1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Google redirect

Discussion in 'Malware and Virus Removal Archive' started by MommaOfLM, 2009/01/05.

  1. 2009/01/05
    MommaOfLM

    MommaOfLM Inactive Thread Starter

    Joined:
    2008/12/30
    Messages:
    5
    Likes Received:
    0
    [Active] Google redirect

    so same problem as many.
    here are my two hijackthis logs
    any help is appreciated! thanks in advance!!! :D

    info.txt logfile of random's system information tool 1.05 2009-01-05 21:42:55

    ======Uninstall list======

    --> "C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe "
    --> "C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe "
    --> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe "
    --> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe "
    --> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe "
    --> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe "
    --> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe "
    --> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe "
    --> "C:\Program Files\HP Games\FATE\Uninstall.exe "
    --> "C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe "
    --> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe "
    --> "C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe "
    --> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe "
    --> "C:\Program Files\HP Games\Magic Academy\Uninstall.exe "
    --> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe "
    --> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe "
    --> "C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe "
    --> "C:\Program Files\HP Games\Peggle\Uninstall.exe "
    --> "C:\Program Files\HP Games\Penguins!\Uninstall.exe "
    --> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe "
    --> "C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe "
    --> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe "
    --> "C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe "
    --> "C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe "
    --> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe "
    --> "C:\Program Files\HP Games\Super Granny\Uninstall.exe "
    --> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe "
    --> "C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe "
    --> "C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe "
    --> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe "
    -->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
    3DVIA player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
    Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
    Adobe Shockwave Player-->C:\WINDOWS\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\System32\Adobe\SHOCKW~1\Install.log
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    BlackBerry Desktop Software 4.5-->MsiExec.exe /I{CE5E3F15-320A-4865-97D3-F07227C5BB2F}
    BlackBerry Desktop Software 4.5-->MsiExec.exe /i{CE5E3F15-320A-4865-97D3-F07227C5BB2F}
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
    DVD Shrink 3.2--> "C:\Program Files\DVD Shrink\unins000.exe "
    Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
    Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
    Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
    Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
    HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
    HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}\setup.exe" -l0x9 -removeonly
    HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
    HP Demo-->MsiExec.exe /I{9A379E7A-22ED-44FF-9293-E393D704505D}
    HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}\setup.exe" -l0x9 -removeonly
    HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
    HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
    HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
    HP Total Care Advisor-->MsiExec.exe /X{fef8097e-662d-49b3-aa77-2919db3746d7}
    HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
    Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
    Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    Kids Cam Show and Share Creativity Center -->C:\PROGRA~1\KIDSCA~1\Setup.exe /remove /q0
    LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
    LightScribe System Software 1.10.23.1-->MsiExec.exe /X{0E19A83E-F53B-40CF-8C91-96F32D955E6A}
    LightScribeTemplateLabeler-->MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
    McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
    Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
    Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{5115C036-C0D5-4E1B-81C9-542CA967478A}\muveesetup.exe -removeonly -runfromtemp
    My HP Games--> "C:\Program Files\HP Games\Uninstall.exe "
    Palm Desktop by ACCESS-->MsiExec.exe /X{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}
    PokerStars--> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:pokerStars
    Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
    PowerDirector--> "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
    Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
    QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
    Roxio Media Manager-->MsiExec.exe /X{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}
    Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
    Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
    Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
    Uninstall Dual Mode Camera--> "C:\Program Files\JL2005B\unins000.exe "
    VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    Xilisoft DVD Creator-->C:\Program Files\Xilisoft\DVD Creator3\Uninstall.exe
    Xilisoft Video Converter Ultimate-->C:\Program Files\Xilisoft\Video Converter Ultimate\Uninstall.exe

    ======Security center information======

    AS: Windows Defender

    System event log

    Computer Name: Family-PC
    Event Code: 7036
    Message: The Windows Modules Installer service entered the running state.
    Record Number: 22925
    Source Name: Service Control Manager
    Time Written: 20090106041517.000000-000
    Event Type: Information
    User:

    Computer Name: Family-PC
    Event Code: 7036
    Message: The Windows Modules Installer service entered the stopped state.
    Record Number: 22926
    Source Name: Service Control Manager
    Time Written: 20090106042517.000000-000
    Event Type: Information
    User:

    Computer Name: Family-PC
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
    Record Number: 22927
    Source Name: Tcpip
    Time Written: 20090106042801.378895-000
    Event Type: Warning
    User:

    Computer Name: Family-PC
    Event Code: 7036
    Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
    Record Number: 22928
    Source Name: Service Control Manager
    Time Written: 20090106043138.000000-000
    Event Type: Information
    User:

    Computer Name: Family-PC
    Event Code: 7036
    Message: The Application Information service entered the running state.
    Record Number: 22929
    Source Name: Service Control Manager
    Time Written: 20090106044146.000000-000
    Event Type: Information
    User:

    Application event log

    Computer Name: Family-PC
    Event Code: 8194
    Message: Successfully created restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint).
    Record Number: 3572
    Source Name: System Restore
    Time Written: 20090105164941.000000-000
    Event Type: Information
    User:

    Computer Name: Family-PC
    Event Code: 8211
    Message: Successfully created scheduled restore point.
    Record Number: 3573
    Source Name: System Restore
    Time Written: 20090105164941.000000-000
    Event Type: Information
    User:

    Computer Name: Family-PC
    Event Code: 8224
    Message: The VSS service is shutting down due to idle timeout.
    Record Number: 3574
    Source Name: VSS
    Time Written: 20090105165241.000000-000
    Event Type: Information
    User:

    Computer Name: Family-PC
    Event Code: 5000
    Message: McShield service started.
    Engine version : 5300.2777
    DAT version : 5485.0000

    Number of signatures in EXTRA.DAT : None
    Names of threats that EXTRA.DAT can detect : None
    Record Number: 3575
    Source Name: McLogEvent
    Time Written: 20090105193526.000000-000
    Event Type: Information
    User: NT AUTHORITY\SYSTEM

    Computer Name: Family-PC
    Event Code: 5
    Message: Unsupported service control request (see data below)
    Record Number: 3576
    Source Name: LightScribeService
    Time Written: 20090106044254.000000-000
    Event Type: Information
    User:

    Security event log

    Computer Name: Family-PC
    Event Code: 5038
    Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

    File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
    Record Number: 4744
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090106044251.236695-000
    Event Type: Audit Failure
    User:

    Computer Name: Family-PC
    Event Code: 5038
    Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

    File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
    Record Number: 4745
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090106044251.267895-000
    Event Type: Audit Failure
    User:

    Computer Name: Family-PC
    Event Code: 5038
    Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

    File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
    Record Number: 4746
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090106044251.283495-000
    Event Type: Audit Failure
    User:

    Computer Name: Family-PC
    Event Code: 5038
    Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

    File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
    Record Number: 4747
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090106044251.314695-000
    Event Type: Audit Failure
    User:

    Computer Name: Family-PC
    Event Code: 5038
    Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

    File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
    Record Number: 4748
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090106044251.345895-000
    Event Type: Audit Failure
    User:

    ======Environment variables======

    "ComSpec "=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK "=NO
    "OS "=Windows_NT
    "Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
    "PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE "=x86
    "TEMP "=%SystemRoot%\TEMP
    "TMP "=%SystemRoot%\TEMP
    "USERNAME "=SYSTEM
    "windir "=%SystemRoot%
    "PROCESSOR_LEVEL "=6
    "PROCESSOR_IDENTIFIER "=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    "PROCESSOR_REVISION "=0f0d
    "NUMBER_OF_PROCESSORS "=2
    "TRACE_FORMAT_SEARCH_PATH "=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
    "DFSTRACINGON "=FALSE
    "PLATFORM "=HPD
    "PCBRAND "=Pavilion
    "OnlineServices "=Online Services
    "CLASSPATH "=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
    "QTJAVA "=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

    -----------------EOF-----------------


    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Family at 2009-01-05 21:42:04
    Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 1
    System drive C: has 231 GB (69%) free of 334 GB
    Total RAM: 3062 MB (66% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:42:53 PM, on 1/5/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\WINDOWS\RtHDVCpl.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Users\Family\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N7SVGPI\RSIT[1].exe
    C:\Program Files\trend micro\Family.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whatwashomepage.com/?q=h...twashomepage.com/?q=http://www.comcast.net/a/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe "
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Family\Program Files\DNA\btdna.exe "
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.iexplorersecurity.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.iexplorersecurity.com/redirect.php (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9470 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\McDefragTask.job
    C:\Windows\tasks\McQcTask.job
    C:\Windows\tasks\User_Feed_Synchronization-{F1B4F7F2-6908-47CD-B4EC-23C49F8EABCA}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-04-07 501400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
    scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
    "RtHDVCpl "=C:\Windows\RtHDVCpl.exe [2008-07-03 6266880]
    "hpsysdrv "=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
    "KBD "=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
    "OsdMaestro "=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
    "HP Health Check Scheduler "=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-04-07 132760]
    " "= []
    "IgfxTray "=C:\Windows\system32\igfxtray.exe [2008-03-25 141848]
    "HotKeysCmds "=C:\Windows\system32\hkcmd.exe [2008-03-25 166424]
    "Persistence "=C:\Windows\system32\igfxpers.exe [2008-03-25 133656]
    "mcagent_exe "=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
    "iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
    "IAAnotif "=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2008-06-02 178712]
    "HP Software Update "=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
    "HotSync "=C:\Program Files\PalmSource\Desktop\HotSync.exe -AllUsers []
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
    "RoxWatchTray "=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-03-06 236016]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "HPAdvisor "=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-01-18 942080]
    "BitTorrent DNA "=C:\Users\Family\Program Files\DNA\btdna.exe [2008-12-19 342848]
    "WMPNSCFG "=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
    "ehTray.exe "=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
    "Uniblue RegistryBooster 2009 "=c:\program files\uniblue\registrybooster\StartRegistryBooster.exe []

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe
    Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\Windows\system32\igfxdev.dll [2008-03-25 204800]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1
    "EnableUIADesktopToggle "=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe "= "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink "
    "C:\Program Files\BitTorrent\bittorrent.exe "= "C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======List of files/folders created in the last 3 months======

    2009-01-05 21:42:04 ----D---- C:\rsit
    2009-01-02 18:54:58 ----D---- C:\Users\Family\AppData\Roaming\Research In Motion
    2009-01-02 18:48:47 ----D---- C:\ProgramData\InstallShield
    2009-01-02 18:48:43 ----D---- C:\ProgramData\Sonic
    2009-01-02 18:48:19 ----ASH---- C:\Users\Family\AppData\Roaming\desktop.ini
    2009-01-02 18:46:34 ----D---- C:\Program Files\Common Files\Sonic Shared
    2009-01-02 18:46:33 ----D---- C:\ProgramData\Roxio
    2009-01-02 18:46:33 ----D---- C:\Program Files\Roxio
    2009-01-02 18:46:26 ----D---- C:\Program Files\Common Files\Roxio Shared
    2009-01-02 18:39:56 ----D---- C:\Program Files\Common Files\Research In Motion
    2009-01-02 18:39:50 ----D---- C:\Program Files\Research In Motion
    2008-12-30 20:34:58 ----D---- C:\Program Files\Trend Micro
    2008-12-30 17:37:56 ----D---- C:\Users\Family\AppData\Roaming\Xilisoft Corporation
    2008-12-30 17:37:24 ----D---- C:\Program Files\Xilisoft
    2008-12-30 17:37:05 ----A---- C:\Windows\system32\javan.exe
    2008-12-27 23:54:47 ----D---- C:\Users\Family\AppData\Roaming\Google
    2008-12-27 23:52:50 ----D---- C:\Program Files\Google
    2008-12-26 18:31:26 ----D---- C:\Program Files\MyDSC2
    2008-12-26 18:31:26 ----D---- C:\Program Files\Mars
    2008-12-26 18:31:26 ----D---- C:\Program Files\JL2005C
    2008-12-26 18:31:25 ----D---- C:\Program Files\JL2005B
    2008-12-26 18:31:07 ----A---- C:\aa.txt
    2008-12-26 18:31:05 ----N---- C:\Windows\system32\PTTreeIcons.dll
    2008-12-26 18:30:48 ----D---- C:\Program Files\Kids Cam Show and Share Creativity Center
    2008-12-26 16:25:26 ----D---- C:\Program Files\Adobe
    2008-12-25 22:58:26 ----D---- C:\Program Files\WebMediaViewer
    2008-12-21 02:11:40 ----D---- C:\ProgramData\HotSync
    2008-12-18 23:03:36 ----A---- C:\Windows\system32\mshtml.dll
    2008-12-17 23:05:20 ----D---- C:\Users\Family\AppData\Roaming\DivX
    2008-12-17 23:05:09 ----D---- C:\Program Files\Common Files\PX Storage Engine
    2008-12-17 23:05:01 ----D---- C:\Program Files\DivX
    2008-12-17 21:39:11 ----D---- C:\Users\Family\AppData\Roaming\AVS4YOU
    2008-12-17 21:39:10 ----D---- C:\ProgramData\AVS4YOU
    2008-12-17 21:38:41 ----D---- C:\Program Files\Common Files\AVSMedia
    2008-12-17 21:38:40 ----A---- C:\Windows\system32\mfc70.dll
    2008-12-17 21:38:39 ----D---- C:\Program Files\AVS4YOU
    2008-12-17 21:38:39 ----A---- C:\Windows\system32\msxml3a.dll
    2008-12-17 21:38:39 ----A---- C:\Windows\system32\msvcp70.dll
    2008-12-17 21:38:39 ----A---- C:\Windows\system32\GdiPlus.dll
    2008-12-17 21:33:39 ----D---- C:\Users\Family\AppData\Roaming\Uniblue
    2008-12-17 21:29:37 ----D---- C:\Users\Family\AppData\Roaming\MPEG Streamclip
    2008-12-16 08:06:48 ----D---- C:\Windows\system32\Adobe
    2008-12-15 17:10:44 ----A---- C:\Windows\RTKAUDIOSERVICE.EXE
    2008-12-15 17:09:12 ----A---- C:\Windows\DIFxAPI.dll
    2008-12-15 17:09:08 ----A---- C:\Windows\system32\RtkPgExt.dll
    2008-12-15 17:09:08 ----A---- C:\Windows\system32\RtkApoApi.dll
    2008-12-15 17:09:08 ----A---- C:\Windows\RtlUpd.exe
    2008-12-15 17:09:07 ----D---- C:\Program Files\Realtek
    2008-12-15 17:09:07 ----A---- C:\Windows\RtHDVCpl.exe
    2008-12-15 17:09:06 ----A---- C:\Windows\RtlExUpd.dll
    2008-12-15 17:09:06 ----A---- C:\Windows\HideWin.exe
    2008-12-15 17:08:05 ----D---- C:\Program Files\Intel
    2008-12-15 17:07:32 ----D---- C:\Users\Family\AppData\Roaming\InstallShield
    2008-12-15 17:07:29 ----D---- C:\Users\Family\AppData\Roaming\WinBatch
    2008-12-14 15:28:39 ----D---- C:\Users\Family\AppData\Roaming\HotSync
    2008-12-14 15:28:39 ----A---- C:\Windows\family.ini
    2008-12-13 14:46:36 ----D---- C:\Program Files\MSXML 4.0
    2008-12-13 13:50:22 ----SHD---- C:\Windows\ftpcache
    2008-12-13 13:24:33 ----D---- C:\Users\Family\AppData\Roaming\Arcsoft
    2008-12-13 13:23:21 ----D---- C:\Program Files\Palm
    2008-12-12 19:50:55 ----D---- C:\Users\Family\AppData\Roaming\iWin
    2008-12-11 17:27:18 ----A---- C:\Windows\system32\tzres.dll
    2008-12-11 05:37:02 ----A---- C:\Windows\system32\Apphlpdm.dll
    2008-12-11 05:37:00 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
    2008-12-11 05:36:53 ----A---- C:\Windows\system32\gdi32.dll
    2008-12-11 05:36:46 ----A---- C:\Windows\system32\shell32.dll
    2008-12-11 05:36:38 ----A---- C:\Windows\explorer.exe
    2008-12-11 05:36:32 ----A---- C:\Windows\system32\wininet.dll
    2008-12-11 05:36:32 ----A---- C:\Windows\system32\urlmon.dll
    2008-12-11 05:36:32 ----A---- C:\Windows\system32\ieframe.dll
    2008-12-11 05:36:31 ----A---- C:\Windows\system32\mstime.dll
    2008-12-11 05:36:29 ----A---- C:\Windows\system32\iertutil.dll
    2008-12-11 05:36:26 ----A---- C:\Windows\system32\jsproxy.dll
    2008-12-11 05:36:22 ----A---- C:\Windows\system32\WMVCORE.DLL
    2008-12-11 05:36:22 ----A---- C:\Windows\system32\mf.dll
    2008-12-11 05:36:19 ----A---- C:\Windows\system32\WMNetMgr.dll
    2008-12-11 05:36:19 ----A---- C:\Windows\system32\logagent.exe
    2008-12-09 19:19:19 ----D---- C:\Program Files\QuickTime
    2008-12-08 19:51:40 ----D---- C:\ProgramData\Sandlot Games
    2008-11-30 12:52:35 ----D---- C:\ProgramData\DVD Shrink
    2008-11-30 12:52:34 ----D---- C:\Program Files\DVD Shrink
    2008-11-27 23:51:04 ----D---- C:\Users\Family\AppData\Roaming\WinRAR
    2008-11-27 23:50:41 ----D---- C:\Program Files\WinRAR
    2008-11-27 12:06:06 ----D---- C:\Program Files\Oberon Media
    2008-11-27 12:06:05 ----D---- C:\Program Files\Common Files\Oberon Media
    2008-11-27 12:06:05 ----D---- C:\Program Files\Chill
    2008-11-26 12:37:21 ----A---- C:\Windows\system32\PortableDeviceApi.dll
    2008-11-26 12:35:48 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
    2008-11-26 12:35:48 ----A---- C:\Windows\system32\WindowsCodecs.dll
    2008-11-26 12:35:48 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
    2008-11-26 12:32:54 ----A---- C:\Windows\system32\connect.dll
    2008-11-24 14:35:37 ----A---- C:\Windows\system32\wups2.dll
    2008-11-24 14:35:37 ----A---- C:\Windows\system32\wuauclt.exe
    2008-11-24 14:35:36 ----A---- C:\Windows\system32\wucltux.dll
    2008-11-24 14:35:36 ----A---- C:\Windows\system32\wuaueng.dll
    2008-11-24 14:35:20 ----A---- C:\Windows\system32\wups.dll
    2008-11-24 14:35:20 ----A---- C:\Windows\system32\wudriver.dll
    2008-11-24 14:35:20 ----A---- C:\Windows\system32\wuapi.dll
    2008-11-24 14:35:13 ----A---- C:\Windows\system32\wuwebv.dll
    2008-11-24 14:35:13 ----A---- C:\Windows\system32\wuapp.exe
    2008-11-23 23:03:47 ----AD---- C:\ProgramData\TEMP
    2008-11-23 20:18:57 ----A---- C:\Windows\system32\d3dx9_35.dll
    2008-11-23 20:18:55 ----A---- C:\Windows\system32\d3dx9_31.dll
    2008-11-23 20:18:46 ----D---- C:\Program Files\Virtools
    2008-11-23 02:57:31 ----D---- C:\Users\Family\AppData\Roaming\vlc
    2008-11-23 02:56:36 ----D---- C:\Program Files\VideoLAN
    2008-11-23 02:44:19 ----D---- C:\Users\Family\AppData\Roaming\Apple Computer
    2008-11-23 02:44:12 ----A---- C:\Windows\system32\GEARAspi.dll
    2008-11-23 02:44:11 ----DC---- C:\Windows\system32\DRVSTORE
    2008-11-23 02:43:57 ----D---- C:\Program Files\iPod
    2008-11-23 02:43:55 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-23 02:43:55 ----D---- C:\Program Files\iTunes
    2008-11-23 02:43:19 ----D---- C:\Program Files\Bonjour
    2008-11-23 02:42:48 ----D---- C:\ProgramData\Apple Computer
    2008-11-23 02:42:31 ----D---- C:\Program Files\Apple Software Update
    2008-11-23 02:41:49 ----D---- C:\ProgramData\Apple
    2008-11-23 02:41:49 ----D---- C:\Program Files\Common Files\Apple
    2008-11-23 02:09:33 ----D---- C:\Users\Family\AppData\Roaming\BitTorrent
    2008-11-23 02:09:16 ----D---- C:\Users\Family\AppData\Roaming\DNA
    2008-11-23 02:09:16 ----D---- C:\Program Files\DNA
    2008-11-23 02:09:15 ----D---- C:\Program Files\BitTorrent
    2008-11-23 01:08:07 ----D---- C:\Program Files\PokerStars
    2008-11-23 01:07:40 ----D---- C:\Users\Family\AppData\Roaming\Adobe
    2008-11-23 01:05:00 ----D---- C:\Windows\SoftwareDistribution
    2008-11-23 01:02:55 ----SHD---- C:\System Volume Information
    2008-11-23 00:39:55 ----A---- C:\Windows\system32\dunzip32.dll
    2008-11-23 00:37:54 ----D---- C:\Program Files\McAfee.com
    2008-11-23 00:37:52 ----D---- C:\Program Files\McAfee
    2008-11-23 00:37:52 ----D---- C:\Program Files\Common Files\McAfee
    2008-11-23 00:30:32 ----D---- C:\ProgramData\McAfee
    2008-11-23 00:25:35 ----A---- C:\Windows\system32\msshooks.dll
    2008-11-23 00:25:34 ----A---- C:\Windows\system32\msscb.dll
    2008-11-23 00:25:33 ----A---- C:\Windows\system32\wsepno.dll
    2008-11-23 00:25:33 ----A---- C:\Windows\system32\thawbrkr.dll
    2008-11-23 00:25:33 ----A---- C:\Windows\system32\srchadmin.dll
    2008-11-23 00:25:33 ----A---- C:\Windows\system32\SearchFilterHost.exe
    2008-11-23 00:25:33 ----A---- C:\Windows\system32\rtffilt.dll
    2008-11-23 00:25:33 ----A---- C:\Windows\system32\propsys.dll
    2008-11-23 00:25:33 ----A---- C:\Windows\system32\propdefs.dll
    2008-11-23 00:25:33 ----A---- C:\Windows\system32\offfilt.dll
    2008-11-23 00:25:33 ----A---- C:\Windows\system32\msstrc.dll
    2008-11-23 00:25:33 ----A---- C:\Windows\system32\mssprxy.dll
    2008-11-23 00:25:33 ----A---- C:\Windows\system32\mssitlb.dll
    2008-11-23 00:25:33 ----A---- C:\Windows\system32\msshsq.dll
    2008-11-23 00:25:33 ----A---- C:\Windows\system32\mimefilt.dll
    2008-11-23 00:25:33 ----A---- C:\Windows\system32\korwbrkr.dll
    2008-11-23 00:25:32 ----A---- C:\Windows\system32\xmlfilter.dll
    2008-11-23 00:25:32 ----A---- C:\Windows\system32\tquery.dll
    2008-11-23 00:25:32 ----A---- C:\Windows\system32\SearchProtocolHost.exe
    2008-11-23 00:25:32 ----A---- C:\Windows\system32\SearchIndexer.exe
    2008-11-23 00:25:32 ----A---- C:\Windows\system32\nlhtml.dll
    2008-11-23 00:25:32 ----A---- C:\Windows\system32\mssvp.dll
    2008-11-23 00:25:32 ----A---- C:\Windows\system32\mssrch.dll
    2008-11-23 00:25:32 ----A---- C:\Windows\system32\mssphtb.dll
    2008-11-23 00:25:32 ----A---- C:\Windows\system32\mssph.dll
    2008-11-23 00:25:32 ----A---- C:\Windows\system32\msscntrs.dll
    2008-11-23 00:25:32 ----A---- C:\Windows\system32\chtbrkr.dll
    2008-11-23 00:25:32 ----A---- C:\Windows\system32\chsbrkr.dll
    2008-11-23 00:21:55 ----D---- C:\Windows\system32\x64
    2008-11-23 00:18:34 ----A---- C:\Windows\system32\NlsLexicons0007.dll
    2008-11-23 00:18:31 ----A---- C:\Windows\system32\NlsLexicons0009.dll
    2008-11-23 00:18:23 ----A---- C:\Windows\system32\NaturalLanguage6.dll
    2008-11-23 00:17:54 ----A---- C:\Windows\system32\EncDec.dll
    2008-11-23 00:17:53 ----A---- C:\Windows\system32\psisdecd.dll
    2008-11-23 00:17:43 ----D---- C:\Users\Family\AppData\Roaming\Symantec
    2008-11-23 00:17:17 ----D---- C:\Users\Family\AppData\Roaming\Snapfish
    2008-11-23 00:17:02 ----D---- C:\Users\Family\AppData\Roaming\Identities
    2008-11-23 00:16:28 ----A---- C:\Windows\system32\IPSECSVC.DLL
    2008-11-23 00:16:26 ----A---- C:\Windows\system32\gameux.dll
    2008-11-23 00:16:21 ----A---- C:\Windows\system32\rpcrt4.dll
    2008-11-23 00:16:20 ----A---- C:\Windows\system32\pacerprf.dll
    2008-11-23 00:16:10 ----A---- C:\Windows\system32\es.dll
    2008-11-23 00:16:07 ----A---- C:\Windows\system32\wmpeffects.dll
    2008-11-23 00:16:05 ----A---- C:\Windows\system32\msxml3.dll
    2008-11-23 00:15:59 ----A---- C:\Windows\system32\winload.exe
    2008-11-23 00:15:59 ----A---- C:\Windows\system32\kd1394.dll
    2008-11-23 00:15:59 ----A---- C:\Windows\system32\ci.dll
    2008-11-23 00:15:58 ----A---- C:\Windows\system32\winresume.exe
    2008-11-23 00:15:57 ----A---- C:\Windows\system32\srdelayed.exe
    2008-11-23 00:15:57 ----A---- C:\Windows\system32\srcore.dll
    2008-11-23 00:15:57 ----A---- C:\Windows\system32\srclient.dll
    2008-11-23 00:15:57 ----A---- C:\Windows\system32\setbcdlocale.dll
    2008-11-23 00:15:57 ----A---- C:\Windows\system32\rstrui.exe
    2008-11-23 00:15:57 ----A---- C:\Windows\system32\kbd106n.dll
    2008-11-23 00:15:44 ----A---- C:\Windows\system32\wersvc.dll
    2008-11-23 00:15:44 ----A---- C:\Windows\system32\Faultrep.dll
    2008-11-23 00:15:43 ----A---- C:\Windows\system32\win32spl.dll
    2008-11-23 00:15:43 ----A---- C:\Windows\system32\emdmgmt.dll
    2008-11-23 00:15:42 ----A---- C:\Windows\system32\dataclen.dll
    2008-11-23 00:15:42 ----A---- C:\Windows\system32\cdd.dll
    2008-11-23 00:15:28 ----A---- C:\Windows\system32\vbscript.dll
    2008-11-23 00:15:28 ----A---- C:\Windows\system32\jscript.dll
    2008-11-23 00:15:27 ----A---- C:\Windows\system32\wshext.dll
    2008-11-23 00:15:27 ----A---- C:\Windows\system32\wscript.exe
    2008-11-23 00:15:27 ----A---- C:\Windows\system32\scrrun.dll
    2008-11-23 00:15:27 ----A---- C:\Windows\system32\scrobj.dll
    2008-11-23 00:15:27 ----A---- C:\Windows\system32\inetcomm.dll
    2008-11-23 00:15:27 ----A---- C:\Windows\system32\cscript.exe
    2008-11-23 00:15:26 ----A---- C:\Windows\system32\quartz.dll
    2008-11-23 00:15:24 ----A---- C:\Windows\system32\msxml6.dll
    2008-11-23 00:15:21 ----A---- C:\Windows\system32\ntoskrnl.exe
    2008-11-23 00:15:21 ----A---- C:\Windows\system32\ntkrnlpa.exe
    2008-11-23 00:15:03 ----D---- C:\Users\Family\AppData\Roaming\Macromedia
    2008-11-23 00:14:40 ----D---- C:\Users\Family\AppData\Roaming\Hewlett-Packard
    2008-11-23 00:12:31 ----SD---- C:\Users\Family\AppData\Roaming\Microsoft
    2008-11-23 00:12:31 ----D---- C:\Users\Family\AppData\Roaming\Media Center Programs
    2008-11-23 00:11:57 ----A---- C:\Windows\system32\netapi32.dll
    2008-11-23 00:08:48 ----SHD---- C:\ProgramData\Templates
    2008-11-23 00:08:48 ----SHD---- C:\ProgramData\Start Menu
    2008-11-23 00:08:48 ----SHD---- C:\ProgramData\Favorites
    2008-11-23 00:08:48 ----SHD---- C:\ProgramData\Documents
    2008-11-23 00:08:48 ----SHD---- C:\ProgramData\Desktop
    2008-11-23 00:08:48 ----SHD---- C:\ProgramData\Application Data
    2008-11-23 00:08:48 ----SHD---- C:\Documents and Settings
    2008-11-21 14:44:38 ----A---- C:\Windows\system32\DivXCodecVersionChecker.exe

    ======List of files/folders modified in the last 3 months======

    2009-01-05 21:42:50 ----D---- C:\Windows\Temp
    2009-01-05 21:42:43 ----D---- C:\WINDOWS
    2009-01-05 21:42:25 ----D---- C:\Windows\Prefetch
    2009-01-05 07:36:43 ----D---- C:\Windows\System32
    2009-01-05 07:36:43 ----D---- C:\Windows\inf
    2009-01-05 07:36:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-01-04 09:18:30 ----D---- C:\Windows\system32\Tasks
    2009-01-02 18:56:22 ----D---- C:\Windows\system32\drivers
    2009-01-02 18:48:54 ----SHD---- C:\Windows\Installer
    2009-01-02 18:48:47 ----D---- C:\ProgramData
    2009-01-02 18:47:36 ----SD---- C:\Windows\Downloaded Program Files
    2009-01-02 18:47:19 ----D---- C:\Windows\system32\catroot
    2009-01-02 18:47:12 ----RSD---- C:\Windows\Fonts
    2009-01-02 18:46:34 ----D---- C:\Program Files\Common Files
    2009-01-02 18:46:33 ----D---- C:\Program Files\Common Files\InstallShield
    2009-01-02 18:46:33 ----D---- C:\Program Files
    2008-12-26 18:31:25 ----D---- C:\Windows\twain_32
    2008-12-26 16:25:38 ----D---- C:\Program Files\Common Files\Adobe
    2008-12-26 16:25:35 ----D---- C:\ProgramData\Adobe
    2008-12-26 16:25:12 ----D---- C:\Windows\winsxs
    2008-12-22 17:33:07 ----D---- C:\Windows\system32\Macromed
    2008-12-22 02:34:46 ----D---- C:\Windows\system32\catroot2
    2008-12-17 22:23:54 ----D---- C:\Windows\Tasks
    2008-12-15 17:15:43 ----D---- C:\Program Files\HP
    2008-12-15 17:10:10 ----D---- C:\Windows\system32\RTCOM
    2008-12-15 17:09:07 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-12-14 20:18:22 ----D---- C:\Windows\system32\WDI
    2008-12-12 03:11:01 ----D---- C:\Windows\rescache
    2008-12-12 02:04:38 ----D---- C:\Windows\system32\en-US
    2008-12-12 02:04:38 ----D---- C:\Windows\AppPatch
    2008-12-12 02:04:38 ----D---- C:\Program Files\Windows Mail
    2008-12-09 16:24:37 ----A---- C:\Windows\system32\mrt.exe
    2008-11-30 10:43:43 ----HD---- C:\hp
    2008-11-30 02:17:07 ----D---- C:\Windows\system32\NDF
    2008-11-25 16:41:50 ----D---- C:\Windows\system32\LogFiles
    2008-11-24 00:25:33 ----D---- C:\ProgramData\Microsoft
    2008-11-23 03:37:17 ----D---- C:\Windows\Logs
    2008-11-23 02:43:09 ----D---- C:\Program Files\Internet Explorer
    2008-11-23 01:09:27 ----D---- C:\Windows\Debug
    2008-11-23 01:05:16 ----D---- C:\Windows\Panther
    2008-11-23 00:53:25 ----D---- C:\Windows\Microsoft.NET
    2008-11-23 00:53:09 ----RSD---- C:\Windows\assembly
    2008-11-23 00:43:08 ----D---- C:\Program Files\Common Files\Symantec Shared
    2008-11-23 00:43:06 ----D---- C:\Program Files\Yahoo!
    2008-11-23 00:41:30 ----D---- C:\Windows\ehome
    2008-11-23 00:41:26 ----D---- C:\Windows\PolicyDefinitions
    2008-11-23 00:41:20 ----D---- C:\Windows\system32\Boot
    2008-11-23 00:41:14 ----D---- C:\Windows\system32\migration
    2008-11-23 00:36:18 ----D---- C:\ProgramData\Symantec
    2008-11-23 00:18:42 ----D---- C:\ProgramData\Hewlett-Packard
    2008-11-23 00:17:13 ----SHD---- C:\$Recycle.Bin
    2008-11-23 00:16:58 ----D---- C:\Windows\system
    2008-11-23 00:13:26 ----D---- C:\Windows\system32\restore
    2008-11-23 00:13:12 ----RD---- C:\Program Files\Online Services
    2008-11-23 00:12:38 ----D---- C:\Windows\SMINST
    2008-11-23 00:12:21 ----RD---- C:\Users

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2007-11-22 201320]
    R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 125728]
    R1 navigator;navigator; C:\Windows\fd.dll []
    R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
    R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
    R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2008-01-20 159744]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
    R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
    R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]
    R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304]
    R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240]
    R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488]
    R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
    R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
    R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
    R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
    S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
    S3 JL2005C;Dual Mode Camera; C:\Windows\System32\Drivers\jl2005c.sys [2008-01-15 62762]
    S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832]
    S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
    S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
    S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
    S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys [2007-12-04 16640]
    S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2007-05-31 22656]
    S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
    S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
    S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
    S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
    S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2008-06-02 354840]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-19 79136]
    R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
    R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
    R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
    R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
    R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
    R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
    S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
    S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-03-06 313840]
    S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-03-06 170480]
    S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
    S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
    S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-03-06 1108464]

    -----------------EOF-----------------
     
    MommaOfLM,
    #1
  2. 2009/01/05
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS MommaOfLM :)

    Download ComboFix by sUBs from here, saving the file to your desktop.


    Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click ComboFix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    **NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2009/01/05
    MommaOfLM

    MommaOfLM Inactive Thread Starter

    Joined:
    2008/12/30
    Messages:
    5
    Likes Received:
    0
    combo fix log

    ComboFix 09-01-05.04 - Family 2009-01-05 22:20:35.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.2019 [GMT -7:00]
    Running from: c:\users\Family\Desktop\ComboFix.exe
    * Created a new restore point
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\webmediaviewer
    c:\program files\webmediaviewer\myc.ico
    c:\program files\webmediaviewer\myd.ico
    c:\program files\webmediaviewer\mym.ico
    c:\program files\webmediaviewer\myp.ico
    c:\program files\webmediaviewer\myv.ico
    c:\program files\webmediaviewer\Online Spyware Test.lnk
    c:\program files\webmediaviewer\ot.ico
    c:\program files\webmediaviewer\Run Virus Scan.lnk
    c:\program files\webmediaviewer\ts.ico
    c:\users\Family\Desktop\4C7645E2B4DA82C0\
    c:\users\Family\Desktop\4C7645E2B4DA82C0\\4C7645E2B4DA82C0
    c:\users\Family\Desktop\4C7645E2B4DA82C0\4C7645E2B4DA82C0
    c:\users\Family\Documents\My Documents.url
    c:\windows\system32\x64

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_4C7645E2B4DA82C0


    ((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
    .

    2009-01-05 21:42 . 2009-01-05 21:42 <DIR> d-------- C:\rsit
    2009-01-02 18:54 . 2009-01-02 18:54 <DIR> d-------- c:\users\Family\AppData\Roaming\Research In Motion
    2009-01-02 18:48 . 2009-01-02 18:48 <DIR> d-------- c:\users\All Users\Sonic
    2009-01-02 18:48 . 2009-01-02 18:48 <DIR> d-------- c:\users\All Users\InstallShield
    2009-01-02 18:48 . 2009-01-02 18:48 <DIR> d-------- c:\programdata\Sonic
    2009-01-02 18:48 . 2009-01-02 18:48 <DIR> d-------- c:\programdata\InstallShield
    2009-01-02 18:46 . 2009-01-02 18:48 <DIR> d-------- c:\users\All Users\Roxio
    2009-01-02 18:46 . 2009-01-02 18:48 <DIR> d-------- c:\programdata\Roxio
    2009-01-02 18:46 . 2009-01-02 18:47 <DIR> d-------- c:\program files\Roxio
    2009-01-02 18:46 . 2009-01-02 18:46 <DIR> d-------- c:\program files\Common Files\Sonic Shared
    2009-01-02 18:46 . 2009-01-02 18:47 <DIR> d-------- c:\program files\Common Files\Roxio Shared
    2009-01-02 18:40 . 2007-01-18 10:24 26,496 --a------ c:\windows\System32\drivers\RimSerial.sys
    2009-01-02 18:39 . 2009-01-02 18:39 <DIR> d-------- c:\program files\Research In Motion
    2009-01-02 18:39 . 2009-01-02 18:40 <DIR> d-------- c:\program files\Common Files\Research In Motion
    2008-12-30 20:34 . 2009-01-05 21:42 <DIR> d-------- c:\program files\Trend Micro
    2008-12-30 17:37 . 2008-12-30 17:37 <DIR> d-------- c:\users\Family\AppData\Roaming\Xilisoft Corporation
    2008-12-30 17:37 . 2008-12-30 18:37 <DIR> d-------- c:\program files\Xilisoft
    2008-12-30 17:37 . 2008-12-27 07:26 1,736,704 --a------ c:\windows\System32\javan.exe
    2008-12-27 23:52 . 2008-12-31 00:50 <DIR> d-------- c:\program files\Google
    2008-12-26 18:31 . 2008-12-26 18:31 <DIR> d-------- c:\program files\MyDSC2
    2008-12-26 18:31 . 2008-12-26 18:31 <DIR> d-------- c:\program files\Mars
    2008-12-26 18:31 . 2008-12-26 18:31 <DIR> d-------- c:\program files\JL2005C
    2008-12-26 18:31 . 2008-12-26 18:31 <DIR> d-------- c:\program files\JL2005B
    2008-12-26 18:31 . 2005-12-15 17:34 135,168 --a------ c:\windows\System32\jl_jdct.drv
    2008-12-26 18:31 . 2006-04-11 01:49 118,784 --------- c:\windows\System32\PTTreeIcons.dll
    2008-12-26 18:31 . 2008-01-15 12:24 62,762 --a------ c:\windows\System32\drivers\jl2005c.sys
    2008-12-26 18:31 . 2005-08-10 10:44 15,360 --a------ c:\windows\System32\jl2005c.ax
    2008-12-26 18:30 . 2008-12-26 18:31 <DIR> d-------- c:\program files\Kids Cam Show and Share Creativity Center
    2008-12-21 02:11 . 2008-12-21 02:11 <DIR> d-------- c:\users\All Users\HotSync
    2008-12-21 02:11 . 2008-12-21 02:11 <DIR> d-------- c:\programdata\HotSync
    2008-12-17 23:05 . 2008-12-17 23:09 <DIR> d-------- c:\users\Family\AppData\Roaming\DivX
    2008-12-17 23:05 . 2008-12-18 23:06 <DIR> d-------- c:\program files\DivX
    2008-12-17 23:05 . 2009-01-02 18:47 <DIR> d-------- c:\program files\Common Files\PX Storage Engine
    2008-12-17 21:39 . 2008-12-17 21:39 <DIR> d-------- c:\users\Family\AppData\Roaming\AVS4YOU
    2008-12-17 21:39 . 2008-12-17 21:39 <DIR> d-------- c:\users\All Users\AVS4YOU
    2008-12-17 21:39 . 2008-12-17 21:39 <DIR> d-------- c:\programdata\AVS4YOU
    2008-12-17 21:38 . 2008-12-17 21:44 <DIR> d-------- c:\program files\Common Files\AVSMedia
    2008-12-17 21:38 . 2008-12-17 21:44 <DIR> d-------- c:\program files\AVS4YOU
    2008-12-17 21:38 . 2007-02-27 18:36 1,700,352 --a------ c:\windows\System32\GdiPlus.dll
    2008-12-17 21:38 . 2007-02-27 18:36 974,848 --a------ c:\windows\System32\mfc70.dll
    2008-12-17 21:38 . 2007-02-27 18:36 487,424 --a------ c:\windows\System32\msvcp70.dll
    2008-12-17 21:38 . 2007-02-27 18:36 24,576 --a------ c:\windows\System32\msxml3a.dll
    2008-12-17 21:33 . 2008-12-17 21:33 <DIR> d-------- c:\users\Family\AppData\Roaming\Uniblue
    2008-12-17 21:29 . 2008-12-17 21:29 <DIR> d-------- c:\users\Family\AppData\Roaming\MPEG Streamclip
    2008-12-16 08:06 . 2008-12-21 10:00 <DIR> d-------- c:\windows\System32\Adobe
    2008-12-15 17:11 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
    2008-12-15 17:10 . 2008-06-24 14:46 104,992 --a------ c:\windows\RTKAUDIOSERVICE.EXE
    2008-12-15 17:09 . 2008-12-15 17:09 <DIR> d-------- c:\program files\Realtek
    2008-12-15 17:09 . 2008-07-03 11:27 6,266,880 --a------ c:\windows\RtHDVCpl.exe
    2008-12-15 17:09 . 2008-07-03 17:03 2,152,088 --a------ c:\windows\System32\drivers\RTKVHDA.sys
    2008-12-15 17:09 . 2008-04-02 09:27 1,196,032 --a------ c:\windows\RtlUpd.exe
    2008-12-15 17:09 . 2008-07-03 11:24 725,504 --a------ c:\windows\System32\RtkPgExt.dll
    2008-12-15 17:09 . 2008-05-14 17:06 540,672 --a------ c:\windows\System32\RTSndMgr.cpl
    2008-12-15 17:09 . 2008-03-05 18:07 520,192 --a------ c:\windows\RtlExUpd.dll
    2008-12-15 17:09 . 2008-12-15 17:09 319,456 --a------ c:\windows\DIFxAPI.dll
    2008-12-15 17:09 . 2008-12-15 17:09 315,392 --a------ c:\windows\HideWin.exe
    2008-12-15 17:09 . 2008-03-28 10:59 285,216 --a------ c:\windows\System32\RtkApoApi.dll
    2008-12-15 17:08 . 2008-12-15 17:08 <DIR> d-------- c:\program files\Intel
    2008-12-15 17:07 . 2008-12-15 17:07 <DIR> d-------- c:\users\Family\AppData\Roaming\WinBatch
    2008-12-15 17:07 . 2008-12-15 17:07 <DIR> d-------- c:\users\Family\AppData\Roaming\InstallShield
    2008-12-15 17:07 . 2008-06-02 18:49 305,688 --a------ c:\windows\System32\drivers\iaStor.sys
    2008-12-14 15:28 . 2008-12-14 15:28 <DIR> d-------- c:\users\Family\AppData\Roaming\HotSync
    2008-12-14 15:28 . 2008-12-14 15:28 94 --a------ c:\windows\family.ini
    2008-12-13 14:46 . 2008-12-13 14:46 <DIR> d-------- c:\program files\MSXML 4.0
    2008-12-13 13:57 . 2008-12-13 13:57 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2008-12-13 13:50 . 2008-12-13 13:50 <DIR> d--hs---- c:\windows\ftpcache
    2008-12-13 13:43 . 2008-12-13 14:43 6,639,616 --a------ c:\windows\MEDB.mdb
    2008-12-13 13:24 . 2008-12-13 13:24 <DIR> d-------- c:\users\Family\AppData\Roaming\Arcsoft
    2008-12-13 13:24 . 2007-12-04 17:10 16,640 --a------ c:\windows\System32\drivers\PalmUSBD.sys
    2008-12-13 13:23 . 2008-12-21 02:14 <DIR> d-------- c:\program files\Palm
    2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
    2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
    2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
    2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
    2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
    2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
    2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
    2008-12-12 19:50 . 2008-12-12 19:50 <DIR> d-------- c:\users\Family\AppData\Roaming\iWin
    2008-12-11 17:27 . 2008-10-21 18:22 2,048 --a------ c:\windows\System32\tzres.dll
    2008-12-11 05:37 . 2008-10-31 18:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
    2008-12-11 05:37 . 2008-10-31 20:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
    2008-12-09 19:19 . 2008-12-09 19:19 <DIR> d-------- c:\program files\QuickTime
    2008-12-08 19:51 . 2008-12-08 19:51 <DIR> d-------- c:\users\All Users\Sandlot Games
    2008-12-08 19:51 . 2008-12-08 19:51 <DIR> d-------- c:\programdata\Sandlot Games

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-06 05:26 --------- d-----w c:\users\Family\AppData\Roaming\DNA
    2009-01-06 04:38 --------- d-----w c:\users\Family\AppData\Roaming\BitTorrent
    2009-01-03 01:46 --------- d-----w c:\program files\Common Files\InstallShield
    2008-12-28 05:46 --------- d-----w c:\users\Family\AppData\Roaming\Apple Computer
    2008-12-26 23:25 --------- d-----w c:\program files\Common Files\Adobe
    2008-12-18 04:43 --------- d---a-w c:\programdata\TEMP
    2008-12-16 00:15 --------- d-----w c:\program files\HP
    2008-12-16 00:09 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-14 22:29 --------- d-----w c:\program files\Chill
    2008-12-14 08:38 --------- d-----w c:\program files\Oberon Media
    2008-12-12 09:04 --------- d-----w c:\program files\Windows Mail
    2008-12-10 03:27 --------- d-----w c:\program files\PokerStars
    2008-11-30 19:52 --------- d-----w c:\programdata\DVD Shrink
    2008-11-30 19:52 --------- d-----w c:\program files\DVD Shrink
    2008-11-27 19:06 --------- d-----w c:\program files\Common Files\Oberon Media
    2008-11-24 03:18 --------- d-----w c:\program files\Virtools
    2008-11-23 19:44 --------- d-----w c:\program files\McAfee
    2008-11-23 09:58 --------- d-----w c:\users\Family\AppData\Roaming\vlc
    2008-11-23 09:56 --------- d-----w c:\program files\VideoLAN
    2008-11-23 09:44 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-23 09:44 --------- d-----w c:\program files\iTunes
    2008-11-23 09:43 --------- d-----w c:\programdata\Apple Computer
    2008-11-23 09:43 --------- d-----w c:\program files\iPod
    2008-11-23 09:43 --------- d-----w c:\program files\Common Files\Apple
    2008-11-23 09:43 --------- d-----w c:\program files\Bonjour
    2008-11-23 09:42 --------- d-----w c:\program files\Apple Software Update
    2008-11-23 09:41 --------- d-----w c:\programdata\Apple
    2008-11-23 09:09 --------- d-----w c:\program files\DNA
    2008-11-23 09:09 --------- d-----w c:\program files\BitTorrent
    2008-11-23 07:43 --------- d-----w c:\program files\Yahoo!
    2008-11-23 07:43 --------- d-----w c:\program files\Common Files\Symantec Shared
    2008-11-23 07:40 --------- d-----w c:\programdata\McAfee
    2008-11-23 07:38 --------- d-----w c:\program files\Common Files\McAfee
    2008-11-23 07:37 --------- d-----w c:\program files\McAfee.com
    2008-11-23 07:36 --------- d-----w c:\programdata\Symantec
    2008-11-23 07:18 --------- d-----w c:\users\Family\AppData\Roaming\Hewlett-Packard
    2008-11-23 07:18 --------- d-----w c:\programdata\Hewlett-Packard
    2008-11-23 07:17 --------- d-----w c:\users\Family\AppData\Roaming\Symantec
    2008-11-23 07:17 --------- d-----w c:\users\Family\AppData\Roaming\Snapfish
    2008-11-23 07:13 1,819 --sha-r c:\windows\system32\drivers\103C_HP_CPC_KJ301AA-ABA a6419fh_YC_0Pavi_QCNX815_E82NAv3PrA1_49_ILeonite2_SASUSTek Computer INC._V6.00_B5.23_T071030_WUH1_L409_M3062_J360_7Intel_8Pentium Dual E2180_92_#080929_N808627DC_Z14F12F20_G80862772.MRK
    2008-11-23 07:08 --------- d-sh--w c:\programdata\Templates
    2008-11-23 07:08 --------- d-sh--w c:\programdata\Start Menu
    2008-11-23 07:08 --------- d-sh--w c:\programdata\Favorites
    2008-11-23 07:08 --------- d-sh--w c:\programdata\Documents
    2008-11-23 07:08 --------- d-sh--w c:\programdata\Desktop
    2008-11-23 07:08 --------- d-sh--w c:\programdata\Application Data
    2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
    2008-11-07 21:23 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
    2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
    2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
    2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
    2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
    2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
    2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
    2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
    2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
    2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
    2008-10-16 21:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
    2008-10-16 20:56 31,232 ----a-w c:\windows\System32\wuapp.exe
    2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
    2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
    2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
    2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPAdvisor "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-01-18 942080]
    "BitTorrent DNA "= "c:\users\Family\Program Files\DNA\btdna.exe" [2008-12-19 342848]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]
    "ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-20 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv "= "c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD "= "c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "OsdMaestro "= "c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-07 132760]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
    "mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
    "RtHDVCpl "= "RtHDVCpl.exe" [2008-07-03 c:\windows\RtHDVCpl.exe]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-01-03 1392640]
    Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-05-07 1273856]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3codecp "= l3codecp.acm
    "VIDC.JDCT "= jl_jdct.drv

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{84DEC07C-28C3-4E15-B321-4CCFA4238734} "= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{78B700A7-795A-4F8D-A704-95C2A0E9F1BE} "= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{0739A706-3FC5-4702-AECD-C99738669BAB} "= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{DDF9A1FE-6AE4-4DBB-AF5D-18653DBC937D} "= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{FEAB1A3D-1146-4E13-BD1B-D999C1A7B46B} "= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{E3596A58-126D-4BEB-A619-092E470A9A1D} "= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{BFE8CA03-5438-49B4-8545-A493DD8ECB63} "= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{D2FFBE1F-673E-4117-A156-1FBEDFCA4316} "= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
    "{7A6029A9-7E67-4BBA-B534-A5BDF8D8BA81} "= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
    "{ED5CE695-31BB-48F3-A511-DBB5C66D21F1} "= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
    "{E02E5551-C774-4FAF-B868-EE16FE42F875} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{0E959760-43C4-4DD2-A322-8B9A6DBBC527} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{73397A1A-128F-4DF9-A428-5AC3B981AA77} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{A711B5B1-8C41-4CA3-817B-447535A13233} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "TCP Query User{40D0738E-4620-48DF-AFB8-452CAF8458B5}c:\\users\\family\\program files\\dna\\btdna.exe "= UDP:c:\users\family\program files\dna\btdna.exe:btdna.exe
    "UDP Query User{6A49B6CB-1C12-4FC0-9241-262BE5229C52}c:\\users\\family\\program files\\dna\\btdna.exe "= TCP:c:\users\family\program files\dna\btdna.exe:btdna.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe "= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
    "c:\\Program Files\\BitTorrent\\bittorrent.exe "= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{11FC12D0-1A72-12D2-992D-5BC14F992BC7}]
    c:\windows\system32\javan.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2008-11-23 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2009-01-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2009-01-06 c:\windows\Tasks\User_Feed_Synchronization-{F1B4F7F2-6908-47CD-B4EC-23C49F8EABCA}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-20 19:24]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
    HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.whatwashomepage.com/?q=http://www.whatwashomepage.com/?q=http://www.whatwashomepage.com/?q=http://www.comcast.net/a/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: {{3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - hxxp://www.iexplorersecurity.com/redirect.php
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-05 22:26:11
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\audiodg.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
    c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
    c:\program files\McAfee\MPF\MpfSrv.exe
    c:\windows\System32\drivers\XAudio.exe
    c:\windows\System32\WUDFHost.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\progra~1\McAfee.com\Agent\mcagent.exe
    c:\windows\System32\igfxsrvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
    c:\progra~1\McAfee\MSC\mcuimgr.exe
    c:\hp\KBD\kbd.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-05 22:29:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-01-06 05:29:31

    Pre-Run: 242,578,350,080 bytes free
    Post-Run: 242,471,436,288 bytes free

    316 --- E O F --- 2008-12-20 02:02:29
     
    MommaOfLM,
    #3
  5. 2009/01/07
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Download "Registry Search Tool" from
    here.
    • Extract the contents then double click the regsrch.vbs file to start it.
    • Paste in {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} and click OK.
    • Wait for it to complete the search, click ok at the prompt.
    • Worpad should open with the results.
    • Please post those results here.
     
    noahdfear,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...