Jump to content

Firefox being redirected


Recommended Posts

Hello, I'm in a jam and hope folks more in the know than myself can lend a hand. Up front, thanks very much for any assistance.

Problem: While on the web last night, using latest edition of Firefox, I got a malware attack. I believe it came through an ad banner on the site I had just opened (fallout.wiki, a forum for the PC game I've been on many times). I use MacAffe (though the definitions are about a year out of date), and the SystemGaurds poped up with a message alerting me that a 'Y.EXEY' file in the Temporary folder was looking to make registry changes. I blocked this, and immediately ran MalwareBytes. Results:

Malwarebytes' Anti-Malware 1.41

Database version: 3113

Windows 5.1.2600 Service Pack 2

11/6/2009 11:53:23 PM

mbam-log-2009-11-06 (23-53-23).txt

Scan type: Quick Scan

Objects scanned: 112588

Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\logon.exe (Worm.Emold) -> Delete on reboot.

Emold worm. Restarted computer, ran MalwareBytes again, clean. Everything looked cool. However, using Firefox I notice that the browser is being redirected to random advert pages (multiple pages, not one particular site/spoof). Most often this happens when clicking a result from Google, sometimes an advert window opens on it's own while just sitting on a webpage. Many times MacAffe will block the re-directed page, saying it recognizes it as having links that can compromise security. Note- I believe the problem is just with FireFox, haven't seen behavior duplicated in IE (which I seldom use).

I've run MalwareBytes, SpyBot S&D, and MacAffe; all say clean. I've run an app called 'GooredFix', and it does not seem to detect anything. I need to update my anti-virus software anyway, but I have a strong suspicion even if I install Norton 2010 that it may not catch this problem. Can anyone help with this nagging redirect issue? Thanks again for any help.

Current MalwareBytes file:

Malwarebytes' Anti-Malware 1.41

Database version: 3117

Windows 5.1.2600 Service Pack 2

11/7/2009 1:38:45 PM

mbam-log-2009-11-07 (13-38-45).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 379837

Time elapsed: 1 hour(s), 39 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Current Hijack This:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:12:57 PM, on 11/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\wuauclt.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.trymedia.com (HKLM)

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--

End of file - 9860 bytes

Link to post
Share on other sites

  • Staff

Hi,

You need an antivirus with up to date definitions. Having one a year out of date (especially McAfee) will almost guarantee you'll get infected again, even after we're done cleaning the computer. I will provide recommendations for you for great, free antivirus software later on.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thanks very much for the reply,

I ran ComboFix earlier this afternoon, upon seeing your message. It said it detected Rootkit activity, and needed to re-boot. Computer then hung on re-start, and I couldn't get Safe mode to start either. My computer's a HP, so I used the PC recovery tool, and re-installed XP/settings. I also went out and purchased Norton 2010, and that found some nasties hiding out in Java.

I honestly don't know if I'm in the clear yet, but I'll keep it appraised in this thread as I scan the computer today/tomorrow. The only thing that's got me a bit leery in the PC Recovery was that it was what I would term, in old-school fashion, a 'non-destructive' recovery. Meaning data files, certain programs (like Firefox/Spybot/etc.) and my data files were left alone on the re-set. I'm wanting to hold off running Combofix again right away, seeing as how it urped my computer earlier (this no doubt due to the malware, of course).

Here is my recent (after re-start) Hi-Jack this log. Note, there are quite a few entries by SpyBot, I believe this is related to me directing it to blow out 'Wild Tangent', of which there were numerous entries (that's common, I'm not concerned about that). I haven't re-started the PC after that first sweep yet.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:37:51 PM, on 11/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe

C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)

O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\RunOnce: [AddRAID] c:\windows\regedit.exe /s c:\hp\bin\Add_RAID\AddRAID2.reg

O4 - HKLM\..\RunOnce: [spybotDeletingA5421] command.com /c del "C:\WINDOWS\wt\webdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC5033] cmd.exe /c del "C:\WINDOWS\wt\webdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA4271] command.com /c del "C:\WINDOWS\wt\data.wts"

O4 - HKLM\..\RunOnce: [spybotDeletingC8913] cmd.exe /c del "C:\WINDOWS\wt\data.wts"

O4 - HKLM\..\RunOnce: [spybotDeletingA7979] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC6297] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA1771] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC4972] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA1296] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC6507] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA9950] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC5284] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA8833] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC2535] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA2949] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"

O4 - HKLM\..\RunOnce: [spybotDeletingC7277] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"

O4 - HKLM\..\RunOnce: [spybotDeletingA2825] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC6596] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA2486] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC7444] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA4417] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"

O4 - HKLM\..\RunOnce: [spybotDeletingC3222] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"

O4 - HKLM\..\RunOnce: [spybotDeletingA800] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC3586] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA5432] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC470] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA245] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"

O4 - HKLM\..\RunOnce: [spybotDeletingC3449] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"

O4 - HKLM\..\RunOnce: [spybotDeletingA8412] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"

O4 - HKLM\..\RunOnce: [spybotDeletingC9188] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"

O4 - HKLM\..\RunOnce: [spybotDeletingA4011] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"

O4 - HKLM\..\RunOnce: [spybotDeletingC1770] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"

O4 - HKLM\..\RunOnce: [spybotDeletingA3335] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC2624] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA3675] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"

O4 - HKLM\..\RunOnce: [spybotDeletingC2682] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"

O4 - HKLM\..\RunOnce: [spybotDeletingA1287] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC6842] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA6337] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC5865] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA9416] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"

O4 - HKLM\..\RunOnce: [spybotDeletingC1574] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"

O4 - HKLM\..\RunOnce: [spybotDeletingA9082] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"

O4 - HKLM\..\RunOnce: [spybotDeletingC9598] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"

O4 - HKLM\..\RunOnce: [spybotDeletingA1619] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingC4169] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingA7987] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC4882] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA3032] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC1454] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA1065] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC7315] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA2438] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC5591] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA9876] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC3566] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA2216] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"

O4 - HKLM\..\RunOnce: [spybotDeletingC7187] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"

O4 - HKLM\..\RunOnce: [spybotDeletingA9708] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC9103] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA4932] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC6132] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA1912] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC839] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA6436] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"

O4 - HKLM\..\RunOnce: [spybotDeletingC2339] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"

O4 - HKLM\..\RunOnce: [spybotDeletingA30] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC2137] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA4468] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"

O4 - HKLM\..\RunOnce: [spybotDeletingC4698] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"

O4 - HKLM\..\RunOnce: [spybotDeletingA1643] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingC2685] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingA1620] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingC6307] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingA7166] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC5342] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA7891] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"

O4 - HKLM\..\RunOnce: [spybotDeletingC2527] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"

O4 - HKLM\..\RunOnce: [spybotDeletingA4344] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"

O4 - HKLM\..\RunOnce: [spybotDeletingC1884] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"

O4 - HKLM\..\RunOnce: [spybotDeletingA7112] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"

O4 - HKLM\..\RunOnce: [spybotDeletingC5097] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"

O4 - HKLM\..\RunOnce: [spybotDeletingA4898] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC7586] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA1874] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC999] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA9585] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"

O4 - HKLM\..\RunOnce: [spybotDeletingC3991] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"

O4 - HKLM\..\RunOnce: [spybotDeletingA8651] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC2004] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA7158] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"

O4 - HKLM\..\RunOnce: [spybotDeletingC2573] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"

O4 - HKLM\..\RunOnce: [spybotDeletingA5423] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"

O4 - HKLM\..\RunOnce: [spybotDeletingC9854] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"

O4 - HKLM\..\RunOnce: [spybotDeletingA149] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"

O4 - HKLM\..\RunOnce: [spybotDeletingC9353] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"

O4 - HKLM\..\RunOnce: [spybotDeletingA3829] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"

O4 - HKLM\..\RunOnce: [spybotDeletingC9556] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"

O4 - HKLM\..\RunOnce: [spybotDeletingA5546] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC4690] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA2461] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC1896] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA8569] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"

O4 - HKLM\..\RunOnce: [spybotDeletingC3719] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"

O4 - HKLM\..\RunOnce: [spybotDeletingA400] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"

O4 - HKLM\..\RunOnce: [spybotDeletingC213] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"

O4 - HKLM\..\RunOnce: [spybotDeletingA4523] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingC1763] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingA8373] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC9057] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA3392] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html"

O4 - HKLM\..\RunOnce: [spybotDeletingC6056] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html"

O4 - HKLM\..\RunOnce: [spybotDeletingA9050] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo"

O4 - HKLM\..\RunOnce: [spybotDeletingC4873] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo"

O4 - HKLM\..\RunOnce: [spybotDeletingA8654] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingC4322] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas"

O4 - HKLM\..\RunOnce: [spybotDeletingA5230] command.com /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"

O4 - HKLM\..\RunOnce: [spybotDeletingC8784] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [spybotDeletingB3848] command.com /c del "C:\WINDOWS\wt\webdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD3451] cmd.exe /c del "C:\WINDOWS\wt\webdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB8629] command.com /c del "C:\WINDOWS\wt\data.wts"

O4 - HKCU\..\RunOnce: [spybotDeletingD9348] cmd.exe /c del "C:\WINDOWS\wt\data.wts"

O4 - HKCU\..\RunOnce: [spybotDeletingB9996] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD8585] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB3578] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD4065] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB9866] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD8617] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB4089] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD237] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB6732] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD6258] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB9375] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"

O4 - HKCU\..\RunOnce: [spybotDeletingD8580] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"

O4 - HKCU\..\RunOnce: [spybotDeletingB3494] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD3884] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB2310] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD8096] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB922] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"

O4 - HKCU\..\RunOnce: [spybotDeletingD2781] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"

O4 - HKCU\..\RunOnce: [spybotDeletingB643] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD2033] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB716] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD3750] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB6289] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"

O4 - HKCU\..\RunOnce: [spybotDeletingD4669] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"

O4 - HKCU\..\RunOnce: [spybotDeletingB3098] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"

O4 - HKCU\..\RunOnce: [spybotDeletingD8450] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"

O4 - HKCU\..\RunOnce: [spybotDeletingB1527] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"

O4 - HKCU\..\RunOnce: [spybotDeletingD2291] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"

O4 - HKCU\..\RunOnce: [spybotDeletingB476] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD6907] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB2966] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"

O4 - HKCU\..\RunOnce: [spybotDeletingD3594] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"

O4 - HKCU\..\RunOnce: [spybotDeletingB3239] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD9476] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB9163] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD1828] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB688] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"

O4 - HKCU\..\RunOnce: [spybotDeletingD2982] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"

O4 - HKCU\..\RunOnce: [spybotDeletingB5832] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"

O4 - HKCU\..\RunOnce: [spybotDeletingD3280] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"

O4 - HKCU\..\RunOnce: [spybotDeletingB6919] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingD7394] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingB7732] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD633] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB1323] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD3014] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB4464] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD1980] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB634] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD5033] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB8630] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD2196] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB8949] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"

O4 - HKCU\..\RunOnce: [spybotDeletingD79] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"

O4 - HKCU\..\RunOnce: [spybotDeletingB7114] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD5482] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB6879] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD4062] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB8527] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD8485] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB9992] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"

O4 - HKCU\..\RunOnce: [spybotDeletingD6604] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"

O4 - HKCU\..\RunOnce: [spybotDeletingB8667] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD2267] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB2290] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"

O4 - HKCU\..\RunOnce: [spybotDeletingD6073] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"

O4 - HKCU\..\RunOnce: [spybotDeletingB8899] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingD4657] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingB8757] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingD1721] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingB2621] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD8267] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB2157] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"

O4 - HKCU\..\RunOnce: [spybotDeletingD1386] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"

O4 - HKCU\..\RunOnce: [spybotDeletingB5117] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"

O4 - HKCU\..\RunOnce: [spybotDeletingD6380] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"

O4 - HKCU\..\RunOnce: [spybotDeletingB2161] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"

O4 - HKCU\..\RunOnce: [spybotDeletingD9847] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"

O4 - HKCU\..\RunOnce: [spybotDeletingB217] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD3731] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB2063] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD8455] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB4268] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"

O4 - HKCU\..\RunOnce: [spybotDeletingD1742] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"

O4 - HKCU\..\RunOnce: [spybotDeletingB7894] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD8345] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB7590] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"

O4 - HKCU\..\RunOnce: [spybotDeletingD8053] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"

O4 - HKCU\..\RunOnce: [spybotDeletingB2979] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"

O4 - HKCU\..\RunOnce: [spybotDeletingD3678] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"

O4 - HKCU\..\RunOnce: [spybotDeletingB3384] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"

O4 - HKCU\..\RunOnce: [spybotDeletingD6510] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"

O4 - HKCU\..\RunOnce: [spybotDeletingB5240] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"

O4 - HKCU\..\RunOnce: [spybotDeletingD397] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"

O4 - HKCU\..\RunOnce: [spybotDeletingB2778] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD9186] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB8792] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD8041] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB218] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"

O4 - HKCU\..\RunOnce: [spybotDeletingD1929] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"

O4 - HKCU\..\RunOnce: [spybotDeletingB2782] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"

O4 - HKCU\..\RunOnce: [spybotDeletingD3527] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"

O4 - HKCU\..\RunOnce: [spybotDeletingB8414] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingD7252] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingB6763] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD4178] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB7091] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html"

O4 - HKCU\..\RunOnce: [spybotDeletingD1932] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html"

O4 - HKCU\..\RunOnce: [spybotDeletingB9599] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo"

O4 - HKCU\..\RunOnce: [spybotDeletingD856] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo"

O4 - HKCU\..\RunOnce: [spybotDeletingB7356] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingD6315] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas"

O4 - HKCU\..\RunOnce: [spybotDeletingB7476] command.com /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"

O4 - HKCU\..\RunOnce: [spybotDeletingD3789] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.trymedia.com (HKLM)

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe

--

End of file - 36119 bytes

See any problems? As said, I haven't hit any re-directs yet, but I'll search more tonight/tomorrow and report back on status. Let me also say again, thanks for any help. You get a big tip of the hat for the time and effort you volunteer with this, it is greatly appreciated.

Link to post
Share on other sites

  • Staff

Hi,

You're very welcome. :) More to do here, so let's continue.

Restart your computer.

Next, grab a fresh copy of ComboFix.exe, rename it to JerseySam.exe before you download it, then save it to your Desktop. Do not run it yet.

Next, navigate to Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\JerseySam.exe" /killall

Press Enter. ComboFix should run now. Let it run then post its log.

-screen317

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.