ComboFix 08-04-18.3 - Renate & Eirik 2008-04-19 10:37:55.5 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1044.18.1448 [GMT 2:00] Running from: D:\Users\Renate & Eirik\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 ))))))))))))))))))))))))))))))) . 2008-04-11 11:07 . 2008-04-11 11:07 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files 2008-04-05 00:12 . 2008-04-05 00:12 d-------- C:\Program Files\iPod 2008-04-05 00:12 . 2008-04-19 10:21 54,156 --ah----- C:\Windows\QTFont.qfn 2008-04-05 00:12 . 2008-04-05 00:12 1,409 --a------ C:\Windows\QTFont.for 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\Windows\System32\QuickTime.qts 2008-03-21 22:43 . 2008-04-19 00:34 d-------- C:\Program Files\Safari 2008-03-20 10:18 . 2008-03-20 10:18 0 --a------ C:\Windows\System32\SBRC.dat 2008-03-19 20:15 . 2008-03-19 20:15 d-------- C:\Program Files\Bonjour 2008-03-19 20:10 . 2008-03-19 20:10 d-------- C:\Program Files\Common Files\Macrovision Shared 2008-03-19 20:04 . 2008-03-19 20:04 d-------- C:\Program Files\PowerISO 2008-03-19 19:37 . 2008-03-19 19:55 d-------- C:\Users\Renate & Eirik\AppData\Roaming\Azureus 2008-03-19 19:37 . 2008-03-19 19:37 d-------- C:\Users\All Users\Azureus 2008-03-19 19:37 . 2008-03-19 19:37 d-------- C:\ProgramData\Azureus 2008-03-19 18:54 . 2008-03-19 18:54 d-------- C:\Program Files\DAEMON Tools Lite 2008-03-19 18:53 . 2008-03-19 18:53 7,678,262 --a------ C:\Windows\System32\SBSP.dat 2008-03-19 18:50 . 2008-03-19 18:50 d-------- C:\Users\Renate & Eirik\AppData\Roaming\DAEMON Tools . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-19 07:26 --------- d-----w C:\ProgramData\avg7 2008-04-18 22:30 --------- d-----w C:\Program Files\Apple Software Update 2008-04-16 16:44 --------- d-----w C:\ProgramData\DVD Shrink 2008-04-16 16:43 --------- d-----w C:\Users\Renate & Eirik\AppData\Roaming\RipIt4Me 2008-04-16 14:31 --------- d-----w C:\Users\Renate & Eirik\AppData\Roaming\ZoomBrowser EX 2008-04-12 13:28 --------- d-----w C:\Users\Renate & Eirik\AppData\Roaming\dvdcss 2008-04-11 09:08 --------- d-----w C:\Program Files\SmartFTP Client 2008-04-09 19:01 --------- d-----w C:\Users\Renate & Eirik\AppData\Roaming\AVG7 2008-04-09 18:32 --------- d-----w C:\Program Files\Windows Mail 2008-04-09 13:50 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-04 22:12 --------- d-----w C:\Program Files\iTunes 2008-04-04 22:11 --------- d-----w C:\Program Files\QuickTime 2008-03-31 20:54 --------- d-----w C:\ProgramData\ZoomBrowser 2008-03-27 17:12 --------- d-----w C:\ProgramData\CanonIJPLM 2008-03-27 14:50 --------- d-----w C:\Users\Renate & Eirik\AppData\Roaming\Ahead 2008-03-21 20:45 --------- d-----w C:\Users\Renate & Eirik\AppData\Roaming\Apple Computer 2008-03-19 18:15 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-19 16:50 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-03-19 15:55 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys 2008-03-18 21:41 --------- d-----w C:\Program Files\Java 2008-03-14 06:04 46,652 ----a-w C:\Windows\system32\drivers\scdemu.sys 2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll 2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-02-26 10:19 --------- d-----w C:\Program Files\ffdshow 2008-02-21 10:52 --------- d-----w C:\Users\Renate & Eirik\AppData\Roaming\Sony 2008-02-21 10:52 --------- d-----w C:\ProgramData\Sony 2008-02-21 10:49 --------- d-----w C:\Program Files\Sony Ericsson 2008-02-21 10:49 --------- d-----w C:\Program Files\Sony 2008-02-21 10:48 --------- d-----w C:\Program Files\Sony Setup 2008-02-21 10:48 --------- d-----w C:\Program Files\Avanquest update 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll 2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe 2008-02-13 14:38 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-13 14:35 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-13 14:35 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-13 14:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 14:33 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 14:33 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-13 14:33 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-13 14:33 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-13 14:33 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-02-13 14:33 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 14:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 14:33 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-13 14:33 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-01-29 10:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll 2007-08-30 04:35 174 --sha-w C:\Program Files\desktop.ini 2007-04-11 13:52 245,760 ----a-w C:\Program Files\Uninstall Ask Toolbar.dll 2007-10-24 21:22 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-10-24 21:22 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-10-24 21:22 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot_2008-04-19_10.16.32,99 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-19 08:07:19 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-04-19 08:21:15 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-04-19 08:07:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-04-19 08:21:16 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-04-19 08:07:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-04-19 08:21:16 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-04-19 08:09:05 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-04-19 08:22:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-04-19 08:22:57 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-04-19 08:09:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-04-19 08:22:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-04-19 08:22:52 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-04-19 08:12:10 100,480 ----a-w C:\Windows\System32\perfc009.dat + 2008-04-19 08:25:52 100,480 ----a-w C:\Windows\System32\perfc009.dat - 2008-04-19 08:12:10 76,452 ----a-w C:\Windows\System32\perfc014.dat + 2008-04-19 08:25:52 76,452 ----a-w C:\Windows\System32\perfc014.dat - 2008-04-19 08:12:10 585,880 ----a-w C:\Windows\System32\perfh009.dat + 2008-04-19 08:25:52 585,880 ----a-w C:\Windows\System32\perfh009.dat - 2008-04-19 08:12:10 452,804 ----a-w C:\Windows\System32\perfh014.dat + 2008-04-19 08:25:52 452,804 ----a-w C:\Windows\System32\perfh014.dat - 2008-04-19 08:09:35 10,326 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-821633044-241032439-2952416172-1000_UserData.bin + 2008-04-19 08:23:32 10,326 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-821633044-241032439-2952416172-1000_UserData.bin - 2008-04-19 08:09:35 55,182 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-04-19 08:23:32 55,292 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-04-18 13:55:17 49,938 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-04-19 08:23:31 49,938 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 22:32 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:34 125440] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14 147456] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-05-12 17:10 67128] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-15 00:20 171448] "RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2006-11-02 11:45 12288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-10 22:50 1006264] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 16:18 579584] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 18:08 813912] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 16:52 849280] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 18:01 644696] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400] "SoundMan"="SOUNDMAN.EXE" [2007-03-09 17:28 598016 C:\Windows\SOUNDMAN.EXE] "NvSvc"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe] "NvCplDaemon"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe] "NvMediaCenter"="RUNDLL32.exe" [2006-11-02 11:45 44544 C:\Windows\System32\rundll32.exe] "Windows Taskmanager"="svchost.exe" [2006-11-02 11:45 22016 C:\Windows\System32\svchost.exe] "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 16:30 698864] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 16:18 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2007-03-03 01:18 9216 C:\Windows\System32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-821633044-241032439-2952416172-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{47F8EC01-8E17-40D4-8401-3EEB0E218279}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe "{17835749-4479-4B9B-BE33-6E63A9A714FC}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe "{1B68B489-B660-40B6-A154-E6AD93A23D49}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe "{E37AD2B8-B421-4970-B00E-CAE28370A4EE}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe "{E307C829-764C-4A63-B3F5-951DAE80802F}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe "{19257851-8087-45C8-92C0-1588A2CFC11A}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe "{DD434D55-BE76-4A0D-8246-37E279EB59FF}"= UDP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe "{B819FDCF-DE50-43C1-948F-378B360FDE5D}"= TCP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe "{4B84468F-669E-4AB2-9A22-C3B9326136A6}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{FFBF170F-AC1C-41E6-9C55-7D49EDA6CBFE}C:\\program files\\last.fm\\lastfm.exe"= UDP:C:\program files\last.fm\lastfm.exe:LastFM "UDP Query User{043E932F-0F1F-455A-8040-23319274E382}C:\\program files\\last.fm\\lastfm.exe"= TCP:C:\program files\last.fm\lastfm.exe:LastFM "TCP Query User{BA2D94E6-CF31-4045-A591-C15472DD3AF9}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{92E74A35-F878-40D0-BF0D-75C02AFD2870}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{A63F24E8-C509-486C-B108-47AACD0A9B67}C:\\users\\renate & eirik\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\renate & eirik\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{4F051A8A-0C68-454A-B415-4878E918853A}C:\\users\\renate & eirik\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\renate & eirik\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "TCP Query User{8B851A7D-850F-4C2C-9815-595B3279F5DB}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{7AF8CAB5-2FA9-4CB2-BA81-F21075665986}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{D50E1D70-10D0-459F-9B7E-3D19A124AE63}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{E5C482C1-30C9-4415-B2A4-C3B5CBFC387D}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{289FC4B9-3A29-4145-895C-030F63EE52B7}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{C26B511A-A65A-4AAF-9CA7-244362123A57}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "TCP Query User{9D5403AC-8C13-4C39-B25E-E31F4C8FB052}C:\\program files\\last.fm\\lastfm.exe"= UDP:C:\program files\last.fm\lastfm.exe:LastFM "UDP Query User{36611ECC-7135-4FEE-909C-CA206AA6F47D}C:\\program files\\last.fm\\lastfm.exe"= TCP:C:\program files\last.fm\lastfm.exe:LastFM "{FB42F325-7CCC-4051-9D00-979C3E037C5A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{1326D6D5-DC63-4D10-8636-F03C9869A74A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{1420668B-B12F-4CCB-9C45-D1A6708514C0}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client "{5272BD07-AE36-4220-A3BA-644A5FE1D4CF}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client "TCP Query User{B6283A82-62C4-44DD-BB9A-58D3D7FE41C2}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service "UDP Query User{7AB208D0-9AC8-4310-A28F-C95857E613DD}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service "{FEBB329B-D7EF-4470-A367-71C225C1B8B1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{5C391C80-E067-47D2-A454-BFD415E02FE9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{634CE1E1-ADC6-4BB2-B3A6-1A1B48CF380F}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1 "{BBA3FB3D-7C61-4F8C-B1F1-131EF452C26B}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1 "TCP Query User{D04177F1-C739-47A6-AC81-AF79C2FBC918}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{83F16E95-E37C-44AD-B66F-7A88C3D94B1C}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{4E5D9024-1BFB-4578-B9AC-422776620695}C:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime "UDP Query User{045326E8-9516-4D7E-BBD1-EF5C1B11E520}C:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime "{1F8BEEF5-4D79-4899-B3C2-0104406D7613}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{CA79A471-5366-4AF6-A5D5-59386A395406}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 09:20] R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-19 17:55] S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2007-12-16 15:13] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{407885cc-c972-11db-bf90-00110963a65b}] \shell\AutoRun\command - F:\SETUP.EXE \shell\configure\command - F:\SETUP.EXE \shell\install\command - F:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad36b551-f5d4-11dc-9309-00110963a65b}] \shell\AutoRun\command - G:\Setup.exe . Contents of the 'Scheduled Tasks' folder "2008-04-18 20:39:09 C:\Windows\Tasks\User_Feed_Synchronization-{CC732BA1-11C5-4637-B666-AE0DD1392708}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-19 10:39:53 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-19 10:40:50 ComboFix-quarantined-files.txt 2008-04-19 08:40:32 ComboFix2.txt 2008-04-19 08:17:13 ComboFix3.txt 2008-04-19 08:01:38 ComboFix4.txt 2008-01-20 20:33:02 Pre-Run: 13,657,481,216 byte ledig Post-Run: 13,631,393,792 byte ledig 231 --- E O F --- 2008-04-09 13:50:50