-
Linabbs's blog- ZA采用升級安裝或者導入舊版ZA的配置文件到新版導致程序列表假死的Bug。
- 裝了ZA,如何使你的開機速度快點
- 如何設置查看局域網內被設入internet區機器的共享資源
- ZA也可以做到低資源占用!
- 關于za for vista(在VISTA下用ZA的人過來看看)
- CheckPoint Integrity Desktop v6.5.063.207 KeyGen
- 戰術攻防之近距離搏擊篇(ARP)攻擊
- 還在使用老版ZA的朋友們注意:ZoneAlarm防火墻產品有多個本地權限提升存在漏洞
- Knowledge Base / KB Extended (KE) 內容列表及說明
- 關于《利用ZA專家規則,允許/禁止端口》的一點補充和說明
Jan
6
Google redirect
Filed Under Virus |
so same problem as many.
here are my two hijackthis logs
any help is appreciated! thanks in advance!!!
info.txt logfile of random’s system information tool 1.05 2009-01-05 21:42:55
======Uninstall list======
–>”C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe”
–>”C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe”
–>”C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe”
–>”C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe”
–>”C:\Program Files\HP Games\Blasterball 3\Uninstall.exe”
–>”C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe”
–>”C:\Program Files\HP Games\Crystal Maze\Uninstall.exe”
–>”C:\Program Files\HP Games\Diner Dash\Uninstall.exe”
–>”C:\Program Files\HP Games\FATE\Uninstall.exe”
–>”C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe”
–>”C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe”
–>”C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe”
–>”C:\Program Files\HP Games\Jewel Quest\Uninstall.exe”
–>”C:\Program Files\HP Games\Magic Academy\Uninstall.exe”
–>”C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe”
–>”C:\Program Files\HP Games\My HP Game Console\Uninstall.exe”
–>”C:\Program Files\HP Games\Otto’s Magic Blocks\Uninstall.exe”
–>”C:\Program Files\HP Games\Peggle\Uninstall.exe”
–>”C:\Program Files\HP Games\Penguins!\Uninstall.exe”
–>”C:\Program Files\HP Games\Polar Bowler\Uninstall.exe”
–>”C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe”
–>”C:\Program Files\HP Games\Polar Golfer\Uninstall.exe”
–>”C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe”
–>”C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe”
–>”C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe”
–>”C:\Program Files\HP Games\Super Granny\Uninstall.exe”
–>”C:\Program Files\HP Games\Tradewinds\Uninstall.exe”
–>”C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe”
–>”C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe”
–>”C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe”
–>MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
3DVIA player 4.1–>MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
Adobe Flash Player 10 ActiveX–>C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3–>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player–>C:\WINDOWS\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\System32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support–>MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update–>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
BlackBerry Desktop Software 4.5–>MsiExec.exe /I{CE5E3F15-320A-4865-97D3-F07227C5BB2F}
BlackBerry Desktop Software 4.5–>MsiExec.exe /i{CE5E3F15-320A-4865-97D3-F07227C5BB2F}
Bonjour–>MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Compatibility Pack for the 2007 Office system–>MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite Deluxe–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe” -uninstall
DVD Shrink 3.2–>”C:\Program Files\DVD Shrink\unins000.exe”
Enhanced Multimedia Keyboard Solution–>C:\HP\KBD\Install.exe /u
Hardware Diagnostic Tools–>C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check–>MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check–>MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2–>”C:\Program Files\trend micro\HijackThis.exe” /uninstall
HP Customer Experience Enhancements–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,Launc hSetup “C:\Program Files\InstallShield Installation Information\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}\setup.exe” -l0×9 -removeonly
HP Customer Feedback–>MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Demo–>MsiExec.exe /I{9A379E7A-22ED-44FF-9293-E393D704505D}
HP Easy Setup - Frontend–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,Launc hSetup “C:\Program Files\InstallShield Installation Information\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}\setup.exe” -l0×9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator–>C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.5–>C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In–>MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor–>MsiExec.exe /X{fef8097e-662d-49b3-aa77-2919db3746d7}
HP Update–>MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Intel(R) Graphics Media Accelerator Driver–>C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager–>C:\Windows\System32\Imsmudlg.exe
iTunes–>MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) SE Runtime Environment 6 Update 1–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kids Cam Show and Share Creativity Center –>C:\PROGRA~1\KIDSCA~1\Setup.exe /remove /q0
LabelPrint–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe” -uninstall
LightScribe System Software 1.10.23.1–>MsiExec.exe /X{0E19A83E-F53B-40CF-8C91-96F32D955E6A}
LightScribeTemplateLabeler–>MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
McAfee SecurityCenter–>C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office Home and Student 60 day trial–>c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office PowerPoint Viewer 2007 (English)–>MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Visual C 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works–>MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1–>C:\Program Files\InstallShield Installation Information\{5115C036-C0D5-4E1B-81C9-542CA967478A}\muveesetup.exe -removeonly -runfromtemp
My HP Games–>”C:\Program Files\HP Games\Uninstall.exe”
Palm Desktop by ACCESS–>MsiExec.exe /X{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}
PokerStars–>”C:\Program Files\PokerStars\PokerStarsUninstall.exe” /u:PokerStars
Power2Go–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe” -uninstall
PowerDirector–>”C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe” /z-uninstall
Python 2.5–>MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime–>MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,Launc hSetup “C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe” -removeonly
Roxio Media Manager–>MsiExec.exe /X{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}
Snapfish Picture Mover–>MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
Soft Data Fax Modem with SmartCP–>C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Spelling Dictionaries Support For Adobe Reader 8–>MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Uninstall Dual Mode Camera–>”C:\Program Files\JL2005B\unins000.exe”
VLC media player 0.9.2–>C:\Program Files\VideoLAN\VLC\uninstall.exe
WeatherBug Gadget–>MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
WinRAR archiver–>C:\Program Files\WinRAR\uninstall.exe
Xilisoft DVD Creator–>C:\Program Files\Xilisoft\DVD Creator3\Uninstall.exe
Xilisoft Video Converter Ultimate–>C:\Program Files\Xilisoft\Video Converter Ultimate\Uninstall.exe
======Security center information======
AS: Windows Defender
System event log
Computer Name: Family-PC
Event Code: 7036
Message: The Windows Modules Installer service entered the running state.
Record Number: 22925
Source Name: Service Control Manager
Time Written: 20090106041517.000000-000
Event Type: Information
User:
Computer Name: Family-PC
Event Code: 7036
Message: The Windows Modules Installer service entered the stopped state.
Record Number: 22926
Source Name: Service Control Manager
Time Written: 20090106042517.000000-000
Event Type: Information
User:
Computer Name: Family-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 22927
Source Name: Tcpip
Time Written: 20090106042801.378895-000
Event Type: Warning
User:
Computer Name: Family-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Record Number: 22928
Source Name: Service Control Manager
Time Written: 20090106043138.000000-000
Event Type: Information
User:
Computer Name: Family-PC
Event Code: 7036
Message: The Application Information service entered the running state.
Record Number: 22929
Source Name: Service Control Manager
Time Written: 20090106044146.000000-000
Event Type: Information
User:
Application event log
Computer Name: Family-PC
Event Code: 8194
Message: Successfully created restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint).
Record Number: 3572
Source Name: System Restore
Time Written: 20090105164941.000000-000
Event Type: Information
User:
Computer Name: Family-PC
Event Code: 8211
Message: Successfully created scheduled restore point.
Record Number: 3573
Source Name: System Restore
Time Written: 20090105164941.000000-000
Event Type: Information
User:
Computer Name: Family-PC
Event Code: 8224
Message: The VSS service is shutting down due to idle timeout.
Record Number: 3574
Source Name: VSS
Time Written: 20090105165241.000000-000
Event Type: Information
User:
Computer Name: Family-PC
Event Code: 5000
Message: McShield service started.
Engine version : 5300.2777
DAT version : 5485.0000
Number of signatures in EXTRA.DAT : None
Names of threats that EXTRA.DAT can detect : None
Record Number: 3575
Source Name: McLogEvent
Time Written: 20090105193526.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM
Computer Name: Family-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 3576
Source Name: LightScribeService
Time Written: 20090106044254.000000-000
Event Type: Information
User:
Security event log
Computer Name: Family-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 4744
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090106044251.236695-000
Event Type: Audit Failure
User:
Computer Name: Family-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 4745
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090106044251.267895-000
Event Type: Audit Failure
User:
Computer Name: Family-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 4746
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090106044251.283495-000
Event Type: Audit Failure
User:
Computer Name: Family-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 4747
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090106044251.314695-000
Event Type: Audit Failure
User:
Computer Name: Family-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 4748
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090106044251.345895-000
Event Type: Audit Failure
User:
======Environment variables======
“ComSpec”=%SystemRoot%\system32\cmd.exe
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“Path”=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\ bin\Python;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
“PROCESSOR_ARCHITECTURE”=x86
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“USERNAME”=SYSTEM
“windir”=%SystemRoot%
“PROCESSOR_LEVEL”=6
“PROCESSOR_IDENTIFIER”=x86 Family 6 Model 15 Stepping 13, GenuineIntel
“PROCESSOR_REVISION”=0f0d
“NUMBER_OF_PROCESSORS”=2
“TRACE_FORMAT_SEARCH_PATH”=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
“DFSTRACINGON”=FALSE
“PLATFORM”=HPD
“PCBRAND”=Pavilion
“OnlineServices”=Online Services
“CLASSPATH”=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
“QTJAVA”=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
—————–EOF—————–
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Family at 2009-01-05 21:42:04
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 231 GB (69%) free of 334 GB
Total RAM: 3062 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:53 PM, on 1/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Users\Family\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N7SVGPI\RSIT[1].exe
C:\Program Files\trend micro\Family.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY…ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whatwashomepage.com/?q=ht…comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY…ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY…ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] “C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe”
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: [IAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotSync] “C:\Program Files\PalmSource\Desktop\HotSync.exe” -AllUsers
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: [RoxWatchTray] “C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [BitTorrent DNA] “C:\Users\Family\Program Files\DNA\btdna.exe”
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.iexplorersecurity.com/redirect.php (file missing)
O9 - Extra ‘Tools’ menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.iexplorersecurity.com/redirect.php (file missing)
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry…ds/sysinfo.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/G…onGameHost.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla…_installer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 9470 bytes
======Scheduled tasks folder======
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\User_Feed_Synchronization-{F1B4F7F2-6908-47CD-B4EC-23C49F8EABCA}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-04-07 501400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Windows Defender”=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
“RtHDVCpl”=C:\Windows\RtHDVCpl.exe [2008-07-03 6266880]
“hpsysdrv”=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
“KBD”=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
“OsdMaestro”=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
“HP Health Check Scheduler”=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
“SunJavaUpdateSched”=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-04-07 132760]
“”= []
“IgfxTray”=C:\Windows\system32\igfxtray.exe [2008-03-25 141848]
“HotKeysCmds”=C:\Windows\system32\hkcmd.exe [2008-03-25 166424]
“Persistence”=C:\Windows\system32\igfxpers.exe [2008-03-25 133656]
“mcagent_exe”=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
“iTunesHelper”=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
“QuickTime Task”=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
“IAAnotif”=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2008-06-02 178712]
“HP Software Update”=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
“HotSync”=C:\Program Files\PalmSource\Desktop\HotSync.exe -AllUsers []
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
“RoxWatchTray”=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-03-06 236016]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“HPAdvisor”=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-01-18 942080]
“BitTorrent DNA”=C:\Users\Family\Program Files\DNA\btdna.exe [2008-12-19 342848]
“WMPNSCFG”=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
“ehTray.exe”=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
“Uniblue RegistryBooster 2009″=c:\program files\uniblue\registrybooster\StartRegistryBooster.exe []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-25 204800]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscs vc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfSer vice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableUIADesktopToggle”=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
“C:\Program Files\EarthLink TotalAccess\TaskPanl.exe”=”C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink”
“C:\Program Files\BitTorrent\bittorrent.exe”=”C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent”
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 3 months======
2009-01-05 21:42:04 —-D—- C:\rsit
2009-01-02 18:54:58 —-D—- C:\Users\Family\AppData\Roaming\Research In Motion
2009-01-02 18:48:47 —-D—- C:\ProgramData\InstallShield
2009-01-02 18:48:43 —-D—- C:\ProgramData\Sonic
2009-01-02 18:48:19 —-ASH—- C:\Users\Family\AppData\Roaming\desktop.ini
2009-01-02 18:46:34 —-D—- C:\Program Files\Common Files\Sonic Shared
2009-01-02 18:46:33 —-D—- C:\ProgramData\Roxio
2009-01-02 18:46:33 —-D—- C:\Program Files\Roxio
2009-01-02 18:46:26 —-D—- C:\Program Files\Common Files\Roxio Shared
2009-01-02 18:39:56 —-D—- C:\Program Files\Common Files\Research In Motion
2009-01-02 18:39:50 —-D—- C:\Program Files\Research In Motion
2008-12-30 20:34:58 —-D—- C:\Program Files\Trend Micro
2008-12-30 17:37:56 —-D—- C:\Users\Family\AppData\Roaming\Xilisoft Corporation
2008-12-30 17:37:24 —-D—- C:\Program Files\Xilisoft
2008-12-30 17:37:05 —-A—- C:\Windows\system32\javan.exe
2008-12-27 23:54:47 —-D—- C:\Users\Family\AppData\Roaming\Google
2008-12-27 23:52:50 —-D—- C:\Program Files\Google
2008-12-26 18:31:26 —-D—- C:\Program Files\MyDSC2
2008-12-26 18:31:26 —-D—- C:\Program Files\Mars
2008-12-26 18:31:26 —-D—- C:\Program Files\JL2005C
2008-12-26 18:31:25 —-D—- C:\Program Files\JL2005B
2008-12-26 18:31:07 —-A—- C:\aa.txt
2008-12-26 18:31:05 —-N—- C:\Windows\system32\PTTreeIcons.dll
2008-12-26 18:30:48 —-D—- C:\Program Files\Kids Cam Show and Share Creativity Center
2008-12-26 16:25:26 —-D—- C:\Program Files\Adobe
2008-12-25 22:58:26 —-D—- C:\Program Files\WebMediaViewer
2008-12-21 02:11:40 —-D—- C:\ProgramData\HotSync
2008-12-18 23:03:36 —-A—- C:\Windows\system32\mshtml.dll
2008-12-17 23:05:20 —-D—- C:\Users\Family\AppData\Roaming\DivX
2008-12-17 23:05:09 —-D—- C:\Program Files\Common Files\PX Storage Engine
2008-12-17 23:05:01 —-D—- C:\Program Files\DivX
2008-12-17 21:39:11 —-D—- C:\Users\Family\AppData\Roaming\AVS4YOU
2008-12-17 21:39:10 —-D—- C:\ProgramData\AVS4YOU
2008-12-17 21:38:41 —-D—- C:\Program Files\Common Files\AVSMedia
2008-12-17 21:38:40 —-A—- C:\Windows\system32\mfc70.dll
2008-12-17 21:38:39 —-D—- C:\Program Files\AVS4YOU
2008-12-17 21:38:39 —-A—- C:\Windows\system32\msxml3a.dll
2008-12-17 21:38:39 —-A—- C:\Windows\system32\msvcp70.dll
2008-12-17 21:38:39 —-A—- C:\Windows\system32\GdiPlus.dll
2008-12-17 21:33:39 —-D—- C:\Users\Family\AppData\Roaming\Uniblue
2008-12-17 21:29:37 —-D—- C:\Users\Family\AppData\Roaming\MPEG Streamclip
2008-12-16 08:06:48 —-D—- C:\Windows\system32\Adobe
2008-12-15 17:10:44 —-A—- C:\Windows\RTKAUDIOSERVICE.EXE
2008-12-15 17:09:12 —-A—- C:\Windows\DIFxAPI.dll
2008-12-15 17:09:08 —-A—- C:\Windows\system32\RtkPgExt.dll
2008-12-15 17:09:08 —-A—- C:\Windows\system32\RtkApoApi.dll
2008-12-15 17:09:08 —-A—- C:\Windows\RtlUpd.exe
2008-12-15 17:09:07 —-D—- C:\Program Files\Realtek
2008-12-15 17:09:07 —-A—- C:\Windows\RtHDVCpl.exe
2008-12-15 17:09:06 —-A—- C:\Windows\RtlExUpd.dll
2008-12-15 17:09:06 —-A—- C:\Windows\HideWin.exe
2008-12-15 17:08:05 —-D—- C:\Program Files\Intel
2008-12-15 17:07:32 —-D—- C:\Users\Family\AppData\Roaming\InstallShield
2008-12-15 17:07:29 —-D—- C:\Users\Family\AppData\Roaming\WinBatch
2008-12-14 15:28:39 —-D—- C:\Users\Family\AppData\Roaming\HotSync
2008-12-14 15:28:39 —-A—- C:\Windows\family.ini
2008-12-13 14:46:36 —-D—- C:\Program Files\MSXML 4.0
2008-12-13 13:50:22 —-SHD—- C:\Windows\ftpcache
2008-12-13 13:24:33 —-D—- C:\Users\Family\AppData\Roaming\Arcsoft
2008-12-13 13:23:21 —-D—- C:\Program Files\Palm
2008-12-12 19:50:55 —-D—- C:\Users\Family\AppData\Roaming\iWin
2008-12-11 17:27:18 —-A—- C:\Windows\system32\tzres.dll
2008-12-11 05:37:02 —-A—- C:\Windows\system32\Apphlpdm.dll
2008-12-11 05:37:00 —-A—- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-11 05:36:53 —-A—- C:\Windows\system32\gdi32.dll
2008-12-11 05:36:46 —-A—- C:\Windows\system32\shell32.dll
2008-12-11 05:36:38 —-A—- C:\Windows\explorer.exe
2008-12-11 05:36:32 —-A—- C:\Windows\system32\wininet.dll
2008-12-11 05:36:32 —-A—- C:\Windows\system32\urlmon.dll
2008-12-11 05:36:32 —-A—- C:\Windows\system32\ieframe.dll
2008-12-11 05:36:31 —-A—- C:\Windows\system32\mstime.dll
2008-12-11 05:36:29 —-A—- C:\Windows\system32\iertutil.dll
2008-12-11 05:36:26 —-A—- C:\Windows\system32\jsproxy.dll
2008-12-11 05:36:22 —-A—- C:\Windows\system32\WMVCORE.DLL
2008-12-11 05:36:22 —-A—- C:\Windows\system32\mf.dll
2008-12-11 05:36:19 —-A—- C:\Windows\system32\WMNetMgr.dll
2008-12-11 05:36:19 —-A—- C:\Windows\system32\logagent.exe
2008-12-09 19:19:19 —-D—- C:\Program Files\QuickTime
2008-12-08 19:51:40 —-D—- C:\ProgramData\Sandlot Games
2008-11-30 12:52:35 —-D—- C:\ProgramData\DVD Shrink
2008-11-30 12:52:34 —-D—- C:\Program Files\DVD Shrink
2008-11-27 23:51:04 —-D—- C:\Users\Family\AppData\Roaming\WinRAR
2008-11-27 23:50:41 —-D—- C:\Program Files\WinRAR
2008-11-27 12:06:06 —-D—- C:\Program Files\Oberon Media
2008-11-27 12:06:05 —-D—- C:\Program Files\Common Files\Oberon Media
2008-11-27 12:06:05 —-D—- C:\Program Files\Chill
2008-11-26 12:37:21 —-A—- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 12:35:48 —-A—- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 12:35:48 —-A—- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 12:35:48 —-A—- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 12:32:54 —-A—- C:\Windows\system32\connect.dll
2008-11-24 14:35:37 —-A—- C:\Windows\system32\wups2.dll
2008-11-24 14:35:37 —-A—- C:\Windows\system32\wuauclt.exe
2008-11-24 14:35:36 —-A—- C:\Windows\system32\wucltux.dll
2008-11-24 14:35:36 —-A—- C:\Windows\system32\wuaueng.dll
2008-11-24 14:35:20 —-A—- C:\Windows\system32\wups.dll
2008-11-24 14:35:20 —-A—- C:\Windows\system32\wudriver.dll
2008-11-24 14:35:20 —-A—- C:\Windows\system32\wuapi.dll
2008-11-24 14:35:13 —-A—- C:\Windows\system32\wuwebv.dll
2008-11-24 14:35:13 —-A—- C:\Windows\system32\wuapp.exe
2008-11-23 23:03:47 —-AD—- C:\ProgramData\TEMP
2008-11-23 20:18:57 —-A—- C:\Windows\system32\d3dx9_35.dll
2008-11-23 20:18:55 —-A—- C:\Windows\system32\d3dx9_31.dll
2008-11-23 20:18:46 —-D—- C:\Program Files\Virtools
2008-11-23 02:57:31 —-D—- C:\Users\Family\AppData\Roaming\vlc
2008-11-23 02:56:36 —-D—- C:\Program Files\VideoLAN
2008-11-23 02:44:19 —-D—- C:\Users\Family\AppData\Roaming\Apple Computer
2008-11-23 02:44:12 —-A—- C:\Windows\system32\GEARAspi.dll
2008-11-23 02:44:11 —-DC—- C:\Windows\system32\DRVSTORE
2008-11-23 02:43:57 —-D—- C:\Program Files\iPod
2008-11-23 02:43:55 —-D—- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 02:43:55 —-D—- C:\Program Files\iTunes
2008-11-23 02:43:19 —-D—- C:\Program Files\Bonjour
2008-11-23 02:42:48 —-D—- C:\ProgramData\Apple Computer
2008-11-23 02:42:31 —-D—- C:\Program Files\Apple Software Update
2008-11-23 02:41:49 —-D—- C:\ProgramData\Apple
2008-11-23 02:41:49 —-D—- C:\Program Files\Common Files\Apple
2008-11-23 02:09:33 —-D—- C:\Users\Family\AppData\Roaming\BitTorrent
2008-11-23 02:09:16 —-D—- C:\Users\Family\AppData\Roaming\DNA
2008-11-23 02:09:16 —-D—- C:\Program Files\DNA
2008-11-23 02:09:15 —-D—- C:\Program Files\BitTorrent
2008-11-23 01:08:07 —-D—- C:\Program Files\PokerStars
2008-11-23 01:07:40 —-D—- C:\Users\Family\AppData\Roaming\Adobe
2008-11-23 01:05:00 —-D—- C:\Windows\SoftwareDistribution
2008-11-23 01:02:55 —-SHD—- C:\System Volume Information
2008-11-23 00:39:55 —-A—- C:\Windows\system32\dunzip32.dll
2008-11-23 00:37:54 —-D—- C:\Program Files\McAfee.com
2008-11-23 00:37:52 —-D—- C:\Program Files\McAfee
2008-11-23 00:37:52 —-D—- C:\Program Files\Common Files\McAfee
2008-11-23 00:30:32 —-D—- C:\ProgramData\McAfee
2008-11-23 00:25:35 —-A—- C:\Windows\system32\msshooks.dll
2008-11-23 00:25:34 —-A—- C:\Windows\system32\msscb.dll
2008-11-23 00:25:33 —-A—- C:\Windows\system32\wsepno.dll
2008-11-23 00:25:33 —-A—- C:\Windows\system32\thawbrkr.dll
2008-11-23 00:25:33 —-A—- C:\Windows\system32\srchadmin.dll
2008-11-23 00:25:33 —-A—- C:\Windows\system32\SearchFilterHost.exe
2008-11-23 00:25:33 —-A—- C:\Windows\system32\rtffilt.dll
2008-11-23 00:25:33 —-A—- C:\Windows\system32\propsys.dll
2008-11-23 00:25:33 —-A—- C:\Windows\system32\propdefs.dll
2008-11-23 00:25:33 —-A—- C:\Windows\system32\offfilt.dll
2008-11-23 00:25:33 —-A—- C:\Windows\system32\msstrc.dll
2008-11-23 00:25:33 —-A—- C:\Windows\system32\mssprxy.dll
2008-11-23 00:25:33 —-A—- C:\Windows\system32\mssitlb.dll
2008-11-23 00:25:33 —-A—- C:\Windows\system32\msshsq.dll
2008-11-23 00:25:33 —-A—- C:\Windows\system32\mimefilt.dll
2008-11-23 00:25:33 —-A—- C:\Windows\system32\korwbrkr.dll
2008-11-23 00:25:32 —-A—- C:\Windows\system32\xmlfilter.dll
2008-11-23 00:25:32 —-A—- C:\Windows\system32\tquery.dll
2008-11-23 00:25:32 —-A—- C:\Windows\system32\SearchProtocolHost.exe
2008-11-23 00:25:32 —-A—- C:\Windows\system32\SearchIndexer.exe
2008-11-23 00:25:32 —-A—- C:\Windows\system32\nlhtml.dll
2008-11-23 00:25:32 —-A—- C:\Windows\system32\mssvp.dll
2008-11-23 00:25:32 —-A—- C:\Windows\system32\mssrch.dll
2008-11-23 00:25:32 —-A—- C:\Windows\system32\mssphtb.dll
2008-11-23 00:25:32 —-A—- C:\Windows\system32\mssph.dll
2008-11-23 00:25:32 —-A—- C:\Windows\system32\msscntrs.dll
2008-11-23 00:25:32 —-A—- C:\Windows\system32\chtbrkr.dll
2008-11-23 00:25:32 —-A—- C:\Windows\system32\chsbrkr.dll
2008-11-23 00:21:55 —-D—- C:\Windows\system32\x64
2008-11-23 00:18:34 —-A—- C:\Windows\system32\NlsLexicons0007.dll
2008-11-23 00:18:31 —-A—- C:\Windows\system32\NlsLexicons0009.dll
2008-11-23 00:18:23 —-A—- C:\Windows\system32\NaturalLanguage6.dll
2008-11-23 00:17:54 —-A—- C:\Windows\system32\EncDec.dll
2008-11-23 00:17:53 —-A—- C:\Windows\system32\psisdecd.dll
2008-11-23 00:17:43 —-D—- C:\Users\Family\AppData\Roaming\Symantec
2008-11-23 00:17:17 —-D—- C:\Users\Family\AppData\Roaming\Snapfish
2008-11-23 00:17:02 —-D—- C:\Users\Family\AppData\Roaming\Identities
2008-11-23 00:16:28 —-A—- C:\Windows\system32\IPSECSVC.DLL
2008-11-23 00:16:26 —-A—- C:\Windows\system32\gameux.dll
2008-11-23 00:16:21 —-A—- C:\Windows\system32\rpcrt4.dll
2008-11-23 00:16:20 —-A—- C:\Windows\system32\pacerprf.dll
2008-11-23 00:16:10 —-A—- C:\Windows\system32\es.dll
2008-11-23 00:16:07 —-A—- C:\Windows\system32\wmpeffects.dll
2008-11-23 00:16:05 —-A—- C:\Windows\system32\msxml3.dll
2008-11-23 00:15:59 —-A—- C:\Windows\system32\winload.exe
2008-11-23 00:15:59 —-A—- C:\Windows\system32\kd1394.dll
2008-11-23 00:15:59 —-A—- C:\Windows\system32\ci.dll
2008-11-23 00:15:58 —-A—- C:\Windows\system32\winresume.exe
2008-11-23 00:15:57 —-A—- C:\Windows\system32\srdelayed.exe
2008-11-23 00:15:57 —-A—- C:\Windows\system32\srcore.dll
2008-11-23 00:15:57 —-A—- C:\Windows\system32\srclient.dll
2008-11-23 00:15:57 —-A—- C:\Windows\system32\setbcdlocale.dll
2008-11-23 00:15:57 —-A—- C:\Windows\system32\rstrui.exe
2008-11-23 00:15:57 —-A—- C:\Windows\system32\kbd106n.dll
2008-11-23 00:15:44 —-A—- C:\Windows\system32\wersvc.dll
2008-11-23 00:15:44 —-A—- C:\Windows\system32\Faultrep.dll
2008-11-23 00:15:43 —-A—- C:\Windows\system32\win32spl.dll
2008-11-23 00:15:43 —-A—- C:\Windows\system32\emdmgmt.dll
2008-11-23 00:15:42 —-A—- C:\Windows\system32\dataclen.dll
2008-11-23 00:15:42 —-A—- C:\Windows\system32\cdd.dll
2008-11-23 00:15:28 —-A—- C:\Windows\system32\vbscript.dll
2008-11-23 00:15:28 —-A—- C:\Windows\system32\jscript.dll
2008-11-23 00:15:27 —-A—- C:\Windows\system32\wshext.dll
2008-11-23 00:15:27 —-A—- C:\Windows\system32\wscript.exe
2008-11-23 00:15:27 —-A—- C:\Windows\system32\scrrun.dll
2008-11-23 00:15:27 —-A—- C:\Windows\system32\scrobj.dll
2008-11-23 00:15:27 —-A—- C:\Windows\system32\inetcomm.dll
2008-11-23 00:15:27 —-A—- C:\Windows\system32\cscript.exe
2008-11-23 00:15:26 —-A—- C:\Windows\system32\quartz.dll
2008-11-23 00:15:24 —-A—- C:\Windows\system32\msxml6.dll
2008-11-23 00:15:21 —-A—- C:\Windows\system32\ntoskrnl.exe
2008-11-23 00:15:21 —-A—- C:\Windows\system32\ntkrnlpa.exe
2008-11-23 00:15:03 —-D—- C:\Users\Family\AppData\Roaming\Macromedia
2008-11-23 00:14:40 —-D—- C:\Users\Family\AppData\Roaming\Hewlett-Packard
2008-11-23 00:12:31 —-SD—- C:\Users\Family\AppData\Roaming\Microsoft
2008-11-23 00:12:31 —-D—- C:\Users\Family\AppData\Roaming\Media Center Programs
2008-11-23 00:11:57 —-A—- C:\Windows\system32\netapi32.dll
2008-11-23 00:08:48 —-SHD—- C:\ProgramData\Templates
2008-11-23 00:08:48 —-SHD—- C:\ProgramData\Start Menu
2008-11-23 00:08:48 —-SHD—- C:\ProgramData\Favorites
2008-11-23 00:08:48 —-SHD—- C:\ProgramData\Documents
2008-11-23 00:08:48 —-SHD—- C:\ProgramData\Desktop
2008-11-23 00:08:48 —-SHD—- C:\ProgramData\Application Data
2008-11-23 00:08:48 —-SHD—- C:\Documents and Settings
2008-11-21 14:44:38 —-A—- C:\Windows\system32\DivXCodecVersionChecker.exe
======List of files/folders modified in the last 3 months======
2009-01-05 21:42:50 —-D—- C:\Windows\Temp
2009-01-05 21:42:43 —-D—- C:\WINDOWS
2009-01-05 21:42:25 —-D—- C:\Windows\Prefetch
2009-01-05 07:36:43 —-D—- C:\Windows\System32
2009-01-05 07:36:43 —-D—- C:\Windows\inf
2009-01-05 07:36:43 —-A—- C:\Windows\system32\PerfStringBackup.INI
2009-01-04 09:18:30 —-D—- C:\Windows\system32\Tasks
2009-01-02 18:56:22 —-D—- C:\Windows\system32\drivers
2009-01-02 18:48:54 —-SHD—- C:\Windows\Installer
2009-01-02 18:48:47 —-D—- C:\ProgramData
2009-01-02 18:47:36 —-SD—- C:\Windows\Downloaded Program Files
2009-01-02 18:47:19 —-D—- C:\Windows\system32\catroot
2009-01-02 18:47:12 —-RSD—- C:\Windows\Fonts
2009-01-02 18:46:34 —-D—- C:\Program Files\Common Files
2009-01-02 18:46:33 —-D—- C:\Program Files\Common Files\InstallShield
2009-01-02 18:46:33 —-D—- C:\Program Files
2008-12-26 18:31:25 —-D—- C:\Windows\twain_32
2008-12-26 16:25:38 —-D—- C:\Program Files\Common Files\Adobe
2008-12-26 16:25:35 —-D—- C:\ProgramData\Adobe
2008-12-26 16:25:12 —-D—- C:\Windows\winsxs
2008-12-22 17:33:07 —-D—- C:\Windows\system32\Macromed
2008-12-22 02:34:46 —-D—- C:\Windows\system32\catroot2
2008-12-17 22:23:54 —-D—- C:\Windows\Tasks
2008-12-15 17:15:43 —-D—- C:\Program Files\HP
2008-12-15 17:10:10 —-D—- C:\Windows\system32\RTCOM
2008-12-15 17:09:07 —-HD—- C:\Program Files\InstallShield Installation Information
2008-12-14 20:18:22 —-D—- C:\Windows\system32\WDI
2008-12-12 03:11:01 —-D—- C:\Windows\rescache
2008-12-12 02:04:38 —-D—- C:\Windows\system32\en-US
2008-12-12 02:04:38 —-D—- C:\Windows\AppPatch
2008-12-12 02:04:38 —-D—- C:\Program Files\Windows Mail
2008-12-09 16:24:37 —-A—- C:\Windows\system32\mrt.exe
2008-11-30 10:43:43 —-HD—- C:\hp
2008-11-30 02:17:07 —-D—- C:\Windows\system32\NDF
2008-11-25 16:41:50 —-D—- C:\Windows\system32\LogFiles
2008-11-24 00:25:33 —-D—- C:\ProgramData\Microsoft
2008-11-23 03:37:17 —-D—- C:\Windows\Logs
2008-11-23 02:43:09 —-D—- C:\Program Files\Internet Explorer
2008-11-23 01:09:27 —-D—- C:\Windows\Debug
2008-11-23 01:05:16 —-D—- C:\Windows\Panther
2008-11-23 00:53:25 —-D—- C:\Windows\Microsoft.NET
2008-11-23 00:53:09 —-RSD—- C:\Windows\assembly
2008-11-23 00:43:08 —-D—- C:\Program Files\Common Files\Symantec Shared
2008-11-23 00:43:06 —-D—- C:\Program Files\Yahoo!
2008-11-23 00:41:30 —-D—- C:\Windows\ehome
2008-11-23 00:41:26 —-D—- C:\Windows\PolicyDefinitions
2008-11-23 00:41:20 —-D—- C:\Windows\system32\Boot
2008-11-23 00:41:14 —-D—- C:\Windows\system32\migration
2008-11-23 00:36:18 —-D—- C:\ProgramData\Symantec
2008-11-23 00:18:42 —-D—- C:\ProgramData\Hewlett-Packard
2008-11-23 00:17:13 —-SHD—- C:\$Recycle.Bin
2008-11-23 00:16:58 —-D—- C:\Windows\system
2008-11-23 00:13:26 —-D—- C:\Windows\system32\restore
2008-11-23 00:13:12 —-RD—- C:\Program Files\Online Services
2008-11-23 00:12:38 —-D—- C:\Windows\SMINST
2008-11-23 00:12:21 —-RD—- C:\Users
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 125728]
R1 navigator;navigator; C:\Windows\fd.dll []
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2008-01-20 159744]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 JL2005C;Dual Mode Camera; C:\Windows\System32\Drivers\jl2005c.sys [2008-01-15 62762]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys [2007-12-04 16640]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2008-06-02 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-19 79136]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-03-06 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-03-06 170480]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-03-06 1108464]
—————–EOF—————–
Welcome to linabbs MommaOfLM 
Download ComboFix by sUBs from here, saving the file to your desktop.
Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.
Close all open programs and windows
Double click ComboFix.exe and follow the prompts.
It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix’s window while its running. That may cause it to stall
**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.
combo fix log
ComboFix 09-01-05.04 - Family 2009-01-05 22:20:35.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.2019 [GMT -7:00]
Running from: c:\users\Family\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\webmediaviewer
c:\program files\webmediaviewer\myc.ico
c:\program files\webmediaviewer\myd.ico
c:\program files\webmediaviewer\mym.ico
c:\program files\webmediaviewer\myp.ico
c:\program files\webmediaviewer\myv.ico
c:\program files\webmediaviewer\Online Spyware Test.lnk
c:\program files\webmediaviewer\ot.ico
c:\program files\webmediaviewer\Run Virus Scan.lnk
c:\program files\webmediaviewer\ts.ico
c:\users\Family\Desktop\4C7645E2B4DA82C0\
c:\users\Family\Desktop\4C7645E2B4DA82C0\\4C7645E2B4DA82C0
c:\users\Family\Desktop\4C7645E2B4DA82C0\4C7645E2B4DA82C0
c:\users\Family\Documents\My Documents.url
c:\windows\system32\x64
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Legacy_4C7645E2B4DA82C0
((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.
2009-01-05 21:42 . 2009-01-05 21:42 <DIR> d——– C:\rsit
2009-01-02 18:54 . 2009-01-02 18:54 <DIR> d——– c:\users\Family\AppData\Roaming\Research In Motion
2009-01-02 18:48 . 2009-01-02 18:48 <DIR> d——– c:\users\All Users\Sonic
2009-01-02 18:48 . 2009-01-02 18:48 <DIR> d——– c:\users\All Users\InstallShield
2009-01-02 18:48 . 2009-01-02 18:48 <DIR> d——– c:\programdata\Sonic
2009-01-02 18:48 . 2009-01-02 18:48 <DIR> d——– c:\programdata\InstallShield
2009-01-02 18:46 . 2009-01-02 18:48 <DIR> d——– c:\users\All Users\Roxio
2009-01-02 18:46 . 2009-01-02 18:48 <DIR> d——– c:\programdata\Roxio
2009-01-02 18:46 . 2009-01-02 18:47 <DIR> d——– c:\program files\Roxio
2009-01-02 18:46 . 2009-01-02 18:46 <DIR> d——– c:\program files\Common Files\Sonic Shared
2009-01-02 18:46 . 2009-01-02 18:47 <DIR> d——– c:\program files\Common Files\Roxio Shared
2009-01-02 18:40 . 2007-01-18 10:24 26,496 –a—— c:\windows\System32\drivers\RimSerial.sys
2009-01-02 18:39 . 2009-01-02 18:39 <DIR> d——– c:\program files\Research In Motion
2009-01-02 18:39 . 2009-01-02 18:40 <DIR> d——– c:\program files\Common Files\Research In Motion
2008-12-30 20:34 . 2009-01-05 21:42 <DIR> d——– c:\program files\Trend Micro
2008-12-30 17:37 . 2008-12-30 17:37 <DIR> d——– c:\users\Family\AppData\Roaming\Xilisoft Corporation
2008-12-30 17:37 . 2008-12-30 18:37 <DIR> d——– c:\program files\Xilisoft
2008-12-30 17:37 . 2008-12-27 07:26 1,736,704 –a—— c:\windows\System32\javan.exe
2008-12-27 23:52 . 2008-12-31 00:50 <DIR> d——– c:\program files\Google
2008-12-26 18:31 . 2008-12-26 18:31 <DIR> d——– c:\program files\MyDSC2
2008-12-26 18:31 . 2008-12-26 18:31 <DIR> d——– c:\program files\Mars
2008-12-26 18:31 . 2008-12-26 18:31 <DIR> d——– c:\program files\JL2005C
2008-12-26 18:31 . 2008-12-26 18:31 <DIR> d——– c:\program files\JL2005B
2008-12-26 18:31 . 2005-12-15 17:34 135,168 –a—— c:\windows\System32\jl_jdct.drv
2008-12-26 18:31 . 2006-04-11 01:49 118,784 ——— c:\windows\System32\PTTreeIcons.dll
2008-12-26 18:31 . 2008-01-15 12:24 62,762 –a—— c:\windows\System32\drivers\jl2005c.sys
2008-12-26 18:31 . 2005-08-10 10:44 15,360 –a—— c:\windows\System32\jl2005c.ax
2008-12-26 18:30 . 2008-12-26 18:31 <DIR> d——– c:\program files\Kids Cam Show and Share Creativity Center
2008-12-21 02:11 . 2008-12-21 02:11 <DIR> d——– c:\users\All Users\HotSync
2008-12-21 02:11 . 2008-12-21 02:11 <DIR> d——– c:\programdata\HotSync
2008-12-17 23:05 . 2008-12-17 23:09 <DIR> d——– c:\users\Family\AppData\Roaming\DivX
2008-12-17 23:05 . 2008-12-18 23:06 <DIR> d——– c:\program files\DivX
2008-12-17 23:05 . 2009-01-02 18:47 <DIR> d——– c:\program files\Common Files\PX Storage Engine
2008-12-17 21:39 . 2008-12-17 21:39 <DIR> d——– c:\users\Family\AppData\Roaming\AVS4YOU
2008-12-17 21:39 . 2008-12-17 21:39 <DIR> d——– c:\users\All Users\AVS4YOU
2008-12-17 21:39 . 2008-12-17 21:39 <DIR> d——– c:\programdata\AVS4YOU
2008-12-17 21:38 . 2008-12-17 21:44 <DIR> d——– c:\program files\Common Files\AVSMedia
2008-12-17 21:38 . 2008-12-17 21:44 <DIR> d——– c:\program files\AVS4YOU
2008-12-17 21:38 . 2007-02-27 18:36 1,700,352 –a—— c:\windows\System32\GdiPlus.dll
2008-12-17 21:38 . 2007-02-27 18:36 974,848 –a—— c:\windows\System32\mfc70.dll
2008-12-17 21:38 . 2007-02-27 18:36 487,424 –a—— c:\windows\System32\msvcp70.dll
2008-12-17 21:38 . 2007-02-27 18:36 24,576 –a—— c:\windows\System32\msxml3a.dll
2008-12-17 21:33 . 2008-12-17 21:33 <DIR> d——– c:\users\Family\AppData\Roaming\Uniblue
2008-12-17 21:29 . 2008-12-17 21:29 <DIR> d——– c:\users\Family\AppData\Roaming\MPEG Streamclip
2008-12-16 08:06 . 2008-12-21 10:00 <DIR> d——– c:\windows\System32\Adobe
2008-12-15 17:11 . 2007-11-14 15:18 553 –a—— c:\windows\USetup.iss
2008-12-15 17:10 . 2008-06-24 14:46 104,992 –a—— c:\windows\RTKAUDIOSERVICE.EXE
2008-12-15 17:09 . 2008-12-15 17:09 <DIR> d——– c:\program files\Realtek
2008-12-15 17:09 . 2008-07-03 11:27 6,266,880 –a—— c:\windows\RtHDVCpl.exe
2008-12-15 17:09 . 2008-07-03 17:03 2,152,088 –a—— c:\windows\System32\drivers\RTKVHDA.sys
2008-12-15 17:09 . 2008-04-02 09:27 1,196,032 –a—— c:\windows\RtlUpd.exe
2008-12-15 17:09 . 2008-07-03 11:24 725,504 –a—— c:\windows\System32\RtkPgExt.dll
2008-12-15 17:09 . 2008-05-14 17:06 540,672 –a—— c:\windows\System32\RTSndMgr.cpl
2008-12-15 17:09 . 2008-03-05 18:07 520,192 –a—— c:\windows\RtlExUpd.dll
2008-12-15 17:09 . 2008-12-15 17:09 319,456 –a—— c:\windows\DIFxAPI.dll
2008-12-15 17:09 . 2008-12-15 17:09 315,392 –a—— c:\windows\HideWin.exe
2008-12-15 17:09 . 2008-03-28 10:59 285,216 –a—— c:\windows\System32\RtkApoApi.dll
2008-12-15 17:08 . 2008-12-15 17:08 <DIR> d——– c:\program files\Intel
2008-12-15 17:07 . 2008-12-15 17:07 <DIR> d——– c:\users\Family\AppData\Roaming\WinBatch
2008-12-15 17:07 . 2008-12-15 17:07 <DIR> d——– c:\users\Family\AppData\Roaming\InstallShield
2008-12-15 17:07 . 2008-06-02 18:49 305,688 –a—— c:\windows\System32\drivers\iaStor.sys
2008-12-14 15:28 . 2008-12-14 15:28 <DIR> d——– c:\users\Family\AppData\Roaming\HotSync
2008-12-14 15:28 . 2008-12-14 15:28 94 –a—— c:\windows\family.ini
2008-12-13 14:46 . 2008-12-13 14:46 <DIR> d——– c:\program files\MSXML 4.0
2008-12-13 13:57 . 2008-12-13 13:57 0 –ah—– c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-13 13:50 . 2008-12-13 13:50 <DIR> d–hs—- c:\windows\ftpcache
2008-12-13 13:43 . 2008-12-13 14:43 6,639,616 –a—— c:\windows\MEDB.mdb
2008-12-13 13:24 . 2008-12-13 13:24 <DIR> d——– c:\users\Family\AppData\Roaming\Arcsoft
2008-12-13 13:24 . 2007-12-04 17:10 16,640 –a—— c:\windows\System32\drivers\PalmUSBD.sys
2008-12-13 13:23 . 2008-12-21 02:14 <DIR> d——– c:\program files\Palm
2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr——- c:\windows\System32\config\systemprofile\Videos
2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr——- c:\windows\System32\config\systemprofile\Searches
2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr——- c:\windows\System32\config\systemprofile\Saved Games
2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr——- c:\windows\System32\config\systemprofile\Pictures
2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr——- c:\windows\System32\config\systemprofile\Links
2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr——- c:\windows\System32\config\systemprofile\Downloads
2008-12-13 13:22 . 2008-12-13 13:22 <DIR> dr——- c:\windows\System32\config\systemprofile\Documents
2008-12-12 19:50 . 2008-12-12 19:50 <DIR> d——– c:\users\Family\AppData\Roaming\iWin
2008-12-11 17:27 . 2008-10-21 18:22 2,048 –a—— c:\windows\System32\tzres.dll
2008-12-11 05:37 . 2008-10-31 18:21 4,240,384 –a—— c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 05:37 . 2008-10-31 20:44 28,672 –a—— c:\windows\System32\Apphlpdm.dll
2008-12-09 19:19 . 2008-12-09 19:19 <DIR> d——– c:\program files\QuickTime
2008-12-08 19:51 . 2008-12-08 19:51 <DIR> d——– c:\users\All Users\Sandlot Games
2008-12-08 19:51 . 2008-12-08 19:51 <DIR> d——– c:\programdata\Sandlot Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 05:26 ——— d—–w c:\users\Family\AppData\Roaming\DNA
2009-01-06 04:38 ——— d—–w c:\users\Family\AppData\Roaming\BitTorrent
2009-01-03 01:46 ——— d—–w c:\program files\Common Files\InstallShield
2008-12-28 05:46 ——— d—–w c:\users\Family\AppData\Roaming\Apple Computer
2008-12-26 23:25 ——— d—–w c:\program files\Common Files\Adobe
2008-12-18 04:43 ——— d—a-w c:\programdata\TEMP
2008-12-16 00:15 ——— d—–w c:\program files\HP
2008-12-16 00:09 ——— d–h–w c:\program files\InstallShield Installation Information
2008-12-14 22:29 ——— d—–w c:\program files\Chill
2008-12-14 08:38 ——— d—–w c:\program files\Oberon Media
2008-12-12 09:04 ——— d—–w c:\program files\Windows Mail
2008-12-10 03:27 ——— d—–w c:\program files\PokerStars
2008-11-30 19:52 ——— d—–w c:\programdata\DVD Shrink
2008-11-30 19:52 ——— d—–w c:\program files\DVD Shrink
2008-11-27 19:06 ——— d—–w c:\program files\Common Files\Oberon Media
2008-11-24 03:18 ——— d—–w c:\program files\Virtools
2008-11-23 19:44 ——— d—–w c:\program files\McAfee
2008-11-23 09:58 ——— d—–w c:\users\Family\AppData\Roaming\vlc
2008-11-23 09:56 ——— d—–w c:\program files\VideoLAN
2008-11-23 09:44 ——— d—–w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 09:44 ——— d—–w c:\program files\iTunes
2008-11-23 09:43 ——— d—–w c:\programdata\Apple Computer
2008-11-23 09:43 ——— d—–w c:\program files\iPod
2008-11-23 09:43 ——— d—–w c:\program files\Common Files\Apple
2008-11-23 09:43 ——— d—–w c:\program files\Bonjour
2008-11-23 09:42 ——— d—–w c:\program files\Apple Software Update
2008-11-23 09:41 ——— d—–w c:\programdata\Apple
2008-11-23 09:09 ——— d—–w c:\program files\DNA
2008-11-23 09:09 ——— d—–w c:\program files\BitTorrent
2008-11-23 07:43 ——— d—–w c:\program files\Yahoo!
2008-11-23 07:43 ——— d—–w c:\program files\Common Files\Symantec Shared
2008-11-23 07:40 ——— d—–w c:\programdata\McAfee
2008-11-23 07:38 ——— d—–w c:\program files\Common Files\McAfee
2008-11-23 07:37 ——— d—–w c:\program files\McAfee.com
2008-11-23 07:36 ——— d—–w c:\programdata\Symantec
2008-11-23 07:18 ——— d—–w c:\users\Family\AppData\Roaming\Hewlett-Packard
2008-11-23 07:18 ——— d—–w c:\programdata\Hewlett-Packard
2008-11-23 07:17 ——— d—–w c:\users\Family\AppData\Roaming\Symantec
2008-11-23 07:17 ——— d—–w c:\users\Family\AppData\Roaming\Snapfish
2008-11-23 07:13 1,819 –sha-r c:\windows\system32\drivers\103C_HP_CPC_KJ301AA-ABA a6419fh_YC_0Pavi_QCNX815_E82NAv3PrA1_49_ILeonite2_SASUSTek Computer INC._V6.00_B5.23_T071030_WUH1_L409_M3062_J360_7Intel_8Pentium Dual E2180_92_#080929_N808627DC_Z14F12F20_G80862772.MRK
2008-11-23 07:08 ——— d-sh–w c:\programdata\Templates
2008-11-23 07:08 ——— d-sh–w c:\programdata\Start Menu
2008-11-23 07:08 ——— d-sh–w c:\programdata\Favorites
2008-11-23 07:08 ——— d-sh–w c:\programdata\Documents
2008-11-23 07:08 ——— d-sh–w c:\programdata\Desktop
2008-11-23 07:08 ——— d-sh–w c:\programdata\Application Data
2008-11-21 21:44 161,096 —-a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-11-07 21:23 32,000 —-a-w c:\windows\system32\drivers\usbaapl.sys
2008-11-01 03:44 541,696 —-a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 —-a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 —-a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 —-a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 —-a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 —-a-w c:\windows\explorer.exe
2008-10-22 03:57 241,152 —-a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 296,960 —-a-w c:\windows\System32\gdi32.dll
2008-10-21 05:25 1,645,568 —-a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 —-a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 —-a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 —-a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 —-a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 —-a-w c:\windows\System32\wups.dll
2008-10-16 21:08 162,064 —-a-w c:\windows\System32\wuwebv.dll
2008-10-16 20:56 31,232 —-a-w c:\windows\System32\wuapp.exe
2008-10-16 20:56 1,524,736 —-a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 —-a-w c:\windows\System32\wudriver.dll
2008-10-16 04:47 827,392 —-a-w c:\windows\System32\wininet.dll
2008-01-21 02:43 174 –sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“HPAdvisor”=”c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe” [2008-01-18 942080]
“BitTorrent DNA”=”c:\users\Family\Program Files\DNA\btdna.exe” [2008-12-19 342848]
“WMPNSCFG”=”c:\program files\Windows Media Player\WMPNSCFG.exe” [2008-01-20 202240]
“ehTray.exe”=”c:\windows\ehome\ehTray.exe” [2008-01-20 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“hpsysdrv”=”c:\hp\support\hpsysdrv.exe” [2007-04-18 65536]
“KBD”=”c:\hp\KBD\KbdStub.EXE” [2006-12-08 65536]
“OsdMaestro”=”c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe” [2007-02-15 118784]
“SunJavaUpdateSched”=”c:\program files\Java\jre1.6.0_01\bin\jusched.exe” [2007-04-07 132760]
“IgfxTray”=”c:\windows\system32\igfxtray.exe” [2008-03-25 141848]
“HotKeysCmds”=”c:\windows\system32\hkcmd.exe” [2008-03-25 166424]
“Persistence”=”c:\windows\system32\igfxpers.exe” [2008-03-25 133656]
“mcagent_exe”=”c:\program files\McAfee.com\Agent\mcagent.exe” [2007-11-01 582992]
“iTunesHelper”=”c:\program files\iTunes\iTunesHelper.exe” [2008-11-20 290088]
“QuickTime Task”=”c:\program files\QuickTime\QTTask.exe” [2008-09-06 413696]
“IAAnotif”=”c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe” [2008-06-02 178712]
“HP Software Update”=”c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2007-05-08 54840]
“Adobe Reader Speed Launcher”=”c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-10-15 39792]
“RoxWatchTray”=”c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe” [2008-03-06 236016]
“RtHDVCpl”=”RtHDVCpl.exe” [2008-07-03 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-01-03 1392640]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-05-07 1273856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
“EnableUIADesktopToggle”= 0 (0×0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.l3codecp”= l3codecp.acm
“VIDC.JDCT”= jl_jdct.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
“EnableFirewall”= 0 (0×0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{84DEC07C-28C3-4E15-B321-4CCFA4238734}”= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
“{78B700A7-795A-4F8D-A704-95C2A0E9F1BE}”= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
“{0739A706-3FC5-4702-AECD-C99738669BAB}”= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
“{DDF9A1FE-6AE4-4DBB-AF5D-18653DBC937D}”= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
“{FEAB1A3D-1146-4E13-BD1B-D999C1A7B46B}”= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
“{E3596A58-126D-4BEB-A619-092E470A9A1D}”= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
“{BFE8CA03-5438-49B4-8545-A493DD8ECB63}”= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
“{D2FFBE1F-673E-4117-A156-1FBEDFCA4316}”= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
“{7A6029A9-7E67-4BBA-B534-A5BDF8D8BA81}”= UDP:c:\program files\DNA\btdna.exeNA (TCP-In)
“{ED5CE695-31BB-48F3-A511-DBB5C66D21F1}”= TCP:c:\program files\DNA\btdna.exeNA (UDP-In)
“{E02E5551-C774-4FAF-B868-EE16FE42F875}”= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{0E959760-43C4-4DD2-A322-8B9A6DBBC527}”= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{73397A1A-128F-4DF9-A428-5AC3B981AA77}”= UDP:c:\program files\iTunes\iTunes.exe:iTunes
“{A711B5B1-8C41-4CA3-817B-447535A13233}”= TCP:c:\program files\iTunes\iTunes.exe:iTunes
“TCP Query User{40D0738E-4620-48DF-AFB8-452CAF8458B5}c:\\users\\family\\program files\\dna\\btdna.exe”= UDP:c:\users\family\program files\dna\btdna.exe:btdna.exe
“UDP Query User{6A49B6CB-1C12-4FC0-9241-262BE5229C52}c:\\users\\family\\program files\\dna\\btdna.exe”= TCP:c:\users\family\program files\dna\btdna.exe:btdna.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
“EnableFirewall”= 0 (0×0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
“EnableFirewall”= 0 (0×0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\Auth orizedApplications\List]
“c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe”= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
“c:\\Program Files\\BitTorrent\\bittorrent.exe”= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{11FC12D0-1A72-12D2-992D-5BC14F992BC7}]
c:\windows\system32\javan.exe
.
Contents of the ‘Scheduled Tasks’ folder
2008-11-23 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2009-01-06 c:\windows\Tasks\User_Feed_Synchronization-{F1B4F7F2-6908-47CD-B4EC-23C49F8EABCA}.job
- c:\windows\system32\msfeedssync.exe [2008-01-20 19:24]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
.
——- Supplementary Scan ——-
.
uStart Page = hxxp://www.whatwashomepage.com/?q=http://www.whatwashomepage.com/?q=http://www.whatwashomepage.com/?q=http://www.comcast.net/a/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: {{3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.iexplorersecurity.com/redirect.php
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 22:26:11
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
———————— Other Running Processes ————————
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\hp\KBD\kbd.exe
.
**************************************************************************
.
Completion time: 2009-01-05 22:29:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-06 05:29:31
Pre-Run: 242,578,350,080 bytes free
Post-Run: 242,471,436,288 bytes free
316 — E O F — 2008-12-20 02:02:29
Related Posts:
Comments
Leave a Reply
You must be logged in to post a comment.