14 21:50 . 2008-08-14 22:59 1,887 --a------ C:\Windows\diagwrn.xml
2008-08-14 21:50 . 2008-08-14 22:59 1,887 --a------ C:\Windows\diagerr.xml
2008-08-14 18:31 . 2008-08-14 18:31 <DIR> d-------- C:\Users\suser\AppData\Roaming\Sunbelt
2008-08-14 18:29 . 2008-04-28 14:48 202,160 --a------ C:\Windows\System32\drivers\sbtis.sys
2008-08-14 18:28 . 2008-08-14 18:28 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-08-14 15:17 . 2008-08-14 17:53 <DIR> d-------- C:\Users\suser\AppData\Roaming\m1
2008-08-14 14:59 . 2008-08-14 14:59 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-14 14:59 . 2008-08-14 14:59 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-14 14:59 . 2008-08-14 14:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-14 13:56 . 2008-08-15 19:43 <DIR> d-------- C:\xxxwindowCleaners
2008-08-14 07:40 . 2008-08-14 07:40 <DIR> d-------- C:\Windows\Sun
2008-08-13 14:21 . 2008-07-15 21:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 14:07 . 2008-08-13 14:08 <DIR> d-------- C:\Temp\aaaaaMicrosoftANTIvirus
2008-08-13 13:32 . 2008-08-13 13:37 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-13 13:25 . 2008-08-13 13:26 <DIR> d-------- C:\Microsoft® Windows® Malicious Software Removal Tool
2008-08-13 13:22 . 2008-08-13 13:23 <DIR> d-------- C:\windowsDefender
2008-08-13 03:02 . 2008-08-14 10:15 <DIR> d-------- C:\Temp\idealratings
2008-08-13 00:25 . 2008-08-13 00:25 <DIR> d--h----- C:\Windows\PIF
2008-08-12 15:27 . 2008-06-18 23:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-12 15:26 . 2008-06-26 21:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-12 15:26 . 2008-06-27 00:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-12 15:26 . 2008-04-10 01:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-12 15:26 . 2008-04-18 01:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-11 21:26 . 2008-08-11 21:26 <DIR> d-------- C:\Users\suser\AppData\Roaming\proDAD
2008-08-11 21:18 . 2008-08-11 21:18 <DIR> d-------- C:\Program Files\Boris FX, Inc
2008-08-11 21:18 . 2003-06-26 10:04 237,568 --------- C:\Windows\System32\qtmlClient.dll
2008-08-11 21:18 . 2003-07-01 16:49 69,632 --------- C:\Windows\System32\MtxPreview.dll
2008-08-11 21:18 . 2003-07-01 16:49 49,152 --------- C:\Windows\System32\MtxParhBFXPreview.dll
2008-08-11 21:18 . 2003-01-20 09:08 49,152 --------- C:\Windows\System32\CvoAPI.dll
2008-08-11 21:18 . 2003-07-09 10:43 45,056 --------- C:\Windows\System32\BFXSrcFilter.ax
2008-08-11 21:18 . 2008-08-15 00:12 2,625 --a------ C:\Windows\Graffiti5.2Pin.ini
2008-08-11 20:48 . 2008-08-11 20:48 <DIR> d-------- C:\Program Files\Common Files\Pinnacle
2008-08-11 20:12 . 2008-08-12 03:08 <DIR> d-------- C:\Program Files\Pinnacle
2008-08-09 13:06 . 2008-08-09 13:06 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-09 13:04 . 2008-08-09 13:05 <DIR> d-------- C:\Program Files\iTunes
2008-08-09 13:04 . 2008-08-09 13:04 <DIR> d-------- C:\Program Files\iPod
2008-08-04 01:16 . 2008-08-04 01:16 <DIR> d-------- C:\Program Files\Common Files\TortoiseOverlays
2008-07-26 09:59 . 2008-07-26 09:59 <DIR> d-------- C:\Program Files\Bonjour
2008-07-25 04:36 . 2008-07-25 04:36 4,816 --------- C:\Windows\System32\divxsm.tlb
2008-07-23 12:48 . 2008-07-23 12:48 1,044,480 --------- C:\Windows\System32\libdivx.dll
2008-07-23 12:48 . 2008-07-23 12:48 200,704 --------- C:\Windows\System32\ssldivx.dll
2008-07-23 12:47 . 2008-07-23 12:47 416 --------- C:\Windows\System32\dtu100.dll.manifest
2008-07-23 12:47 . 2008-07-23 12:47 416 --------- C:\Windows\System32\dpl100.dll.manifest
2008-07-23 12:46 . 2008-07-23 12:46 12,288 --------- C:\Windows\System32\DivXWMPExtType.dll
2008-07-21 22:01 . 2008-07-21 22:01 59,176 --a------ C:\Windows\System32\sbbd.exe
2008-07-18 18:27 . 2008-07-18 18:27 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-18 17:30 . 2008-07-18 17:30 <DIR> d-------- C:\Users\suser\AppData\Roaming\ShariahOne.19D89DE8475AF7CD2955032923EA67AE70162BDD.1
2008-07-18 16:32 . 2008-07-18 16:32 <DIR> d-------- C:\Program Files\ShariahOne
2008-07-17 21:08 . 2008-07-17 21:08 <DIR> d-------- C:\Program Files\Sun
2008-07-17 14:58 . 2008-07-17 14:58 <DIR> d-------- C:\Program Files\TechSmith
2008-07-17 13:05 . 2008-07-17 13:05 <DIR> d-------- C:\Program Files\Sling Media
2008-07-15 13:48 . 2007-07-19 18:14 3,727,720 --------- C:\Windows\System32\d3dx9_35.dll
2008-07-15 13:48 . 2006-09-28 16:05 2,414,360 --------- C:\Windows\System32\d3dx9_31.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 23:04 --------- d-----w C:\Users\suser\AppData\Roaming\Skype
2008-08-15 08:38 --------- d-----w C:\Program Files\MSECache
2008-08-15 08:23 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-15 08:02 --------- d-----w C:\Program Files\MagicISO
2008-08-15 07:55 --------- d-----w C:\Program Files\MagicDisc
2008-08-15 03:55 --------- d-----w C:\ProgramData\eMule
2008-08-14 20:52 --------- d-----w C:\Program Files\eMule
2008-08-14 16:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-13 10:51 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 01:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-07 10:02 --------- d-----w C:\Program Files\Java
2008-08-07 00:15 --------- d-----w C:\Program Files\DivX
2008-07-27 05:04 --------- d-----w C:\Users\suser\AppData\Roaming\bsplayer
2008-07-25 08:36 524,288 ------w C:\Windows\System32\DivXsm.exe
2008-07-23 16:50 3,596,288 ------w C:\Windows\System32\qt-dx331.dll
2008-07-14 16:05 --------- d-----w C:\Users\suser\AppData\Roaming\InterVideo
2008-07-14 16:03 --------- d-----w C:\ProgramData\InstallShield
2008-07-14 16:02 --------- d-----w C:\Program Files\InterVideo
2008-07-14 16:02 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-07-14 16:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-14 14:12 --------- d-----w C:\ProgramData\GRETECH
2008-07-14 14:11 --------- d-----w C:\Users\suser\AppData\Roaming\GRETECH
2008-07-14 14:11 --------- d-----w C:\Program Files\GRETECH
2008-07-13 15:04 --------- d-----w C:\Users\suser\AppData\Roaming\DivX
2008-07-13 04:03 --------- d-----w C:\Program Files\WMV9_VCM
2008-07-13 03:56 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-07-13 03:49 21,764 ------w C:\Windows\System32\CoreAAC-uninstall.exe
2008-07-05 16:40 --------- d-----w C:\Program Files\activePDF
2008-07-04 03:57 --------- d-----w C:\Users\suser\AppData\Roaming\TortoiseSVN
2008-07-02 20:07 --------- d-----w C:\Users\suser\AppData\Roaming\skypePM
2008-07-01 07:07 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-07-01 07:07 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-06-30 10:39 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-29 09:27 --------- d-----w C:\Users\suser\AppData\Roaming\Subversion
2008-06-28 19:42 174 --sha-w C:\Program Files\desktop.ini
2008-06-28 19:29 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-28 19:29 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-28 19:29 --------- d-----w C:\Program Files\Windows Journal
2008-06-28 19:29 --------- d-----w C:\Program Files\Windows Defender
2008-06-28 19:29 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-28 19:29 --------- d-----w C:\Program Files\Windows Calendar
2008-06-28 19:11 82,432 ------w C:\Windows\System32\axaltocm.dll
2008-06-28 19:11 101,888 ------w C:\Windows\System32\ifxcardm.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-11 00:07 129,784 ------w C:\Windows\System32\pxafs.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-02-10 02:27 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-10 02:27 32 ----a-w C:\ProgramData\ezsid.dat
2007-05-04 19:38 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-05-04 19:38 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-05-04 19:38 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2005-01-17 04:02 708616]
"Jing"="C:\Program Files\TechSmith\Jing\Jing.exe" [2008-07-16 13:44 726272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-01-17 04:02 708616]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-05 19:02 184320]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56 317152]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32 472800]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2007-11-20 17:40 731136]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24 620152]

C:\Users\suser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 09:57:36 49152]
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-05-01 23:34:15 546816]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-11-10 15:48:23 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 17:55:50 703280]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-07-14 11:58:55 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1038192643-3975570624-1541393284-1000]
"EnableNotificationsRef"=dword:00000006

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{FC6ACF01-00C3-42E7-9D80-E3C4DC82DAD1}C:\\program files\\bittyrant\\azureus.exe"= UDP:C:\program files\bittyrant\azureus.exe:Azureus
"UDP Query User{38A7A466-BE6B-4F6D-8467-0D4DBE1CFD7A}C:\\program files\\bittyrant\\azureus.exe"= TCP:C:\program files\bittyrant\azureus.exe:Azureus
"{0A214F54-CA60-4AA7-8F7F-1E6D766E9055}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{AF582C28-CA0B-4779-96A0-119145DCC440}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7C15FE9B-F6DF-4103-ACC8-5A8344F3D1E4}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{E5DBEA06-724F-4EA8-A342-1260EAF5E09D}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B6078EB2-BE30-489C-AA93-D54BD3718C7B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{77C54D98-E7B7-40FC-B180-674996920F49}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D4DCEFE3-AB16-4531-B13C-FD5459BB7231}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3F714FF8-DB9F-44D3-82D1-3AFDE35556B9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E80F5E5-F418-4C3B-B6A4-0714AA5F612B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{8CFE93AC-275E-42B5-916E-656692C8AACF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{093CF3BF-D297-4B55-A7B4-0954A3A7E9E6}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C77F2F15-0A7E-4D2E-845E-AB345164194C}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8D9109A3-2372-46E1-85F5-9D481EC50346}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{F530D326-CBC1-42EA-9C34-30E22BE07D38}C:\\windows\\system32\\wfs.exe"= UDP:C:\windows\system32\wfs.exe:Microsoft Windows Fax and Scan
"UDP Query User{E8C6F56F-D42F-42D9-8ACB-02C20E7F663C}C:\\windows\\system32\\wfs.exe"= TCP:C:\windows\system32\wfs.exe:Microsoft Windows Fax and Scan
"{C2B626AA-FFCD-42A4-B907-4D5510916682}"= UDP:C:\RECYCLER\msnmrsgrs.exe:RSXB
"{6CABF682-7F75-46CB-8F4A-0F584F38298D}"= TCP:C:\RECYCLER\msnmrsgrs.exe:RSXB
"{B0D72CD0-35F3-40CC-9442-821670EC34F9}"= UDP:6667:irc
"TCP Query User{38F2CD98-F238-4CFA-9476-BC829D08DAAF}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{0A80F3F8-6110-400A-BD27-D18918B2CAD7}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"TCP Query User{3253EA1D-4230-44F9-9A56-018AABD481F3}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{DB754407-39EA-482A-980B-79433272367D}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{CD8867EE-1DC5-4ACB-979F-FAE65BA03C68}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E4C3D8EA-6EE5-4F40-85B2-BAE67A495306}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4D6BE946-732C-43EA-BEF0-D8CD406578FC}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{162B6780-4DCD-445F-B04F-0128C7FA1634}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BF07BD08-7F60-45B4-83B5-700C77C738FC}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{39D4B611-6F72-4764-9B17-36DA79ABC7B7}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{5B1A2FB0-E02A-485B-B440-619A47BA6AAA}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{766B3510-DDA0-4B8E-A55D-8C2A780A6267}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F998642C-5829-4A2F-B68A-9CF22F90C6DD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{86D739D2-6258-4A5A-8F77-F153FC021A72}"= UDP:F:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{34846A13-4D18-4BC6-8872-AE2908110E73}"= TCP:F:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{DBCC0485-993E-4A38-93B1-42847A0AB779}"= UDP:F:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{713939AA-9272-47B4-8D2F-A7D02700C3F0}"= TCP:F:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{AFDCDF01-2DC5-498D-A090-0495356474CC}"= UDP:F:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{5C629682-8CC4-4B3F-BD57-4F805D571936}"= TCP:F:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:umi

R1 sbtis;sbtis;C:\Windows\system32\drivers\sbtis.sys [2008-04-28 14:48]
R3 b57nd60x;%SvcDispName%;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 00:25]
R3 HSX_DPV;HSX_DPV;C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-13 13:51]
S2 SBAMSvc;Sunbelt VIPRE Antivirus Service;C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe []
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 12:54]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 12:54]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 12:54]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 12:53]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 12:53]
S3 Pscdeiddpu;Pscdeiddpu;C:\Windows\system32\drivers\afd.sys [2008-01-19 01:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {B8D03542-FFB4-8617-0686-40DF3B577C64} /qb
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 19:45:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-15 19:46:59
ComboFix-quarantined-files.txt 2008-08-15 23:46:50

Pre-Run: 52,584,349,696 bytes free
Post-Run: 53,159,616,512 bytes free

285 --- E O F --- 2008-08-14 16:47:35
##################################################################
##################################################################
##################################################################



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:51 PM, on 8/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\xxxwindowCleaners\4HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CCC.lnk = ?
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...S/wlscctrl2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Unknown owner - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10953 bytes
##############################################################
##############################################################
##############################################################

Edited by iglooo101, 15 August 2008 - 05:54 PM.

Hey iglooo101,

I take it you know about "C:\Program Files\ShariahOne"