You are here:

Computer Security & Viruses/one seriously messed up computer cont.

Expert: Brian Benosky - 12/25/2008

Question
Here's the new hijack log and the combofix. And it still wont let me uninstall anything, don't know if that is a result of a virus or not.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:05 AM, on 12/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\CF151.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://zustaus.com/r_cmtp?u=http%3A%2F%2Fupdateddomainlists.com%2Fsoft.php%3Faid...
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9279 bytes

ComboFix 08-12-24.01 - Adam 2008-12-25 8:49:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.766.368 [GMT -5:00]
Running from: c:\documents and settings\Adam\Desktop\ComboFix.exe
* Resident AV is active

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

(((((((((((((((((((((((((   Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.

2008-12-24 23:20 . 2008-12-24 23:20   <DIR>   d--------   c:\program files\Musicnotes
2008-12-24 23:20 . 2007-04-23 14:12   343,216   --a------   c:\windows\SYSTEM32\KeyHelp.ocx
2008-12-24 20:33 . 2008-12-24 20:33   <DIR>   d--------   C:\VundoFix Backups
2008-12-24 17:22 . 2008-12-24 17:22   <DIR>   d--------   c:\documents and settings\Adam\Application Data\vlc
2008-12-24 17:20 . 2008-12-24 17:20   <DIR>   d--------   c:\program files\VideoLAN
2008-12-24 15:34 . 2008-12-24 20:23   <DIR>   d--------   c:\documents and settings\Adam\Application Data\BitTorrent
2008-12-24 15:30 . 2008-12-25 08:37   <DIR>   d--------   c:\program files\DNA
2008-12-24 15:30 . 2008-12-25 08:47   <DIR>   d--------   c:\documents and settings\Adam\Application Data\DNA
2008-12-24 15:29 . 2008-12-24 15:32   <DIR>   d--------   c:\program files\BitTorrent
2008-12-24 12:39 . 2008-12-24 12:39   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2008-12-24 12:39 . 2008-12-24 12:39   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-24 12:39 . 2008-12-24 12:39   <DIR>   d--------   c:\documents and settings\Adam\Application Data\Malwarebytes
2008-12-24 12:39 . 2008-12-03 19:59   38,496   --a------   c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-12-24 12:39 . 2008-12-03 19:59   15,504   --a------   c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-12-24 10:24 . 2008-12-24 10:24   <DIR>   d--------   c:\documents and settings\Adam\Application Data\Apple Computer
2008-12-23 22:32 . 2008-12-23 22:32   <DIR>   d--------   c:\program files\Trend Micro
2008-12-23 22:15 . 2008-12-23 22:15   2,713   ---hs----   c:\windows\SYSTEM32\zenukusi.exe
2008-12-23 10:52 . 2008-12-23 10:52   <DIR>   d--------   c:\documents and settings\Adam\Application Data\InstallShield
2008-12-23 10:22 . 2008-12-23 10:53   <DIR>   d--------   c:\program files\THQ
2008-12-23 05:08 . 2008-12-23 05:08   2,713   ---hs----   c:\windows\SYSTEM32\jigefuwi.exe
2008-12-22 20:22 . 2008-12-23 11:46   <DIR>   d--------   c:\documents and settings\Adam\Application Data\DAEMON Tools
2008-12-22 19:37 . 2008-12-22 19:37   <DIR>   dr-h-----   c:\documents and settings\Adam\Application Data\yahoo!
2008-12-22 19:37 . 2008-12-25 03:11   <DIR>   d--------   c:\documents and settings\Adam
2008-11-26 14:10 . 2008-12-19 06:43   960   --a------   c:\windows\wininit.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 13:36   ---------   d---a-w   c:\documents and settings\All Users\Application Data\TEMP
2008-12-24 20:08   ---------   d-----w   c:\documents and settings\All Users\Application Data\Google Updater
2008-12-24 05:18   ---------   d-----w   c:\program files\Spyware Doctor
2008-12-23 15:53   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-23 01:00   ---------   d-----w   c:\program files\Bonjour
2008-12-23 00:18   ---------   d-----w   c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-23 00:17   ---------   d-----w   c:\program files\Common Files\LogiShrd
2008-12-23 00:11   ---------   d-----w   c:\program files\Google
2008-12-23 00:10   ---------   d-----w   c:\program files\Canon
2008-12-22 16:13   ---------   d-----w   c:\program files\Common Files\Symantec Shared
2008-12-19 20:00   ---------   d-----w   c:\program files\Norton Security Scan
2008-11-11 18:28   ---------   d-----w   c:\program files\MSXML 6.0
2008-11-10 21:23   ---------   d-----w   c:\program files\MSBuild
2008-11-10 21:16   ---------   d-----w   c:\program files\Reference Assemblies
2008-11-10 21:11   ---------   d-----w   c:\program files\DAEMON Tools Toolbar
2008-11-10 21:11   ---------   d-----w   c:\program files\DAEMON Tools Lite
2008-11-10 20:55   717,296   ----a-w   c:\windows\system32\drivers\sptd.sys
2008-11-06 00:39   ---------   d-----w   c:\program files\Content Cleaner
2008-11-06 00:30   724,992   ----a-w   c:\windows\iun6002.exe
2008-11-06 00:17   73,216   ----a-w   c:\windows\ST6UNST.EXE
2008-11-06 00:17   249,856   ------w   c:\windows\Setup1.exe
2008-10-30 05:56   81,288   ----a-w   c:\windows\system32\drivers\iksyssec.sys
2008-10-30 05:56   66,952   ----a-w   c:\windows\system32\drivers\iksysflt.sys
2008-10-30 05:56   40,840   ----a-w   c:\windows\system32\drivers\ikfilesec.sys
2008-10-23 13:01   283,648   ----a-w   c:\windows\SYSTEM32\gdi32.dll
2008-10-16 20:38   826,368   ----a-w   c:\windows\SYSTEM32\wininet.dll
2008-10-16 19:13   202,776   ----a-w   c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13   1,809,944   ----a-w   c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:12   561,688   ----a-w   c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12   323,608   ----a-w   c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:09   92,696   ----a-w   c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09   51,224   ----a-w   c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09   43,544   ----a-w   c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08   34,328   ----a-w   c:\windows\SYSTEM32\wups.dll
2008-10-08 09:17   348,160   ----a-w   c:\windows\SYSTEM32\msvcr71.dll
2008-10-03 10:15   247,326   ----a-w   c:\windows\SYSTEM32\strmdll.dll
2008-09-30 21:43   1,286,152   ----a-w   c:\windows\SYSTEM32\msxml4.dll
2008-09-10 07:10   122,880   ----a-w   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-09-24 15:15   63,488   --sha-w   c:\windows\SYSTEM32\sigilawo.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-12-24_23.56.54.48   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-22 09:47:25   62,976   ----a-w   c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe
+ 2008-10-23 10:06:59   62,976   ----a-w   c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe
+ 2008-10-23 10:17:49   62,976   ----a-w   c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22   17,272   ----a-w   c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22   231,288   ----a-w   c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22   26,488   ----a-w   c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22   755,576   ----a-w   c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22   382,840   ----a-w   c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:51:04   284,160   ----a-w   c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll
+ 2008-10-23 12:36:14   286,720   ----a-w   c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll
+ 2008-10-23 12:43:42   286,720   ----a-w   c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01   17,272   ----a-w   c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02   231,288   ----a-w   c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01   26,488   ----a-w   c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29   755,576   ----a-w   c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37   382,840   ----a-w   c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-08-26 07:24:28   124,928   -c----w   c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28   347,136   -c----w   c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28   214,528   -c----w   c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28   133,120   -c----w   c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28   63,488   -c----w   c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59   70,656   -c----w   c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28   153,088   -c----w   c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28   230,400   -c----w   c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51   161,792   -c----w   c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28   383,488   -c----w   c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29   384,512   -c----w   c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15   6,066,176   -c----w   c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29   44,544   -c----w   c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29   267,776   -c----w   c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00   13,824   -c----w   c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15   635,848   -c----w   c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30   27,648   -c----w   c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30   459,264   -c----w   c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30   52,224   -c----w   c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-26 07:24:30   477,696   -c----w   c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30   193,024   -c----w   c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30   671,232   -c----w   c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30   102,912   -c----w   c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30   44,544   -c----w   c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39   213,216   -c----w   c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51   371,424   -c----w   c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30   105,984   -c----w   c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31   1,159,680   -c----w   c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31   233,472   -c----w   c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31   826,368   -c----w   c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-08-27 08:24:32   3,593,216   -c----w   c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39   213,216   -c----w   c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47   371,424   -c----w   c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-08-26 07:24:28   124,928   ----a-w   c:\windows\SYSTEM32\advpack.dll
+ 2008-10-16 20:38:34   124,928   ----a-w   c:\windows\SYSTEM32\advpack.dll
- 2008-12-25 01:26:11   32,768   --sha-w   c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2008-12-25 13:48:47   32,768   --sha-w   c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2008-12-25 01:26:11   32,768   --sha-w   c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-25 13:48:47   32,768   --sha-w   c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-25 01:26:11   32,768   --sha-w   c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-25 13:48:47   32,768   --sha-w   c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-26 07:24:28   124,928   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-10-16 20:38:34   124,928   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\advpack.dll
- 2008-08-26 07:24:28   347,136   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-10-16 20:38:34   347,136   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-08-26 07:24:28   214,528   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-10-16 20:38:34   214,528   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2008-08-26 07:24:28   133,120   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-10-16 20:38:35   133,120   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
- 2008-02-20 06:51:05   282,624   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
+ 2008-10-23 13:01:36   283,648   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
- 2008-08-26 07:24:28   63,488   -c----w   c:\windows\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-10-16 20:38:35   63,488   -c----w   c:\windows\SYSTEM32\DLLCACHE\icardie.dll
- 2008-08-25 08:37:59   70,656   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2008-10-16 13:11:09   70,656   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
- 2008-08-26 07:24:28   153,088   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-10-16 20:38:35   153,088   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
- 2008-08-26 07:24:28   230,400   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-10-16 20:38:35   230,400   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
- 2008-08-23 05:54:51   161,792   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2008-10-15 07:04:53   161,792   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
- 2008-08-26 07:24:28   383,488   -c----w   c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-10-16 20:38:35   383,488   -c----w   c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2008-08-26 07:24:29   384,512   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-10-16 20:38:35   384,512   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2008-10-03 17:41:15   6,066,176   -c----w   c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2008-10-16 20:38:37   6,066,176   -c----w   c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
- 2008-08-26 07:24:29   44,544   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-10-16 20:38:37   44,544   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
- 2008-08-26 07:24:29   267,776   -c----w   c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-10-16 20:38:37   267,776   -c----w   c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2008-08-25 08:38:00   13,824   -c----w   c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
+ 2008-10-16 13:11:09   13,824   -c----w   c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
- 2008-08-23 05:56:15   635,848   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
+ 2008-10-15 07:06:26   633,632   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
- 2008-08-26 07:24:30   27,648   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-10-16 20:38:37   27,648   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2004-08-12 13:59:05   103,936   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\logagent.exe
+ 2008-06-10 06:31:06   103,936   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\logagent.exe
- 2008-08-26 07:24:30   459,264   -c----w   c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-10-16 20:38:37   459,264   -c----w   c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
- 2008-08-26 07:24:30   52,224   -c----w   c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-10-16 20:38:37   52,224   -c----w   c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2008-08-27 08:24:32   3,593,216   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2008-12-13 06:40:02   3,593,216   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
- 2008-08-26 07:24:30   477,696   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-10-16 20:38:38   477,696   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2008-08-26 07:24:30   193,024   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-10-16 20:38:38   193,024   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2008-08-26 07:24:30   671,232   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-10-16 20:38:39   671,232   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2008-08-26 07:24:30   102,912   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2008-10-16 20:38:39   102,912   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\occache.dll
- 2008-08-26 07:24:30   44,544   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-10-16 20:38:39   44,544   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2006-08-21 13:52:08   246,814   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
+ 2008-10-03 10:15:47   247,326   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
- 2008-08-26 07:24:30   105,984   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2008-10-16 20:38:39   105,984   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2008-08-26 07:24:31   1,159,680   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-10-16 20:38:39   1,160,192   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
- 2008-08-26 07:24:31   233,472   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-10-16 20:38:39   233,472   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
- 2008-08-26 07:24:31   826,368   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-10-16 20:38:40   826,368   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2004-08-12 14:10:07   1,050,624   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\wmnetmgr.dll
+ 2008-06-10 23:18:18   1,053,696   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\WMNetmgr.dll
- 2007-10-27 22:37:38   2,109,440   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\wmvcore.dll
+ 2008-11-07 23:32:20   2,109,440   -c--a-w   c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
- 2008-08-26 07:24:28   347,136   ----a-w   c:\windows\SYSTEM32\dxtmsft.dll
+ 2008-10-16 20:38:34   347,136   ----a-w   c:\windows\SYSTEM32\dxtmsft.dll
- 2008-08-26 07:24:28   214,528   ----a-w   c:\windows\SYSTEM32\dxtrans.dll
+ 2008-10-16 20:38:34   214,528   ----a-w   c:\windows\SYSTEM32\dxtrans.dll
- 2008-08-26 07:24:28   133,120   ----a-w   c:\windows\SYSTEM32\extmgr.dll
+ 2008-10-16 20:38:35   133,120   ----a-w   c:\windows\SYSTEM32\extmgr.dll
- 2008-08-26 07:24:28   63,488   ----a-w   c:\windows\SYSTEM32\icardie.dll
+ 2008-10-16 20:38:35   63,488   ----a-w   c:\windows\SYSTEM32\icardie.dll
- 2008-08-25 08:37:59   70,656   ----a-w   c:\windows\SYSTEM32\ie4uinit.exe
+ 2008-10-16 13:11:09   70,656   ----a-w   c:\windows\SYSTEM32\ie4uinit.exe
- 2008-08-26 07:24:28   153,088   ----a-w   c:\windows\SYSTEM32\ieakeng.dll
+ 2008-10-16 20:38:35   153,088   ----a-w   c:\windows\SYSTEM32\ieakeng.dll
- 2008-08-26 07:24:28   230,400   ----a-w   c:\windows\SYSTEM32\ieaksie.dll
+ 2008-10-16 20:38:35   230,400   ----a-w   c:\windows\SYSTEM32\ieaksie.dll
- 2008-08-23 05:54:51   161,792   ----a-w   c:\windows\SYSTEM32\ieakui.dll
+ 2008-10-15 07:04:53   161,792   ----a-w   c:\windows\SYSTEM32\ieakui.dll
- 2008-08-26 07:24:28   383,488   ----a-w   c:\windows\SYSTEM32\ieapfltr.dll
+ 2008-10-16 20:38:35   383,488   ----a-w   c:\windows\SYSTEM32\ieapfltr.dll
- 2008-08-26 07:24:29   384,512   ----a-w   c:\windows\SYSTEM32\iedkcs32.dll
+ 2008-10-16 20:38:35   384,512   ----a-w   c:\windows\SYSTEM32\iedkcs32.dll
- 2008-10-03 17:41:15   6,066,176   ----a-w   c:\windows\SYSTEM32\ieframe.dll
+ 2008-10-16 20:38:37   6,066,176   ----a-w   c:\windows\SYSTEM32\ieframe.dll
- 2008-08-26 07:24:29   44,544   ----a-w   c:\windows\SYSTEM32\iernonce.dll
+ 2008-10-16 20:38:37   44,544   ----a-w   c:\windows\SYSTEM32\iernonce.dll
- 2008-08-26 07:24:29   267,776   ----a-w   c:\windows\SYSTEM32\iertutil.dll
+ 2008-10-16 20:38:37   267,776   ----a-w   c:\windows\SYSTEM32\iertutil.dll
- 2008-08-25 08:38:00   13,824   ----a-w   c:\windows\SYSTEM32\ieudinit.exe
+ 2008-10-16 13:11:09   13,824   ----a-w   c:\windows\SYSTEM32\ieudinit.exe
- 2008-08-26 07:24:30   27,648   ----a-w   c:\windows\SYSTEM32\jsproxy.dll
+ 2008-10-16 20:38:37   27,648   ----a-w   c:\windows\SYSTEM32\jsproxy.dll
- 2004-08-12 13:59:05   103,936   ----a-w   c:\windows\SYSTEM32\logagent.exe
+ 2008-06-10 06:31:06   103,936   ----a-w   c:\windows\SYSTEM32\logagent.exe
+ 2008-12-09 20:24:38   17,593,280   ----a-w   c:\windows\SYSTEM32\MRT.exe
- 2008-08-26 07:24:30   459,264   ----a-w   c:\windows\SYSTEM32\msfeeds.dll
+ 2008-10-16 20:38:37   459,264   ----a-w   c:\windows\SYSTEM32\msfeeds.dll
- 2008-08-26 07:24:30   52,224   ----a-w   c:\windows\SYSTEM32\msfeedsbs.dll
+ 2008-10-16 20:38:37   52,224   ----a-w   c:\windows\SYSTEM32\msfeedsbs.dll
- 2008-08-27 08:24:32   3,593,216   ----a-w   c:\windows\SYSTEM32\mshtml.dll
+ 2008-12-13 06:40:02   3,593,216   ----a-w   c:\windows\SYSTEM32\mshtml.dll
- 2008-08-26 07:24:30   477,696   ----a-w   c:\windows\SYSTEM32\mshtmled.dll
+ 2008-10-16 20:38:38   477,696   ----a-w   c:\windows\SYSTEM32\mshtmled.dll
- 2008-08-26 07:24:30   193,024   ----a-w   c:\windows\SYSTEM32\msrating.dll
+ 2008-10-16 20:38:38   193,024   ----a-w   c:\windows\SYSTEM32\msrating.dll
- 2008-08-26 07:24:30   671,232   ----a-w   c:\windows\SYSTEM32\mstime.dll
+ 2008-10-16 20:38:39   671,232   ----a-w   c:\windows\SYSTEM32\mstime.dll
- 2008-08-26 07:24:30   102,912   ----a-w   c:\windows\SYSTEM32\occache.dll
+ 2008-10-16 20:38:39   102,912   ----a-w   c:\windows\SYSTEM32\occache.dll
- 2008-08-26 07:24:30   44,544   ----a-w   c:\windows\SYSTEM32\pngfilt.dll
+ 2008-10-16 20:38:39   44,544   ----a-w   c:\windows\SYSTEM32\pngfilt.dll
- 2008-07-08 13:02:01   17,272   ------w   c:\windows\SYSTEM32\spmsg.dll
+ 2007-07-27 14:41:40   16,760   ------w   c:\windows\SYSTEM32\spmsg.dll
- 2008-07-14 11:09:18   62,976   ------w   c:\windows\SYSTEM32\tzchange.exe
+ 2008-10-22 09:47:07   62,976   ------w   c:\windows\SYSTEM32\tzchange.exe
- 2008-08-26 07:24:30   105,984   ----a-w   c:\windows\SYSTEM32\url.dll
+ 2008-10-16 20:38:39   105,984   ----a-w   c:\windows\SYSTEM32\url.dll
- 2008-08-26 07:24:31   1,159,680   ----a-w   c:\windows\SYSTEM32\urlmon.dll
+ 2008-10-16 20:38:39   1,160,192   ----a-w   c:\windows\SYSTEM32\urlmon.dll
- 2008-08-26 07:24:31   233,472   ----a-w   c:\windows\SYSTEM32\webcheck.dll
+ 2008-10-16 20:38:39   233,472   ----a-w   c:\windows\SYSTEM32\webcheck.dll
- 2004-08-12 14:10:07   1,050,624   ----a-w   c:\windows\SYSTEM32\wmnetmgr.dll
+ 2008-06-10 23:18:18   1,053,696   ----a-w   c:\windows\SYSTEM32\WMNetmgr.dll
- 2007-10-27 22:37:38   2,109,440   ----a-w   c:\windows\SYSTEM32\wmvcore.dll
+ 2008-11-07 23:32:20   2,109,440   ----a-w   c:\windows\SYSTEM32\WMVCore.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 05:46   160496   --a------   c:\program files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-24 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-29 29744]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-10-30 1168264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digimax Viewer 2.1.lnk - c:\program files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2007-09-13 634880]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
MA111 Configuration Utility.lnk - c:\program files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe [2007-06-11 1158144]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-03-20 356920]
R3 WlanUIB;NETGEAR 802.11b USB Driver;c:\windows\system32\DRIVERS\MA111nd5.sys [2007-06-11 666624]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-12 29744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f8071b2-d394-11dc-9410-00095bb53d54}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-19 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-12-11 17:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://zustaus.com/r_cmtp?u=http%3A%2F%2Fupdateddomainlists.com%2Fsoft.php%3Faid%3D0522169011%26d%3D0%26product%3DXPA%26refer%3D8c3c8035f&c=soft-tc&b=6&o=6&cuid=2a44b88154b7824fab954edadddf5c52&suid=657874e6b92e11ddbd8500304890471a&affid=169011&tid=iu0011&rid=486299
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Adam\Application Data\Mozilla\Firefox\Profiles\c53i5gyq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://forestpark.groupfusion.net/
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 08:55:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-25 8:58:35
ComboFix-quarantined-files.txt 2008-12-25 13:58:28
ComboFix2.txt 2008-12-25 04:59:18

Pre-Run: 35,690,831,872 bytes free
Post-Run: 35,677,622,272 bytes free

375   --- E O F ---   2008-12-25 08:05:48

Answer
Hi Adam

Your HJT log file is clean. If you are continuing to have the uninstall problem, first try downloading Revo Uninstaller from here:
http://www.revouninstaller.com/revosetup.exe
This is a great free program to help pesky uninstall problems.
If this does not work, let me know and we can troubleshoot further.

Brian

Computer Security & Viruses

All Answers

Answers by Expert:

Ask Experts

Volunteer

Brian Benosky

Expertise

I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.

Experience

I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here: http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm I am also a Top Contributor of General Computing answers in Yahoo! Questions.

Education/Credentials
College Educated Self-taught Computer Skills

Encyclopedia

Browse Answers:

Computer Security & Viruses/one seriously messed up computer cont.

Related Articles

Brian Benosky

Expertise

Experience