Jessiest
Members-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Jessiest
-
CAN'T get rid of my WebSearch.... le sigh
Jessiest replied to Jessiest's topic in Resolved Malware Removal Logs
HA! You got rid of it!! I don't know how but it's gone!! -
CAN'T get rid of my WebSearch.... le sigh
Jessiest replied to Jessiest's topic in Resolved Malware Removal Logs
This did not give me the option to save to the desktop. Will this work or shall I try again? ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/04 09:39 Program Version: Version 1.3.5.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Drivers ------------------- Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xAE4FF000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Cookies\i.dex.dat Status: Locked to the Windows API! Path: c:\documents and settings\hp_administrator\local settings\application data\mozilla\firefox\profiles\ltwcpzjz.default\cache\7fe46e80d01 Status: Size mismatch (API: 36371, Raw: 28717) SSDT ------------------- #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xb3798df0 ==EOF== -
CAN'T get rid of my WebSearch.... le sigh
Jessiest replied to Jessiest's topic in Resolved Malware Removal Logs
OTL Extras logfile created on: 11/4/2009 9:29:59 AM - Run 1 OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 73.10% Memory free 3.78 Gb Paging File | 3.36 Gb Available in Paging File | 88.83% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 177.80 Gb Total Space | 141.17 Gb Free Space | 79.40% Space Free | Partition Type: NTFS Drive D: | 8.50 Gb Total Space | 1.13 Gb Free Space | 13.25% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NUMBER2 Current User Name: HP_Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- File not found "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- File not found "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- File not found "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found "C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found "C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found "C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.) "C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.) "C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- File not found "C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- File not found "C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation) "C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found "C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\AirPort\APAgent.exe" = C:\Program Files\AirPort\APAgent.exe:*:Enabled:AirPort -- (Apple Inc.) "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus "{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15 "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar) "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{39DB116F-E088-486F-B13C-8925ECE7A6E5}" = 3D Sound Back Beta0.1 "{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001 "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{637AF5A9-CFD1-43D7-A622-8F93954E92E3}" = AirPort "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = D-Link DWA-552 Xtreme N Desktop Adapter "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar) "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English "{7FC2AF73-10ED-404E-84A8-636B452404FD}" = Realtek RTL8139 Diagnostics Program "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{91477C6F-EC7C-4BFC-BBE1-E45908019DED}" = LightScribe 1.4.52.1 "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer "{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar) "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9 "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI "{B23DD567-8CFF-40FF-A47C-6508D15986A0}" = Machine Check Analysis Tool "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{DFB0FED6-0010-4E9B-A402-E513F2459161}" = muvee autoProducer unPlugged 1.2 "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch "{E7137AFD-4E43-47A6-BDC7-533808F72B36}" = muvee autoProducer 4.5 "{EA1A669B-302B-4E6E-BD23-FA5572A7A85C}" = AMD Power Monitor "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar) "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK "{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock "75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "ATI Display Driver" = ATI Display Driver "AwayMode160" = Microsoft Away Mode "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP "doPDF 6 printer_is1" = doPDF 6.2 printer "HijackThis" = HijackThis 2.0.2 "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0 "HPExtendedCapabilities" = HP Customer Participation Program 7.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement "InterActual Player" = InterActual Player "Macromedia Shockwave Player" = Macromedia Shockwave Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Security Scan" = McAfee Security Scan "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Python 2.2.3" = Python 2.2.3 "pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203) "SpywareBlaster_is1" = SpywareBlaster 4.2 "TurboTax Home & Business 2007" = TurboTax Home & Business 2007 "WIC" = Windows Imaging Component "Windows Live Toolbar" = Windows Live Toolbar "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/4/2009 10:05:19 AM | Computer Name = NUMBER2 | Source = ESENT | ID = 474 Description = wlmail (2860) The database page read from the file "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Live Mail\Mail.MSMessageStore" at offset 4096000 (0x00000000003e8000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 2690729272 (0xa0614538) and the actual checksum was 2959164728 (0xb0614538). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. Error - 11/4/2009 10:05:20 AM | Computer Name = NUMBER2 | Source = ESENT | ID = 474 Description = wlmail (2860) The database page read from the file "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Live Mail\Mail.MSMessageStore" at offset 4096000 (0x00000000003e8000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 2690729272 (0xa0614538) and the actual checksum was 2959164728 (0xb0614538). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. Error - 11/4/2009 10:05:22 AM | Computer Name = NUMBER2 | Source = ESENT | ID = 474 Description = wlmail (2860) The database page read from the file "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Live Mail\Mail.MSMessageStore" at offset 4096000 (0x00000000003e8000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 2690729272 (0xa0614538) and the actual checksum was 2959164728 (0xb0614538). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. Error - 11/4/2009 10:05:23 AM | Computer Name = NUMBER2 | Source = ESENT | ID = 474 Description = wlmail (2860) The database page read from the file "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Live Mail\Mail.MSMessageStore" at offset 4096000 (0x00000000003e8000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 2690729272 (0xa0614538) and the actual checksum was 2959164728 (0xb0614538). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. Error - 11/4/2009 10:05:25 AM | Computer Name = NUMBER2 | Source = ESENT | ID = 474 Description = wlmail (2860) The database page read from the file "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Live Mail\Mail.MSMessageStore" at offset 4096000 (0x00000000003e8000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 2690729272 (0xa0614538) and the actual checksum was 2959164728 (0xb0614538). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. Error - 11/4/2009 10:05:27 AM | Computer Name = NUMBER2 | Source = ESENT | ID = 474 Description = wlmail (2860) The database page read from the file "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Live Mail\Mail.MSMessageStore" at offset 4096000 (0x00000000003e8000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 2690729272 (0xa0614538) and the actual checksum was 2959164728 (0xb0614538). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. Error - 11/4/2009 10:05:28 AM | Computer Name = NUMBER2 | Source = ESENT | ID = 474 Description = wlmail (2860) The database page read from the file "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Live Mail\Mail.MSMessageStore" at offset 4096000 (0x00000000003e8000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 2690729272 (0xa0614538) and the actual checksum was 2959164728 (0xb0614538). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. Error - 11/4/2009 10:05:29 AM | Computer Name = NUMBER2 | Source = ESENT | ID = 217 Description = wlmail (2860) WindowsLiveMail0: Error (-1018) during backup of a database (file C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Live Mail\Mail.MSMessageStore). The database will be unable to restore. Error - 11/4/2009 10:05:29 AM | Computer Name = NUMBER2 | Source = ESENT | ID = 215 Description = wlmail (2860) WindowsLiveMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error - 11/4/2009 10:05:31 AM | Computer Name = NUMBER2 | Source = Windows Live Mail | ID = 1000 Description = [ System Events ] Error - 10/31/2009 9:22:08 AM | Computer Name = NUMBER2 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ftsata2 Lbd Error - 11/1/2009 7:46:27 AM | Computer Name = NUMBER2 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ftsata2 Lbd Error - 11/2/2009 4:13:02 PM | Computer Name = NUMBER2 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ftsata2 Lbd Error - 11/2/2009 4:32:04 PM | Computer Name = NUMBER2 | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'msimg32.dll' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. Error - 11/2/2009 4:32:24 PM | Computer Name = NUMBER2 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ftsata2 Lbd Error - 11/2/2009 5:39:28 PM | Computer Name = NUMBER2 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ftsata2 Lbd Error - 11/3/2009 11:56:39 PM | Computer Name = NUMBER2 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ftsata2 Lbd Error - 11/4/2009 8:53:34 AM | Computer Name = NUMBER2 | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 11/4/2009 8:53:34 AM | Computer Name = NUMBER2 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 11/4/2009 9:37:15 AM | Computer Name = NUMBER2 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ftsata2 Lbd < End of report > -
CAN'T get rid of my WebSearch.... le sigh
Jessiest replied to Jessiest's topic in Resolved Malware Removal Logs
[2005/11/10 19:43:35 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/11/10 19:32:35 | 00,000,147 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2005/11/10 19:31:35 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini [2005/11/10 19:20:01 | 00,017,148 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2005/11/10 19:18:53 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/11/10 19:02:13 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/11/10 18:55:33 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll [2005/11/10 18:55:33 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll [2005/11/10 18:55:10 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2005/10/05 15:50:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/08/31 07:02:00 | 00,000,577 | ---- | C] () -- C:\WINDOWS\win.ini [2005/08/30 23:52:36 | 00,000,250 | ---- | C] () -- C:\WINDOWS\system.ini [2005/08/30 23:52:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2005/08/06 00:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/08/03 02:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll [2004/08/10 07:00:00 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005064_.tmp.dll [2004/08/10 07:00:00 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005032_.tmp.dll [2004/07/26 17:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2001/07/07 01:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2001/06/24 04:32:44 | 00,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll [2000/07/28 05:48:12 | 00,102,400 | ---- | C] () -- C:\WINDOWS\JAPI.dll ========== LOP Check ========== [2008/09/25 05:44:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adventure Workshop [2006/01/21 13:01:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2007/06/05 16:20:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA [2006/04/12 01:31:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation [2008/12/10 15:43:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner [2008/06/06 14:35:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Earthsim [2008/05/26 14:10:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet [2009/05/06 16:12:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma [2006/04/25 15:05:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar [2008/09/14 10:39:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks [2008/02/26 19:38:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop [2008/06/06 14:30:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2008/04/21 07:55:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm [2008/09/11 19:01:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator [2007/06/05 11:03:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/09/05 00:04:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2006/02/24 10:58:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tenebril [2006/12/06 11:37:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar [2007/04/05 14:54:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo [2009/08/21 04:27:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/11/02 19:58:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily).job [2009/11/03 12:00:00 | 00,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\Auto-scheduled task of Free Registry Fix.job [2009/11/04 08:47:00 | 00,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job [2004/08/10 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/11/03 02:17:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2009/11/04 08:36:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/11/04 08:56:27 | 00,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9D774AE4-2583-4A3C-B36A-6CFF61F78B64}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 > [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > [2005/06/17 16:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys [2005/06/17 16:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys < %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BB26BE9 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A42A9F39 < End of report > -
CAN'T get rid of my WebSearch.... le sigh
Jessiest replied to Jessiest's topic in Resolved Malware Removal Logs
SRV - (NWCWorkstation) -- C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation) SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SRV - (6to4) -- C:\WINDOWS\system32\6to4svc.dll (Microsoft Corporation) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE (HP) SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) SRV - (ehRecvr) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) SRV - (ACS) -- C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe (Atheros) SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) SRV - (ehSched) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) SRV - (McrdSvc) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft) SRV - (HP Port Resolver) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE (Hewlett-Packard Company) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (HP Status Server) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE (Hewlett-Packard Company) SRV - (NwSapAgent) -- C:\WINDOWS\system32\ipxsap.dll (Microsoft Corporation) SRV - (MDM) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (NWRDR) -- C:\WINDOWS\system32\drivers\nwrdr.sys (Microsoft Corporation) DRV - (Dev_UNIDRV) -- C:\WINDOWS\system32\drivers\UNIDRV.SYS (TwinSSoft Co.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.) DRV - (AR5416) -- C:\WINDOWS\system32\drivers\ar5416.sys (D-Link) DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.) DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP) DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP) DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP) DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\wg111v2.sys (NETGEAR Inc.) DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company) DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 95 32 D6 02 5D CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "http://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZKfox000&ptb=8u3Z8sxKKSdFVcqNBIUUtw" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {27c60876-b5c9-4335-b4f3-52b26782220c}:0.9.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4 FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKfox000&fl=0&ptb=8u3Z8sxKKSdFVcqNBIUUtw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=" FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/24 11:06:41 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/01 20:05:07 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/28 19:35:35 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 19:35:35 | 00,000,000 | ---D | M] [2008/12/10 15:34:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions [2008/12/10 15:34:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/11/04 08:47:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ltwcpzjz.default\extensions [2009/08/24 12:06:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ltwcpzjz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/08/11 22:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ltwcpzjz.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c} [2009/10/28 06:50:51 | 00,009,941 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ltwcpzjz.default\searchplugins\mywebsearch.xml [2009/11/04 08:47:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2008/06/06 14:38:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2) [2009/10/28 19:35:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/01 20:05:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/06/27 22:45:25 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/07/20 04:11:25 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009/10/16 18:37:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2008/11/15 18:10:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com [2009/10/28 19:35:27 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/10/28 19:35:27 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll [2006/02/07 15:41:38 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll [2009/07/25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll [2009/10/27 17:51:03 | 00,024,684 | ---- | M] (MyWebSearch.com) -- C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll [2009/10/28 19:35:32 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2006/05/03 20:50:46 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll [2009/07/02 11:01:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009/07/02 11:01:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009/07/02 11:01:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009/07/02 11:01:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009/07/02 11:01:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009/07/02 11:01:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009/07/02 11:01:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2006/05/03 20:50:58 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll [2006/05/03 20:50:40 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll [2009/08/19 17:46:38 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/08/19 17:46:38 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/08/19 17:46:38 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/08/19 17:46:38 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/08/19 17:46:38 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/08/19 17:46:38 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/08/19 17:46:38 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [AMD_Display] File not found O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe ( ) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: &Search - File not found O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/11/10 19:46:21 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2008/07/07 16:21:42 | 00,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2004/04/30 06:01:14 | 00,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - C:\WINDOWS\system32\6to4svc.dll (Microsoft Corporation) NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/09/01 14:12:30 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation) NetSvcs: Nwsapagent - C:\WINDOWS\system32\ipxsap.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2009/11/02 18:49:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Picture Ripper [2009/11/02 18:49:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\PR4 [2009/10/28 19:38:41 | 00,160,272 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2009/10/28 19:38:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\log [2009/10/16 18:37:19 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/10/16 18:37:19 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/10/16 18:37:19 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2006/03/29 08:02:03 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/11/04 08:56:27 | 00,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9D774AE4-2583-4A3C-B36A-6CFF61F78B64}.job [2009/11/04 08:47:00 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2009/11/04 08:39:24 | 00,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat [2009/11/04 08:36:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/04 08:36:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/04 08:36:41 | 20,788,55168 | -HS- | M] () -- C:\hiberfil.sys [2009/11/04 08:36:00 | 05,636,096 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat [2009/11/04 08:36:00 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini [2009/11/03 19:26:59 | 06,453,258 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db [2009/11/03 17:30:49 | 00,000,593 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\My Sharing Folders.lnk [2009/11/03 12:00:00 | 00,000,432 | ---- | M] () -- C:\WINDOWS\tasks\Auto-scheduled task of Free Registry Fix.job [2009/11/03 02:17:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009/11/02 19:58:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily).job [2009/11/02 19:30:06 | 00,006,148 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store [2009/11/01 06:50:51 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/01 06:50:51 | 00,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/01 06:50:51 | 00,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/10/28 19:38:41 | 00,160,272 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2009/10/28 15:26:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/16 15:28:32 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK ========== Files Created - No Company Name ========== [2008/12/13 23:53:00 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2008/07/31 08:23:01 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.HP_Administrator.ini [2008/07/25 17:05:01 | 00,000,061 | ---- | C] () -- C:\Program Files\test.txt [2008/07/25 13:49:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2008/06/26 19:37:04 | 00,000,194 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt [2008/04/22 15:26:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdmxsdk(2).sys [2008/04/22 15:26:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFHWBS2(2).sys [2008/04/22 15:26:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSF_DP(2).sys [2008/04/22 15:26:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSF_CNXT(2).sys [2008/04/04 07:54:29 | 06,453,258 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db [2008/02/26 17:58:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI [2008/02/04 01:01:35 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008/01/17 00:23:53 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2008/01/14 18:08:47 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini [2008/01/14 18:08:44 | 00,050,280 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2008/01/14 18:08:44 | 00,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat [2007/12/07 06:32:48 | 00,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys [2007/03/27 09:45:22 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll [2007/03/01 16:25:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini [2007/02/20 07:39:50 | 00,000,664 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat [2006/12/25 09:22:13 | 00,002,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/12/05 19:00:11 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/11/29 11:36:51 | 00,000,162 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\LaunchVE3DInstaller.log [2006/11/24 16:53:25 | 00,002,161 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\.googlewebacchosts [2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/21 10:19:21 | 00,035,219 | ---- | C] () -- C:\WINDOWS\unvpeye.ini [2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006/04/14 08:02:08 | 00,078,904 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log [2006/04/14 08:02:08 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini [2006/04/11 09:18:01 | 00,000,927 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006/04/10 21:15:00 | 00,006,026 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_InstantShareJPG.log [2006/04/10 21:15:00 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini [2006/04/10 21:14:01 | 00,006,595 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log [2006/04/10 21:14:01 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini [2006/03/23 16:55:08 | 00,064,842 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log [2006/03/23 16:55:08 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2006/03/16 14:56:54 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini [2006/03/06 06:54:45 | 00,008,894 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log [2006/02/02 07:50:27 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys [2006/01/21 13:01:24 | 00,000,482 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2006/01/19 12:16:19 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/11/10 20:15:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/11/10 19:54:49 | 00,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys [2005/11/10 19:49:39 | 00,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS [2005/11/10 19:49:31 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2005/11/10 19:46:56 | 00,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini -
CAN'T get rid of my WebSearch.... le sigh
Jessiest replied to Jessiest's topic in Resolved Malware Removal Logs
OTL logfile created on: 11/4/2009 9:29:59 AM - Run 1 OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 73.10% Memory free 3.78 Gb Paging File | 3.36 Gb Available in Paging File | 88.83% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 177.80 Gb Total Space | 141.17 Gb Free Space | 79.40% Space Free | Partition Type: NTFS Drive D: | 8.50 Gb Total Space | 1.13 Gb Free Space | 13.25% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NUMBER2 Current User Name: HP_Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Program Files\AirPort\APAgent.exe (Apple Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation) PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE (HP) PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) PRC - C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe ( ) PRC - C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) PRC - C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe (Atheros) PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\arservice.exe (Microsoft) PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.) PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\mslbui.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- File not found SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) -
I pray one of you brilliant peeps can help me and then recommend how to keep my computer safe from my teenagers. C:\WINDOWS\Explorer.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\AirPort\APAgent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZKfox000 O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE -- End of file - 5816 bytes