Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

[Active] Google redirect

Register FAQ Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
 
LinkBack Thread Tools
Old 6th January 2009   #1
Inactive
 
Profile:
Join Date: Dec 2008
Posts: 5
Computer Experience:
Intermediate
MommaOfLM Reputation Level
[Active] Google redirect
so same problem as many.
here are my two hijackthis logs
any help is appreciated! thanks in advance!!!

info.txt logfile of random's system information tool 1.05 2009-01-05 21:42:55

======Uninstall list======

-->"C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
3DVIA player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\System32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
BlackBerry Desktop Software 4.5-->MsiExec.exe /I{CE5E3F15-320A-4865-97D3-F07227C5BB2F}
BlackBerry Desktop Software 4.5-->MsiExec.exe /i{CE5E3F15-320A-4865-97D3-F07227C5BB2F}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Demo-->MsiExec.exe /I{9A379E7A-22ED-44FF-9293-E393D704505D}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{fef8097e-662d-49b3-aa77-2919db3746d7}
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kids Cam Show and Share Creativity Center -->C:\PROGRA~1\KIDSCA~1\Setup.exe /remove /q0
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
LightScribe System Software 1.10.23.1-->MsiExec.exe /X{0E19A83E-F53B-40CF-8C91-96F32D955E6A}
LightScribeTemplateLabeler-->MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{5115C036-C0D5-4E1B-81C9-542CA967478A}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Palm Desktop by ACCESS-->MsiExec.exe /X{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Roxio Media Manager-->MsiExec.exe /X{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}
Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Uninstall Dual Mode Camera-->"C:\Program Files\JL2005B\unins000.exe"
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xilisoft DVD Creator-->C:\Program Files\Xilisoft\DVD Creator3\Uninstall.exe
Xilisoft Video Converter Ultimate-->C:\Program Files\Xilisoft\Video Converter Ultimate\Uninstall.exe

======Security center information======

AS: Windows Defender

System event log

Computer Name: Family-PC
Event Code: 7036
Message: The Windows Modules Installer service entered the running state.
Record Number: 22925
Source Name: Service Control Manager
Time Written: 20090106041517.000000-000
Event Type: Information
User:

Computer Name: Family-PC
Event Code: 7036
Message: The Windows Modules Installer service entered the stopped state.
Record Number: 22926
Source Name: Service Control Manager
Time Written: 20090106042517.000000-000
Event Type: Information
User:

Computer Name: Family-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 22927
Source Name: Tcpip
Time Written: 20090106042801.378895-000
Event Type: Warning
User:

Computer Name: Family-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Record Number: 22928
Source Name: Service Control Manager
Time Written: 20090106043138.000000-000
Event Type: Information
User:

Computer Name: Family-PC
Event Code: 7036
Message: The Application Information service entered the running state.
Record Number: 22929
Source Name: Service Control Manager
Time Written: 20090106044146.000000-000
Event Type: Information
User:

Application event log

Computer Name: Family-PC
Event Code: 8194
Message: Successfully created restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint).
Record Number: 3572
Source Name: System Restore
Time Written: 20090105164941.000000-000
Event Type: Information
User:

Computer Name: Family-PC
Event Code: 8211
Message: Successfully created scheduled restore point.
Record Number: 3573
Source Name: System Restore
Time Written: 20090105164941.000000-000
Event Type: Information
User:

Computer Name: Family-PC
Event Code: 8224
Message: The VSS service is shutting down due to idle timeout.
Record Number: 3574
Source Name: VSS
Time Written: 20090105165241.000000-000
Event Type: Information
User:

Computer Name: Family-PC
Event Code: 5000
Message: McShield service started.
Engine version : 5300.2777
DAT version : 5485.0000

Number of signatures in EXTRA.DAT : None
Names of threats that EXTRA.DAT can detect : None
Record Number: 3575
Source Name: McLogEvent
Time Written: 20090105193526.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: Family-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 3576
Source Name: LightScribeService
Time Written: 20090106044254.000000-000
Event Type: Information
User:

Security event log

Computer Name: Family-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 4744
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090106044251.236695-000
Event Type: Audit Failure
User:

Computer Name: Family-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 4745
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090106044251.267895-000
Event Type: Audit Failure
User:

Computer Name: Family-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 4746
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090106044251.283495-000
Event Type: Audit Failure
User:

Computer Name: Family-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 4747
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090106044251.314695-000
Event Type: Audit Failure
User:

Computer Name: Family-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 4748
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090106044251.345895-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\ bin\Python;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.05 (written by random/random)
Run by Family at 2009-01-05 21:42:04
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 231 GB (69%) free of 334 GB
Total RAM: 3062 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:53 PM, on 1/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Users\Family\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N7SVGPI\RSIT[1].exe
C:\Program Files\trend micro\Family.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whatwashomepage.com/?q=ht...comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Family\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.iexplorersecurity.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.iexplorersecurity.com/redirect.php (file missing)
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry...ds/sysinfo.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/G...onGameHost.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla..._installer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9470 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\User_Feed_Synchronization-{F1B4F7F2-6908-47CD-B4EC-23C49F8EABCA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-04-07 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-03 6266880]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-04-07 132760]
""= []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-25 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-25 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-25 133656]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2008-06-02 178712]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"HotSync"=C:\Program Files\PalmSource\Desktop\HotSync.exe -AllUsers []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-03-06 236016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-01-18 942080]
"BitTorrent DNA"=C:\Users\Family\Program Files\DNA\btdna.exe [2008-12-19 342848]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"Uniblue RegistryBooster 2009"=c:\program files\uniblue\registrybooster\StartRegistryBooster.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-25 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscs vc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfSer vice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-01-05 21:42:04 ----D---- C:\rsit
2009-01-02 18:54:58 ----D---- C:\Users\Family\AppData\Roaming\Research In Motion
2009-01-02 18:48:47 ----D---- C:\ProgramData\InstallShield
2009-01-02 18:48:43 ----D---- C:\ProgramData\Sonic
2009-01-02 18:48:19 ----ASH---- C:\Users\Family\AppData\Roaming\desktop.ini
2009-01-02 18:46:34 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-01-02 18:46:33 ----D---- C:\ProgramData\Roxio
2009-01-02 18:46:33 ----D---- C:\Program Files\Roxio
2009-01-02 18:46:26 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-01-02 18:39:56 ----D---- C:\Program Files\Common Files\Research In Motion
2009-01-02 18:39:50 ----D---- C:\Program Files\Research In Motion
2008-12-30 20:34:58 ----D---- C:\Program Files\Trend Micro
2008-12-30 17:37:56 ----D---- C:\Users\Family\AppData\Roaming\Xilisoft Corporation
2008-12-30 17:37:24 ----D---- C:\Program Files\Xilisoft
2008-12-30 17:37:05 ----A---- C:\Windows\system32\javan.exe
2008-12-27 23:54:47 ----D---- C:\Users\Family\AppData\Roaming\Google
2008-12-27 23:52:50 ----D---- C:\Program Files\Google
2008-12-26 18:31:26 ----D---- C:\Program Files\MyDSC2
2008-12-26 18:31:26 ----D---- C:\Program Files\Mars
2008-12-26 18:31:26 ----D---- C:\Program Files\JL2005C
2008-12-26 18:31:25 ----D---- C:\Program Files\JL2005B
2008-12-26 18:31:07 ----A---- C:\aa.txt
2008-12-26 18:31:05 ----N---- C:\Windows\system32\PTTreeIcons.dll
2008-12-26 18:30:48 ----D---- C:\Program Files\Kids Cam Show and Share Creativity Center
2008-12-26 16:25:26 ----D---- C:\Program Files\Adobe
2008-12-25 22:58:26 ----D---- C:\Program Files\WebMediaViewer
2008-12-21 02:11:40 ----D---- C:\ProgramData\HotSync
2008-12-18 23:03:36 ----A---- C:\Windows\system32\mshtml.dll
2008-12-17 23:05:20 ----D---- C:\Users\Family\AppData\Roaming\DivX
2008-12-17 23:05:09 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-12-17 23:05:01 ----D---- C:\Program Files\DivX
2008-12-17 21:39:11 ----D---- C:\Users\Family\AppData\Roaming\AVS4YOU
2008-12-17 21:39:10 ----D---- C:\ProgramData\AVS4YOU
2008-12-17 21:38:41 ----D---- C:\Program Files\Common Files\AVSMedia
2008-12-17 21:38:40 ----A---- C:\Windows\system32\mfc70.dll
2008-12-17 21:38:39 ----D---- C:\Program Files\AVS4YOU
2008-12-17 21:38:39 ----A---- C:\Windows\system32\msxml3a.dll
2008-12-17 21:38:39 ----A---- C:\Windows\system32\msvcp70.dll
2008-12-17 21:38:39 ----A---- C:\Windows\system32\GdiPlus.dll
2008-12-17 21:33:39 ----D---- C:\Users\Family\AppData\Roaming\Uniblue
2008-12-17 21:29:37 ----D---- C:\Users\Family\AppData\Roaming\MPEG Streamclip
2008-12-16 08:06:48 ----D---- C:\Windows\system32\Adobe
2008-12-15 17:10:44 ----A---- C:\Windows\RTKAUDIOSERVICE.EXE
2008-12-15 17:09:12 ----A---- C:\Windows\DIFxAPI.dll
2008-12-15 17:09:08 ----A---- C:\Windows\system32\RtkPgExt.dll
2008-12-15 17:09:08 ----A---- C:\Windows\system32\RtkApoApi.dll
2008-12-15 17:09:08 ----A---- C:\Windows\RtlUpd.exe
2008-12-15 17:09:07 ----D---- C:\Program Files\Realtek
2008-12-15 17:09:07 ----A---- C:\Windows\RtHDVCpl.exe
2008-12-15 17:09:06 ----A---- C:\Windows\RtlExUpd.dll
2008-12-15 17:09:06 ----A---- C:\Windows\HideWin.exe
2008-12-15 17:08:05 ----D---- C:\Program Files\Intel
2008-12-15 17:07:32 ----D---- C:\Users\Family\AppData\Roaming\InstallShield
2008-12-15 17:07:29 ----D---- C:\Users\Family\AppData\Roaming\WinBatch
2008-12-14 15:28:39 ----D---- C:\Users\Family\AppData\Roaming\HotSync
2008-12-14 15:28:39 ----A---- C:\Windows\family.ini
2008-12-13 14:46:36 ----D---- C:\Program Files\MSXML 4.0
2008-12-13 13:50:22 ----SHD---- C:\Windows\ftpcache
2008-12-13 13:24:33 ----D---- C:\Users\Family\AppData\Roaming\Arcsoft
2008-12-13 13:23:21 ----D---- C:\Program Files\Palm
2008-12-12 19:50:55 ----D---- C:\Users\Family\AppData\Roaming\iWin
2008-12-11 17:27:18 ----A---- C:\Windows\system32\tzres.dll
2008-12-11 05:37:02 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-11 05:37:00 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-11 05:36:53 ----A---- C:\Windows\system32\gdi32.dll
2008-12-11 05:36:46 ----A---- C:\Windows\system32\shell32.dll
2008-12-11 05:36:38 ----A---- C:\Windows\explorer.exe
2008-12-11 05:36:32 ----A---- C:\Windows\system32\wininet.dll
2008-12-11 05:36:32 ----A---- C:\Windows\system32\urlmon.dll
2008-12-11 05:36:32 ----A---- C:\Windows\system32\ieframe.dll
2008-12-11 05:36:31 ----A---- C:\Windows\system32\mstime.dll
2008-12-11 05:36:29 ----A---- C:\Windows\system32\iertutil.dll
2008-12-11 05:36:26 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-11 05:36:22 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-11 05:36:22 ----A---- C:\Windows\system32\mf.dll
2008-12-11 05:36:19 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-11 05:36:19 ----A---- C:\Windows\system32\logagent.exe
2008-12-09 19:19:19 ----D---- C:\Program Files\QuickTime
2008-12-08 19:51:40 ----D---- C:\ProgramData\Sandlot Games
2008-11-30 12:52:35 ----D---- C:\ProgramData\DVD Shrink
2008-11-30 12:52:34 ----D---- C:\Program Files\DVD Shrink
2008-11-27 23:51:04 ----D---- C:\Users\Family\AppData\Roaming\WinRAR
2008-11-27 23:50:41 ----D---- C:\Program Files\WinRAR
2008-11-27 12:06:06 ----D---- C:\Program Files\Oberon Media
2008-11-27 12:06:05 ----D---- C:\Program Files\Common Files\Oberon Media
2008-11-27 12:06:05 ----D---- C:\Program Files\Chill
2008-11-26 12:37:21 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 12:35:48 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 12:35:48 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 12:35:48 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 12:32:54 ----A---- C:\Windows\system32\connect.dll
2008-11-24 14:35:37 ----A---- C:\Windows\system32\wups2.dll
2008-11-24 14:35:37 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-24 14:35:36 ----A---- C:\Windows\system32\wucltux.dll
2008-11-24 14:35:36 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-24 14:35:20 ----A---- C:\Windows\system32\wups.dll
2008-11-24 14:35:20 ----A---- C:\Windows\system32\wudriver.dll
2008-11-24 14:35:20 ----A---- C:\Windows\system32\wuapi.dll
2008-11-24 14:35:13 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-24 14:35:13 ----A---- C:\Windows\system32\wuapp.exe
2008-11-23 23:03:47 ----AD---- C:\ProgramData\TEMP
2008-11-23 20:18:57 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-11-23 20:18:55 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-11-23 20:18:46 ----D---- C:\Program Files\Virtools
2008-11-23 02:57:31 ----D---- C:\Users\Family\AppData\Roaming\vlc
2008-11-23 02:56:36 ----D---- C:\Program Files\VideoLAN
2008-11-23 02:44:19 ----D---- C:\Users\Family\AppData\Roaming\Apple Computer
2008-11-23 02:44:12 ----A---- C:\Windows\system32\GEARAspi.dll
2008-11-23 02:44:11 ----DC---- C:\Windows\system32\DRVSTORE
2008-11-23 02:43:57 ----D---- C:\Program Files\iPod
2008-11-23 02:43:55 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 02:43:55 ----D---- C:\Program Files\iTunes
2008-11-23 02:43:19 ----D---- C:\Program Files\Bonjour
2008-11-23 02:42:48 ----D---- C:\ProgramData\Apple Computer
2008-11-23 02:42:31 ----D---- C:\Program Files\Apple Software Update
2008-11-23 02:41:49 ----D---- C:\ProgramData\Apple
2008-11-23 02:41:49 ----D---- C:\Program Files\Common Files\Apple
2008-11-23 02:09:33 ----D---- C:\Users\Family\AppData\Roaming\BitTorrent
2008-11-23 02:09:16 ----D---- C:\Users\Family\AppData\Roaming\DNA
2008-11-23 02:09:16 ----D---- C:\Program Files\DNA
2008-11-23 02:09:15 ----D---- C:\Program Files\BitTorrent
2008-11-23 01:08:07 ----D---- C:\Program Files\PokerStars
2008-11-23 01:07:40 ----D---- C:\Users\Family\AppData\Roaming\Adobe
2008-11-23 01:05:00 ----D---- C:\Windows\SoftwareDistribution
2008-11-23 01:02:55 ----SHD---- C:\System Volume Information
2008-11-23 00:39:55 ----A---- C:\Windows\system32\dunzip32.dll
2008-11-23 00:37:54 ----D---- C:\Program Files\McAfee.com
2008-11-23 00:37:52 ----D---- C:\Program Files\McAfee
2008-11-23 00:37:52 ----D---- C:\Program Files\Common Files\McAfee
2008-11-23 00:30:32 ----D---- C:\ProgramData\McAfee
2008-11-23 00:25:35 ----A---- C:\Windows\system32\msshooks.dll
2008-11-23 00:25:34 ----A---- C:\Windows\system32\msscb.dll
2008-11-23 00:25:33 ----A---- C:\Windows\system32\wsepno.dll
2008-11-23 00:25:33 ----A---- C:\Windows\system32\thawbrkr.dll
2008-11-23 00:25:33 ----A---- C:\Windows\system32\srchadmin.dll
2008-11-23 00:25:33 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-11-23 00:25:33 ----A---- C:\Windows\system32\rtffilt.dll
2008-11-23 00:25:33 ----A---- C:\Windows\system32\propsys.dll
2008-11-23 00:25:33 ----A---- C:\Windows\system32\propdefs.dll
2008-11-23 00:25:33 ----A---- C:\Windows\system32\offfilt.dll
2008-11-23 00:25:33 ----A---- C:\Windows\system32\msstrc.dll
2008-11-23 00:25:33 ----A---- C:\Windows\system32\mssprxy.dll
2008-11-23 00:25:33 ----A---- C:\Windows\system32\mssitlb.dll
2008-11-23 00:25:33 ----A---- C:\Windows\system32\msshsq.dll
2008-11-23 00:25:33 ----A---- C:\Windows\system32\mimefilt.dll
2008-11-23 00:25:33 ----A---- C:\Windows\system32\korwbrkr.dll
2008-11-23 00:25:32 ----A---- C:\Windows\system32\xmlfilter.dll
2008-11-23 00:25:32 ----A---- C:\Windows\system32\tquery.dll
2008-11-23 00:25:32 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-11-23 00:25:32 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-11-23 00:25:32 ----A---- C:\Windows\system32\nlhtml.dll
2008-11-23 00:25:32 ----A---- C:\Windows\system32\mssvp.dll
2008-11-23 00:25:32 ----A---- C:\Windows\system32\mssrch.dll
2008-11-23 00:25:32 ----A---- C:\Windows\system32\mssphtb.dll
2008-11-23 00:25:32 ----A---- C:\Windows\system32\mssph.dll
2008-11-23 00:25:32 ----A---- C:\Windows\system32\msscntrs.dll
2008-11-23 00:25:32 ----A---- C:\Windows\system32\chtbrkr.dll
2008-11-23 00:25:32 ----A---- C:\Windows\system32\chsbrkr.dll
2008-11-23 00:21:55 ----D---- C:\Windows\system32\x64
2008-11-23 00:18:34 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-11-23 00:18:31 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-11-23 00:18:23 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-11-23 00:17:54 ----A---- C:\Windows\system32\EncDec.dll
2008-11-23 00:17:53 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-23 00:17:43 ----D---- C:\Users\Family\AppData\Roaming\Symantec
2008-11-23 00:17:17 ----D---- C:\Users\Family\AppData\Roaming\Snapfish
2008-11-23 00:17:02 ----D---- C:\Users\Family\AppData\Roaming\Identities
2008-11-23 00:16:28 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-11-23 00:16:26 ----A---- C:\Windows\system32\gameux.dll
2008-11-23 00:16:21 ----A---- C:\Windows\system32\rpcrt4.dll
2008-11-23 00:16:20 ----A---- C:\Windows\system32\pacerprf.dll
2008-11-23 00:16:10 ----A---- C:\Windows\system32\es.dll
2008-11-23 00:16:07 ----A---- C:\Windows\system32\wmpeffects.dll
2008-11-23 00:16:05 ----A---- C:\Windows\system32\msxml3.dll
2008-11-23 00:15:59 ----A---- C:\Windows\system32\winload.exe
2008-11-23 00:15:59 ----A---- C:\Windows\system32\kd1394.dll
2008-11-23 00:15:59 ----A---- C:\Windows\system32\ci.dll
2008-11-23 00:15:58 ----A---- C:\Windows\system32\winresume.exe
2008-11-23 00:15:57 ----A---- C:\Windows\system32\srdelayed.exe
2008-11-23 00:15:57 ----A---- C:\Windows\system32\srcore.dll
2008-11-23 00:15:57 ----A---- C:\Windows\system32\srclient.dll
2008-11-23 00:15:57 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-11-23 00:15:57 ----A---- C:\Windows\system32\rstrui.exe
2008-11-23 00:15:57 ----A---- C:\Windows\system32\kbd106n.dll
2008-11-23 00:15:44 ----A---- C:\Windows\system32\wersvc.dll
2008-11-23 00:15:44 ----A---- C:\Windows\system32\Faultrep.dll
2008-11-23 00:15:43 ----A---- C:\Windows\system32\win32spl.dll
2008-11-23 00:15:43 ----A---- C:\Windows\system32\emdmgmt.dll
2008-11-23 00:15:42 ----A---- C:\Windows\system32\dataclen.dll
2008-11-23 00:15:42 ----A---- C:\Windows\system32\cdd.dll
2008-11-23 00:15:28 ----A---- C:\Windows\system32\vbscript.dll
2008-11-23 00:15:28 ----A---- C:\Windows\system32\jscript.dll
2008-11-23 00:15:27 ----A---- C:\Windows\system32\wshext.dll
2008-11-23 00:15:27 ----A---- C:\Windows\system32\wscript.exe
2008-11-23 00:15:27 ----A---- C:\Windows\system32\scrrun.dll
2008-11-23 00:15:27 ----A---- C:\Windows\system32\scrobj.dll
2008-11-23 00:15:27 ----A---- C:\Windows\system32\inetcomm.dll
2008-11-23 00:15:27 ----A---- C:\Windows\system32\cscript.exe
2008-11-23 00:15:26 ----A---- C:\Windows\system32\quartz.dll
2008-11-23 00:15:24 ----A---- C:\Windows\system32\msxml6.dll
2008-11-23 00:15:21 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-11-23 00:15:21 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-11-23 00:15:03 ----D---- C:\Users\Family\AppData\Roaming\Macromedia
2008-11-23 00:14:40 ----D---- C:\Users\Family\AppData\Roaming\Hewlett-Packard
2008-11-23 00:12:31 ----SD---- C:\Users\Family\AppData\Roaming\Microsoft
2008-11-23 00:12:31 ----D---- C:\Users\Family\AppData\Roaming\Media Center Programs
2008-11-23 00:11:57 ----A---- C:\Windows\system32\netapi32.dll
2008-11-23 00:08:48 ----SHD---- C:\ProgramData\Templates
2008-11-23 00:08:48 ----SHD---- C:\ProgramData\Start Menu
2008-11-23 00:08:48 ----SHD---- C:\ProgramData\Favorites
2008-11-23 00:08:48 ----SHD---- C:\ProgramData\Documents
2008-11-23 00:08:48 ----SHD---- C:\ProgramData\Desktop
2008-11-23 00:08:48 ----SHD---- C:\ProgramData\Application Data
2008-11-23 00:08:48 ----SHD---- C:\Documents and Settings
2008-11-21 14:44:38 ----A---- C:\Windows\system32\DivXCodecVersionChecker.exe

======List of files/folders modified in the last 3 months======

2009-01-05 21:42:50 ----D---- C:\Windows\Temp
2009-01-05 21:42:43 ----D---- C:\WINDOWS
2009-01-05 21:42:25 ----D---- C:\Windows\Prefetch
2009-01-05 07:36:43 ----D---- C:\Windows\System32
2009-01-05 07:36:43 ----D---- C:\Windows\inf
2009-01-05 07:36:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-04 09:18:30 ----D---- C:\Windows\system32\Tasks
2009-01-02 18:56:22 ----D---- C:\Windows\system32\drivers
2009-01-02 18:48:54 ----SHD---- C:\Windows\Installer
2009-01-02 18:48:47 ----D---- C:\ProgramData
2009-01-02 18:47:36 ----SD---- C:\Windows\Downloaded Program Files
2009-01-02 18:47:19 ----D---- C:\Windows\system32\catroot
2009-01-02 18:47:12 ----RSD---- C:\Windows\Fonts
2009-01-02 18:46:34 ----D---- C:\Program Files\Common Files
2009-01-02 18:46:33 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-02 18:46:33 ----D---- C:\Program Files
2008-12-26 18:31:25 ----D---- C:\Windows\twain_32
2008-12-26 16:25:38 ----D---- C:\Program Files\Common Files\Adobe
2008-12-26 16:25:35 ----D---- C:\ProgramData\Adobe
2008-12-26 16:25:12 ----D---- C:\Windows\winsxs
2008-12-22 17:33:07 ----D---- C:\Windows\system32\Macromed
2008-12-22 02:34:46 ----D---- C:\Windows\system32\catroot2
2008-12-17 22:23:54 ----D---- C:\Windows\Tasks
2008-12-15 17:15:43 ----D---- C:\Program Files\HP
2008-12-15 17:10:10 ----D---- C:\Windows\system32\RTCOM
2008-12-15 17:09:07 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-14 20:18:22 ----D---- C:\Windows\system32\WDI
2008-12-12 03:11:01 ----D---- C:\Windows\rescache
2008-12-12 02:04:38 ----D---- C:\Windows\system32\en-US
2008-12-12 02:04:38 ----D---- C:\Windows\AppPatch
2008-12-12 02:04:38 ----D---- C:\Program Files\Windows Mail
2008-12-09 16:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-11-30 10:43:43 ----HD---- C:\hp
2008-11-30 02:17:07 ----D---- C:\Windows\system32\NDF
2008-11-25 16:41:50 ----D---- C:\Windows\system32\LogFiles
2008-11-24 00:25:33 ----D---- C:\ProgramData\Microsoft
2008-11-23 03:37:17 ----D---- C:\Windows\Logs
2008-11-23 02:43:09 ----D---- C:\Program Files\Internet Explorer
2008-11-23 01:09:27 ----D---- C:\Windows\Debug
2008-11-23 01:05:16 ----D---- C:\Windows\Panther
2008-11-23 00:53:25 ----D---- C:\Windows\Microsoft.NET
2008-11-23 00:53:09 ----RSD---- C:\Windows\assembly
2008-11-23 00:43:08 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-23 00:43:06 ----D---- C:\Program Files\Yahoo!
2008-11-23 00:41:30 ----D---- C:\Windows\ehome
2008-11-23 00:41:26 ----D---- C:\Windows\PolicyDefinitions
2008-11-23 00:41:20 ----D---- C:\Windows\system32\Boot
2008-11-23 00:41:14 ----D---- C:\Windows\system32\migration
2008-11-23 00:36:18 ----D---- C:\ProgramData\Symantec
2008-11-23 00:18:42 ----D---- C:\ProgramData\Hewlett-Packard
2008-11-23 00:17:13 ----SHD---- C:\$Recycle.Bin
2008-11-23 00:16:58 ----D---- C:\Windows\system
2008-11-23 00:13:26 ----D---- C:\Windows\system32\restore
2008-11-23 00:13:12 ----RD---- C:\Program Files\Online Services
2008-11-23 00:12:38 ----D---- C:\Windows\SMINST
2008-11-23 00:12:21 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 125728]
R1 navigator;navigator; C:\Windows\fd.dll []
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2008-01-20 159744]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 JL2005C;Dual Mode Camera; C:\Windows\System32\Drivers\jl2005c.sys [2008-01-15 62762]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys [2007-12-04 16640]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2008-06-02 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-19 79136]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-03-06 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-03-06 170480]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-03-06 1108464]

-----------------EOF-----------------
MommaOfLM is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 6th January 2009   #2
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,521
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Welcome to WindowsBBS MommaOfLM

Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.
  • Close all open programs and windows
  • Double click ComboFix.exe and follow the prompts.
  • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.
noahdfear is offline   Reply With Quote
Old 6th January 2009   #3
Inactive
 
Profile:
Join Date: Dec 2008
Posts: 5
Computer Experience:
Intermediate
MommaOfLM Reputation Level
combo fix log
ComboFix 09-01-05.04 - Family 2009-01-05 22:20:35.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.2019 [GMT -7:00]
Running from: c:\users\Family\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\webmediaviewer
c:\program files\webmediaviewer\myc.ico
c:\program files\webmediaviewer\myd.ico
c:\program files\webmediaviewer\mym.ico
c:\program files\webmediaviewer\myp.ico
c:\program files\webmediaviewer\myv.ico
c:\program files\webmediaviewer\Online Spyware Test.lnk
c:\program files\webmediaviewer\ot.ico
c:\program files\webmediaviewer\Run Virus Scan.lnk
c:\program files\webmediaviewer\ts.ico
c:\users\Family\Desktop\4C7645E2B4DA82C0\
c:\users\Family\Desktop\4C7645E2B4DA82C0\\4C7645E2B4DA82C0
c:\users\Family\Desktop\4C7645E2B4DA82C0\4C7645E2B4DA82C0
c:\users\Family\Documents\My Documents.url
c:\windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_4C7645E2B4DA82C0


((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.

2009-01-05 21:42 . 2009-01-05 21:42 <DIR> d-------- C:\rsit
2009-01-02 18:54 . 2009-01-02 18:54 <DIR> d-------- c:\users\Family\AppData\Roaming\Research In Motion
2009-01-02 18:48 . 2009-01-02 18:48 <DIR> d-------- c:\users\All Users\Sonic
2009-01-02 18:48 . 2009-01-02 18:48 <DIR> d-------- c:\users\All Users\InstallShield
2009-01-02 18:48 . 2009-01-02 18:48 <DIR> d-------- c:\programdata\Sonic
2009-01-02 18:48 . 2009-01-02 18:48 <DIR> d-------- c:\programdata\InstallShield
2009-01-02 18:46 . 2009-01-02 18:48 <DIR> d-------- c:\users\All Users\Roxio
2009-01-02 18:46 . 2009-01-02 18:48 <DIR> d-------- c:\programdata\Roxio
2009-01-02 18:46 . 2009-01-02 18:47 <DIR> d-------- c:\program files\Roxio
2009-01-02 18:46 . 2009-01-02 18:46 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2009-01-02 18:46 . 2009-01-02 18:47 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2009-01-02 18:40 . 2007-01-18 10:24 26,496 --a------ c:\windows\System32\drivers\RimSerial.sys
2009-01-02 18:39 . 2009-01-02 18:39 <DIR> d-------- c:\program files\Research In Motion
2009-01-02 18:39 . 2009-01-02 18:40 <DIR> d-------- c:\program files\Common Files\Research In Motion
2008-12-30 20:34 . 2009-01-05 21:42 <DIR> d-------- c:\program files\Trend Micro
2008-12-30 17:37 . 2008-12-30 17:37 <DIR> d-------- c:\users\Family\AppData\Roaming\Xilisoft Corporation
2008-12-30 17:37 . 2008-12-30 18:37 <DIR> d-------- c:\program files\Xilisoft
2008-12-30 17:37 . 2008-12-27 07:26 1,736,704 --a------ c:\windows\System32\javan.exe
2008-12-27 23:52 . 2008-12-31 00:50 <DIR> d-------- c:\program files\Google
2008-12-26 18:31 . 2008-12-26 18:31 <DIR> d-------- c:\program files\MyDSC2
2008-12-26 18:31 . 2008-12-26 18:31 <DIR> d-------- c:\program files\Mars
2008-12-26 18:31 . 2008-12-26 18:31 <DIR> d-------- c:\program files\JL2005C
2008-12-26 18:31 . 2008-12-26 18:31 <DIR> d-------- c:\program files\JL2005B
2008-12-26 18:31 . 2005-12-15 17:34 135,168 --a------ c:\windows\System32\jl_jdct.drv
2008-12-26 18:31 . 2006-04-11 01:49 118,784 --------- c:\windows\System32\PTTreeIcons.dll
2008-12-26 18:31 . 2008-01-15 12:24 62,762 --a------ c:\windows\System32\drivers\jl2005c.sys
2008-12-26 18:31 . 2005-08-10 10:44 15,360 --a------ c:\windows\System32\jl2005c.ax
2008-12-26 18:30 . 2008-12-26 18:31 <DIR> d-------- c:\program files\Kids Cam Show and Share Creativity Center
2008-12-21 02:11 . 2008-12-21 02:11 <DIR> d-------- c:\users\All Users\HotSync
2008-12-21 02:11 . 2008-12-21 02:11 <DIR> d-------- c:\programdata\HotSync
2008-12-17 23:05 . 2008-12-17 23:09 <DIR> d-------- c:\users\Family\AppData\Roaming\DivX
2008-12-17 23:05 . 2008-12-18 23:06 <DIR> d-------- c:\program files\DivX
2008-12-17 23:05 . 2009-01-02 18:47 <DIR> d-------- c:\program files\Common Files\PX Storage Engine
2008-12-17 21:39 . 2008-12-17 21:39 <DIR> d-------- c:\users\Family\AppData\Roaming\AVS4YOU
2008-12-17 21:39 . 2008-12-17 21:39 <DIR> d-------- c:\users\All Users\AVS4YOU
2008-12-17 21:39 . 2008-12-17 21:39 <DIR> d-------- c:\programdata\AVS4YOU
2008-12-17 21:38 . 2008-12-17 21:44 <DIR> d-------- c:\program files\Common Files\AVSMedia
2008-12-17 21:38 . 2008-12-17 21:44 <DIR> d-------- c:\program files\AVS4YOU
2008-12-17 21:38 . 2007-02-27 18:36 1,700,352 --a------ c:\windows\System32\GdiPlus.dll
2008-12-17 21:38 . 2007-02-27 18:36 974,848 --a------ c:\windows\System32\mfc70.dll
2008-12-17 21:38 . 2007-02-27 18:36 487,424 --a------ c:\windows\System32\msvcp70.dll
2008-12-17 21:38 . 2007-02-27 18:36 24,576 --a------ c:\windows\System32\msxml3a.dll
2008-12-17 21:33 . 2008-12-17 21:33 <DIR> d-------- c:\users\Family\AppData\Roaming\Uniblue
2008-12-17 21:29 . 2008-12-17 21:29 <DIR> d-------- c:\users\Family\AppData\Roaming\MPEG Streamclip
2008-12-16 08:06 . 2008-12-21 10:00 <DIR> d-------- c:\windows\System32\Adobe
2008-12-15 17:11 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2008-12-15 17:10 . 2008-06-24 14:46 104,992 --a------ c:\windows\RTKAUDIOSERVICE.EXE
2008-12-15 17:09 . 2008-12-15 17:09 <DIR> d-------- c:\program files\Realtek
2008-12-15 17:09 . 2008-07-03 11:27 6,266,880 --a------ c:\windows\RtHDVCpl.exe
2008-12-15 17:09 . 2008-07-03 17:03 2,152,088 --a------ c:\windows\System32\drivers\RTKVHDA.sys
2008-12-15 17:09 . 2008-04-02 09:27 1,196,032 --a------ c:\windows\RtlUpd.exe
2008-12-15 17:09 . 2008-07-03 11:24 725,504 --a------ c:\windows\System32\RtkPgExt.dll
2008-12-15 17:09 . 2008-05-14 17:06 540,672 --a------ c:\windows\System32\RTSndMgr.cpl
2008-12-15 17:09 . 2008-03-05 18:07 520,192 --a------ c:\windows\RtlExUpd.dll
2008-12-15 17:09 . 2008-12-15 17:09 319,456 --a------ c:\windows\DIFxAPI.dll
2008-12-15 17:09 . 2008-12-15 17:09 315,392 --a------ c:\windows\HideWin.exe
2008-12-15 17:09 . 2008-03-28 10:59 285,216 --a------ c:\windows\System32\RtkApoApi.dll
2008-12-15 17:08 . 2008-12-15 17:08 <DIR> d-------- c:\program files\Intel
2008-12-15 17:07 . 2008-12-15 17:07 <DIR> d-------- c:\users\Family\AppData\Roaming\WinBatch
2008-12-15 17:07 . 2008-12-15 17:07 <DIR> d-------- c:\users\Family\AppData\Roaming\InstallShield
2008-12-15 17:07 . 2008-06-02 18:49 305,688 --a------ c:\windows\System32\drivers\iaStor.sys
2008-12-14 15:28 . 2008-12-14 15:28 <DIR> d-------- c:\users\Family\AppData\Roaming\HotSync
2008-12-14 15:28 . 2008-12-14 15:28 94 --a------ c:\windows\family.ini
2008-12-13 14:46 . 2008-12-13 14:46 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-13 13:57 . 2008-12-13 13:57 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-13 13:50 . 2008-12-13 13:50 <DIR> d--hs---- c:\windows\ftpcache
2008-12-13 13:43 . 2008-12-13 14:43 6,639,616 --a------ c:\windows\MEDB.mdb
2008-12-13 13:24 . 2008-12-13 13:24 <DIR> d-------- c:\users\Family\AppData\Roaming\Arcsoft
2008-12-13 13:24 . 2007-12-04 17:10 16,640 --a------ c:\windows\System32\drivers\PalmUSBD.sys
2008-12-13 13:23 . 2008-12-21 02:14 <DIR> d-------- c:\program files\Palm
2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2008-12-12 19:50 . 2008-12-12 19:50 <DIR> d-------- c:\users\Family\AppData\Roaming\iWin
2008-12-11 17:27 . 2008-10-21 18:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-11 05:37 . 2008-10-31 18:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 05:37 . 2008-10-31 20:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-09 19:19 . 2008-12-09 19:19 <DIR> d-------- c:\program files\QuickTime
2008-12-08 19:51 . 2008-12-08 19:51 <DIR> d-------- c:\users\All Users\Sandlot Games
2008-12-08 19:51 . 2008-12-08 19:51 <DIR> d-------- c:\programdata\Sandlot Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 05:26 --------- d-----w c:\users\Family\AppData\Roaming\DNA
2009-01-06 04:38 --------- d-----w c:\users\Family\AppData\Roaming\BitTorrent
2009-01-03 01:46 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-28 05:46 --------- d-----w c:\users\Family\AppData\Roaming\Apple Computer
2008-12-26 23:25 --------- d-----w c:\program files\Common Files\Adobe
2008-12-18 04:43 --------- d---a-w c:\programdata\TEMP
2008-12-16 00:15 --------- d-----w c:\program files\HP
2008-12-16 00:09 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 22:29 --------- d-----w c:\program files\Chill
2008-12-14 08:38 --------- d-----w c:\program files\Oberon Media
2008-12-12 09:04 --------- d-----w c:\program files\Windows Mail
2008-12-10 03:27 --------- d-----w c:\program files\PokerStars
2008-11-30 19:52 --------- d-----w c:\programdata\DVD Shrink
2008-11-30 19:52 --------- d-----w c:\program files\DVD Shrink
2008-11-27 19:06 --------- d-----w c:\program files\Common Files\Oberon Media
2008-11-24 03:18 --------- d-----w c:\program files\Virtools
2008-11-23 19:44 --------- d-----w c:\program files\McAfee
2008-11-23 09:58 --------- d-----w c:\users\Family\AppData\Roaming\vlc
2008-11-23 09:56 --------- d-----w c:\program files\VideoLAN
2008-11-23 09:44 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 09:44 --------- d-----w c:\program files\iTunes
2008-11-23 09:43 --------- d-----w c:\programdata\Apple Computer
2008-11-23 09:43 --------- d-----w c:\program files\iPod
2008-11-23 09:43 --------- d-----w c:\program files\Common Files\Apple
2008-11-23 09:43 --------- d-----w c:\program files\Bonjour
2008-11-23 09:42 --------- d-----w c:\program files\Apple Software Update
2008-11-23 09:41 --------- d-----w c:\programdata\Apple
2008-11-23 09:09 --------- d-----w c:\program files\DNA
2008-11-23 09:09 --------- d-----w c:\program files\BitTorrent
2008-11-23 07:43 --------- d-----w c:\program files\Yahoo!
2008-11-23 07:43 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-23 07:40 --------- d-----w c:\programdata\McAfee
2008-11-23 07:38 --------- d-----w c:\program files\Common Files\McAfee
2008-11-23 07:37 --------- d-----w c:\program files\McAfee.com
2008-11-23 07:36 --------- d-----w c:\programdata\Symantec
2008-11-23 07:18 --------- d-----w c:\users\Family\AppData\Roaming\Hewlett-Packard
2008-11-23 07:18 --------- d-----w c:\programdata\Hewlett-Packard
2008-11-23 07:17 --------- d-----w c:\users\Family\AppData\Roaming\Symantec
2008-11-23 07:17 --------- d-----w c:\users\Family\AppData\Roaming\Snapfish
2008-11-23 07:13 1,819 --sha-r c:\windows\system32\drivers\103C_HP_CPC_KJ301AA-ABA a6419fh_YC_0Pavi_QCNX815_E82NAv3PrA1_49_ILeonite2_SASUSTek Computer INC._V6.00_B5.23_T071030_WUH1_L409_M3062_J360_7Intel_8Pentium Dual E2180_92_#080929_N808627DC_Z14F12F20_G80862772.MRK
2008-11-23 07:08 --------- d-sh--w c:\programdata\Templates
2008-11-23 07:08 --------- d-sh--w c:\programdata\Start Menu
2008-11-23 07:08 --------- d-sh--w c:\programdata\Favorites
2008-11-23 07:08 --------- d-sh--w c:\programdata\Documents
2008-11-23 07:08 --------- d-sh--w c:\programdata\Desktop
2008-11-23 07:08 --------- d-sh--w c:\programdata\Application Data
2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-11-07 21:23 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 21:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 20:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-01-18 942080]
"BitTorrent DNA"="c:\users\Family\Program Files\DNA\btdna.exe" [2008-12-19 342848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-20 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-07 132760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-01-03 1392640]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-05-07 1273856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{84DEC07C-28C3-4E15-B321-4CCFA4238734}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{78B700A7-795A-4F8D-A704-95C2A0E9F1BE}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0739A706-3FC5-4702-AECD-C99738669BAB}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DDF9A1FE-6AE4-4DBB-AF5D-18653DBC937D}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{FEAB1A3D-1146-4E13-BD1B-D999C1A7B46B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E3596A58-126D-4BEB-A619-092E470A9A1D}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BFE8CA03-5438-49B4-8545-A493DD8ECB63}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D2FFBE1F-673E-4117-A156-1FBEDFCA4316}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{7A6029A9-7E67-4BBA-B534-A5BDF8D8BA81}"= UDP:c:\program files\DNA\btdna.exeNA (TCP-In)
"{ED5CE695-31BB-48F3-A511-DBB5C66D21F1}"= TCP:c:\program files\DNA\btdna.exeNA (UDP-In)
"{E02E5551-C774-4FAF-B868-EE16FE42F875}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0E959760-43C4-4DD2-A322-8B9A6DBBC527}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{73397A1A-128F-4DF9-A428-5AC3B981AA77}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A711B5B1-8C41-4CA3-817B-447535A13233}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{40D0738E-4620-48DF-AFB8-452CAF8458B5}c:\\users\\family\\program files\\dna\\btdna.exe"= UDP:c:\users\family\program files\dna\btdna.exe:btdna.exe
"UDP Query User{6A49B6CB-1C12-4FC0-9241-262BE5229C52}c:\\users\\family\\program files\\dna\\btdna.exe"= TCP:c:\users\family\program files\dna\btdna.exe:btdna.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\Auth orizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{11FC12D0-1A72-12D2-992D-5BC14F992BC7}]
c:\windows\system32\javan.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-23 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-06 c:\windows\Tasks\User_Feed_Synchronization-{F1B4F7F2-6908-47CD-B4EC-23C49F8EABCA}.job
- c:\windows\system32\msfeedssync.exe [2008-01-20 19:24]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.whatwashomepage.com/?q=http://www.whatwashomepage.com/?q=http://www.whatwashomepage.com/?q=http://www.comcast.net/a/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: {{3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - hxxp://www.iexplorersecurity.com/redirect.php
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 22:26:11
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\hp\KBD\kbd.exe
.
**************************************************************************
.
Completion time: 2009-01-05 22:29:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-06 05:29:31

Pre-Run: 242,578,350,080 bytes free
Post-Run: 242,471,436,288 bytes free

316 --- E O F --- 2008-12-20 02:02:29
MommaOfLM is offline   Reply With Quote
Old 7th January 2009   #4
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,521
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Download "Registry Search Tool" from
here.
  • Extract the contents then double click the regsrch.vbs file to start it.
  • Paste in {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} and click OK.
  • Wait for it to complete the search, click ok at the prompt.
  • Worpad should open with the results.
  • Please post those results here.
noahdfear is offline   Reply With Quote
Reply

« [Active] [Google results are redirects] | [Resolved] Google Jump Redirect Virus »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Resolved] Google Jump Redirect Virus cynthia071 Malware and Virus Removal 23 8th January 2009 00:04
[Active] google redirect daconcerror Malware and Virus Removal 14 19th December 2008 17:05
[Active] Google redirect ptsyu Malware and Virus Removal 7 16th December 2008 04:31
[InActive] Google Redirect Progrlem - Hijack Log Included Stalingrad Malware and Virus Removal 1 24th November 2008 03:10
[InActive] Google redirect, Desktop frozen, Lots of AdWare smithno13 Malware and Virus Removal 11 26th October 2008 15:44


All times are GMT +1. The time now is 02:10.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33