hurdlesemo
2009-05-19, 17:09
Dunno what is going on.
Can't start in safe mode, install S&D and when I search and click on resulting links takes me to various other sites - alternate DNS thingy.
Here is hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:22 AM, on 5/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AMS Services\TransactNOW\OALaunch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: TransactNOW SSO Update Monitor.lnk = C:\Program Files\AMS Services\TransactNOW\OALaunch.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.AMSSetWrite.com (HKLM)
O15 - Trusted Zone: *.silverplume.com (HKLM)
O15 - Trusted Zone: http://*.travelers.com (HKLM)
O15 - Trusted Zone: http://*.travelerspc.com (HKLM)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239981720140&h=8f9991cf495bc8f22bcd09d8a6c5f4b6/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 5287 bytes
info.txt logfile of random's system information tool 1.06 2009-05-19 09:57:35
======Uninstall list======
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
32 Bit HP BiDi Channel Components Installer-->MsiExec.exe /I{9DE3F260-B88E-42CE-90E7-73C78C37D95E}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AMS TransactNOW Single Sign-On-->MsiExec.exe /X{ADC8B312-FBE0-49AE-A0AA-3F5EB104DDB9}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ESET NOD32 Antivirus-->MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP LaserJet M2727 MFP Series 5.0-->C:\Program Files\HP\Digital Imaging\{3A915D43-FD4F-4e4f-BEF7-B75C160B0236}\setup\hpzscr01.exe -datfile hppscr07.dat -onestop -forcereboot
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Microsoft Office Live Meeting 2007-->MsiExec.exe /I{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.17)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Essentials-->MsiExec.exe /X{F61DD673-0030-4BB2-A382-7E57E97F1033}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Ralink Wireless LAN-->C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe -runfromtemp -l0x0009 -removeonly
Rating_Workstation_Complete-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA0548FD-9E9E-4408-9A2B-65787CDD20FC}\setup.exe" -l0x9 -removeonly
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
=====HijackThis Backups=====
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.20,85.255.112.141 [2009-05-11]
O17 - HKLM\System\CCS\Services\Tcpip\..\{C949B295-A8D0-46F2-B34C-23A1FBDBDB69}: NameServer = 85.255.112.20,85.255.112.141 [2009-05-11]
O17 - HKLM\System\CCS\Services\Tcpip\..\{96D324F5-F94C-416F-9160-DF7C33B2D01D}: NameServer = 85.255.112.20,85.255.112.141 [2009-05-11]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.20,85.255.112.141 [2009-05-11]
O1 - Hosts: ::1 localhost [2009-05-19]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-05-19]
======Security center information======
AV: ESET NOD32 Antivirus 3.0
AS: ESET NOD32 Antivirus 3.0
AS: Windows Defender
======System event log======
Computer Name: Rachel
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
i8042prt
Record Number: 38118
Source Name: Service Control Manager
Time Written: 20090519142625.000000-000
Event Type: Error
User:
Computer Name: Rachel
Event Code: 8003
Message: The master browser has received a server announcement from the computer VICKI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{96D324F5-F94C-416F-9160-DF7C33B2D01D. The master browser is stopping or an election is being forced.
Record Number: 38133
Source Name: bowser
Time Written: 20090519143410.941616-000
Event Type: Error
User:
Computer Name: Rachel
Event Code: 10005
Message: DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Record Number: 38136
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090519143608.000000-000
Event Type: Error
User:
Computer Name: Rachel
Event Code: 7009
Message: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
Record Number: 38138
Source Name: Service Control Manager
Time Written: 20090519143608.000000-000
Event Type: Error
User:
Computer Name: Rachel
Event Code: 7000
Message: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 38139
Source Name: Service Control Manager
Time Written: 20090519143608.000000-000
Event Type: Error
User:
=====Application event log=====
Computer Name: Rachel
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 9396
Source Name: Microsoft-Windows-WMI
Time Written: 20090519133826.000000-000
Event Type: Error
User:
Computer Name: Rachel
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 9441
Source Name: Microsoft-Windows-WMI
Time Written: 20090519142625.000000-000
Event Type: Error
User:
Computer Name: Rachel
Event Code: 3013
Message: The entry <C:\USERS\JOSH\DESKTOP\JOSH FOLDER\5.11.09 COLUMN.DOC> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Record Number: 9442
Source Name: Microsoft-Windows-Search
Time Written: 20090519142633.000000-000
Event Type: Error
User:
Computer Name: Rachel
Event Code: 3013
Message: The entry <C:\USERS\JOSH\DESKTOP\JOSH FOLDER\GOLF DISTRICTS.DOC> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Record Number: 9443
Source Name: Microsoft-Windows-Search
Time Written: 20090519142633.000000-000
Event Type: Error
User:
Computer Name: Rachel
Event Code: 3013
Message: The entry <C:\USERS\JOSH\DESKTOP\JOSH FOLDER\TRACK CONFERENCE.DOC> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Record Number: 9444
Source Name: Microsoft-Windows-Search
Time Written: 20090519142634.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Rachel
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 13124
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090519145734.447489-000
Event Type: Audit Failure
User:
Computer Name: Rachel
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 13125
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090519145734.472878-000
Event Type: Audit Failure
User:
Computer Name: Rachel
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 13126
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090519145734.504126-000
Event Type: Audit Failure
User:
Computer Name: Rachel
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 13127
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090519145734.531468-000
Event Type: Audit Failure
User:
Computer Name: Rachel
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 13128
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090519145734.569552-000
Event Type: Audit Failure
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
-----------------EOF-----------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Logfile of random's system information tool 1.06 (written by random/random)
Run by Josh at 2009-05-19 10:04:58
Microsoft® Windows Vista™ Business Service Pack 1
System drive C: has 63 GB (63%) free of 100 GB
Total RAM: 3230 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:00 AM, on 5/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AMS Services\TransactNOW\OALaunch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Josh\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Josh.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: TransactNOW SSO Update Monitor.lnk = C:\Program Files\AMS Services\TransactNOW\OALaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.AMSSetWrite.com (HKLM)
O15 - Trusted Zone: *.silverplume.com (HKLM)
O15 - Trusted Zone: http://*.travelers.com (HKLM)
O15 - Trusted Zone: http://*.travelerspc.com (HKLM)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239981720140&h=8f9991cf495bc8f22bcd09d8a6c5f4b6/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 5290 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-17 35840]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2008-04-30 96800]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-04-30 13515296]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-04-30 92704]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-03-13 1443072]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2008-01-10 53248]
""= []
"HPUsageTracking"=C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-08-31 36864]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-17 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-04 149040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-05-04 161328]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
C:\PROGRA~1\RALINK\Common\RaUI.exe [2007-04-25 946176]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TransactNOW SSO Update Monitor.lnk - C:\Program Files\AMS Services\TransactNOW\OALaunch.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 2 months======
2009-05-19 09:59:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-19 09:57:32 ----D---- C:\rsit
2009-05-19 09:37:22 ----D---- C:\Users\Josh\AppData\Roaming\AMS Services
2009-05-19 08:40:16 ----D---- C:\Users\Josh\AppData\Roaming\Macromedia
2009-05-19 08:40:16 ----D---- C:\Users\Josh\AppData\Roaming\Adobe
2009-05-19 08:38:12 ----D---- C:\Users\Josh\AppData\Roaming\HP
2009-05-19 08:37:50 ----D---- C:\Users\Josh\AppData\Roaming\Mozilla
2009-05-19 08:36:56 ----D---- C:\Users\Josh\AppData\Roaming\Identities
2009-05-19 08:36:47 ----SD---- C:\Users\Josh\AppData\Roaming\Microsoft
2009-05-18 15:23:50 ----D---- C:\Program Files\Microsoft
2009-05-18 15:23:34 ----D---- C:\Program Files\Windows Live SkyDrive
2009-05-18 15:21:40 ----D---- C:\Program Files\Common Files\Windows Live
2009-05-11 09:50:21 ----D---- C:\Program Files\Trend Micro
2009-04-29 09:16:54 ----D---- C:\Windows\Minidump
2009-04-29 09:14:35 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-04-29 09:14:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-17 10:21:18 ----A---- C:\Windows\system32\javaws.exe
2009-04-17 10:21:18 ----A---- C:\Windows\system32\javaw.exe
2009-04-17 10:21:18 ----A---- C:\Windows\system32\java.exe
2009-04-17 10:21:08 ----D---- C:\Program Files\Java
2009-04-17 10:03:35 ----D---- C:\RECYCLER
2009-04-16 08:39:26 ----A---- C:\Windows\system32\winhttp.dll
2009-04-16 08:39:24 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-16 08:39:24 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-16 08:39:18 ----A---- C:\Windows\system32\rpcss.dll
2009-04-16 08:39:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-16 08:39:17 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-16 08:39:16 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-16 08:39:16 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-16 08:39:16 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-16 08:39:16 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-16 08:39:16 ----A---- C:\Windows\system32\iashost.exe
2009-04-16 08:39:16 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-16 08:39:16 ----A---- C:\Windows\system32\iasads.dll
2009-04-16 08:39:12 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-16 08:39:11 ----A---- C:\Windows\system32\secur32.dll
2009-04-16 08:39:11 ----A---- C:\Windows\system32\kernel32.dll
2009-04-16 08:39:11 ----A---- C:\Windows\system32\apilogen.dll
2009-04-16 08:39:11 ----A---- C:\Windows\system32\amxread.dll
2009-04-16 08:39:00 ----A---- C:\Windows\system32\mshtml.dll
2009-04-16 08:38:57 ----A---- C:\Windows\system32\ieframe.dll
2009-04-16 08:38:55 ----A---- C:\Windows\system32\urlmon.dll
2009-04-16 08:38:55 ----A---- C:\Windows\system32\iertutil.dll
2009-04-16 08:38:54 ----A---- C:\Windows\system32\wininet.dll
2009-04-16 08:38:54 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-16 08:38:54 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-16 08:38:53 ----A---- C:\Windows\system32\occache.dll
2009-04-16 08:38:53 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-16 08:38:53 ----A---- C:\Windows\system32\ieencode.dll
2009-04-16 08:38:53 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-16 08:38:52 ----A---- C:\Windows\system32\mstime.dll
2009-04-16 08:38:52 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-07 11:27:10 ----D---- C:\Program Files\MSECache
2009-04-06 10:16:20 ----D---- C:\ProgramData\zvprt50
2009-04-06 10:11:55 ----D---- C:\hp_LJM2727_full_solution_AM_EMEA1
======List of files/folders modified in the last 2 months======
2009-05-19 10:04:57 ----D---- C:\Windows\Temp
2009-05-19 10:03:49 ----HD---- C:\ProgramData
2009-05-19 10:03:49 ----D---- C:\Windows\system32\drivers
2009-05-19 10:03:49 ----D---- C:\Windows\Prefetch
2009-05-19 09:59:45 ----RD---- C:\Program Files
2009-05-19 09:54:02 ----SHD---- C:\Windows\Installer
2009-05-19 09:54:02 ----HD---- C:\Config.Msi
2009-05-19 09:54:02 ----A---- C:\Windows\ODBC.INI
2009-05-19 09:36:15 ----D---- C:\ProgramData\Adobe
2009-05-19 09:36:13 ----D---- C:\Program Files\Common Files\Adobe
2009-05-19 09:36:04 ----D---- C:\Windows\System32
2009-05-19 09:29:02 ----D---- C:\Windows\inf
2009-05-19 09:29:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-19 09:24:35 ----D---- C:\Windows
2009-05-19 08:37:17 ----SHD---- C:\$Recycle.Bin
2009-05-19 08:36:47 ----RD---- C:\Users
2009-05-18 15:24:12 ----D---- C:\Windows\winsxs
2009-05-18 15:23:45 ----D---- C:\Windows\system32\catroot
2009-05-18 15:23:39 ----D---- C:\Program Files\Common Files\microsoft shared
2009-05-18 15:23:19 ----D---- C:\Program Files\Windows Live
2009-05-18 15:21:40 ----D---- C:\Program Files\Common Files
2009-05-18 15:21:39 ----SD---- C:\ProgramData\Microsoft
2009-05-14 08:42:02 ----D---- C:\Program Files\Windows Mail
2009-05-07 02:16:29 ----A---- C:\Windows\system32\mrt.exe
2009-04-29 17:17:07 ----D---- C:\Windows\system32\catroot2
2009-04-17 10:21:32 ----SD---- C:\Windows\Downloaded Program Files
2009-04-17 10:21:10 ----A---- C:\Windows\system32\deploytk.dll
2009-04-17 09:10:35 ----D---- C:\Windows\system32\wbem
2009-04-17 09:10:32 ----D---- C:\Windows\system32\manifeststore
2009-04-17 09:10:32 ----D---- C:\Windows\AppPatch
2009-04-17 09:10:32 ----D---- C:\Program Files\Internet Explorer
2009-04-17 08:51:56 ----A---- C:\Windows\win.ini
2009-04-17 08:50:49 ----SHD---- C:\System Volume Information
2009-04-07 11:27:29 ----D---- C:\Program Files\Microsoft Office
2009-04-06 10:16:31 ----RSD---- C:\Windows\assembly
2009-04-06 10:16:30 ----D---- C:\Program Files\HP
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-20 350720]
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-04-30 1042464]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-04-30 7928864]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-04-30 13312]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr61.sys [2006-12-13 286208]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-20 9216]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-03-13 19200]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-20 523776]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-04 267824]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-20 917504]
-----------------EOF-----------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Can't start in safe mode, install S&D and when I search and click on resulting links takes me to various other sites - alternate DNS thingy.
Here is hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:22 AM, on 5/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AMS Services\TransactNOW\OALaunch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: TransactNOW SSO Update Monitor.lnk = C:\Program Files\AMS Services\TransactNOW\OALaunch.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.AMSSetWrite.com (HKLM)
O15 - Trusted Zone: *.silverplume.com (HKLM)
O15 - Trusted Zone: http://*.travelers.com (HKLM)
O15 - Trusted Zone: http://*.travelerspc.com (HKLM)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239981720140&h=8f9991cf495bc8f22bcd09d8a6c5f4b6/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 5287 bytes
info.txt logfile of random's system information tool 1.06 2009-05-19 09:57:35
======Uninstall list======
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
32 Bit HP BiDi Channel Components Installer-->MsiExec.exe /I{9DE3F260-B88E-42CE-90E7-73C78C37D95E}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AMS TransactNOW Single Sign-On-->MsiExec.exe /X{ADC8B312-FBE0-49AE-A0AA-3F5EB104DDB9}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ESET NOD32 Antivirus-->MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP LaserJet M2727 MFP Series 5.0-->C:\Program Files\HP\Digital Imaging\{3A915D43-FD4F-4e4f-BEF7-B75C160B0236}\setup\hpzscr01.exe -datfile hppscr07.dat -onestop -forcereboot
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Microsoft Office Live Meeting 2007-->MsiExec.exe /I{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.17)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Essentials-->MsiExec.exe /X{F61DD673-0030-4BB2-A382-7E57E97F1033}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Ralink Wireless LAN-->C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe -runfromtemp -l0x0009 -removeonly
Rating_Workstation_Complete-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA0548FD-9E9E-4408-9A2B-65787CDD20FC}\setup.exe" -l0x9 -removeonly
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
=====HijackThis Backups=====
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.20,85.255.112.141 [2009-05-11]
O17 - HKLM\System\CCS\Services\Tcpip\..\{C949B295-A8D0-46F2-B34C-23A1FBDBDB69}: NameServer = 85.255.112.20,85.255.112.141 [2009-05-11]
O17 - HKLM\System\CCS\Services\Tcpip\..\{96D324F5-F94C-416F-9160-DF7C33B2D01D}: NameServer = 85.255.112.20,85.255.112.141 [2009-05-11]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.20,85.255.112.141 [2009-05-11]
O1 - Hosts: ::1 localhost [2009-05-19]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-05-19]
======Security center information======
AV: ESET NOD32 Antivirus 3.0
AS: ESET NOD32 Antivirus 3.0
AS: Windows Defender
======System event log======
Computer Name: Rachel
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
i8042prt
Record Number: 38118
Source Name: Service Control Manager
Time Written: 20090519142625.000000-000
Event Type: Error
User:
Computer Name: Rachel
Event Code: 8003
Message: The master browser has received a server announcement from the computer VICKI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{96D324F5-F94C-416F-9160-DF7C33B2D01D. The master browser is stopping or an election is being forced.
Record Number: 38133
Source Name: bowser
Time Written: 20090519143410.941616-000
Event Type: Error
User:
Computer Name: Rachel
Event Code: 10005
Message: DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Record Number: 38136
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090519143608.000000-000
Event Type: Error
User:
Computer Name: Rachel
Event Code: 7009
Message: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
Record Number: 38138
Source Name: Service Control Manager
Time Written: 20090519143608.000000-000
Event Type: Error
User:
Computer Name: Rachel
Event Code: 7000
Message: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 38139
Source Name: Service Control Manager
Time Written: 20090519143608.000000-000
Event Type: Error
User:
=====Application event log=====
Computer Name: Rachel
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 9396
Source Name: Microsoft-Windows-WMI
Time Written: 20090519133826.000000-000
Event Type: Error
User:
Computer Name: Rachel
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 9441
Source Name: Microsoft-Windows-WMI
Time Written: 20090519142625.000000-000
Event Type: Error
User:
Computer Name: Rachel
Event Code: 3013
Message: The entry <C:\USERS\JOSH\DESKTOP\JOSH FOLDER\5.11.09 COLUMN.DOC> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Record Number: 9442
Source Name: Microsoft-Windows-Search
Time Written: 20090519142633.000000-000
Event Type: Error
User:
Computer Name: Rachel
Event Code: 3013
Message: The entry <C:\USERS\JOSH\DESKTOP\JOSH FOLDER\GOLF DISTRICTS.DOC> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Record Number: 9443
Source Name: Microsoft-Windows-Search
Time Written: 20090519142633.000000-000
Event Type: Error
User:
Computer Name: Rachel
Event Code: 3013
Message: The entry <C:\USERS\JOSH\DESKTOP\JOSH FOLDER\TRACK CONFERENCE.DOC> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Record Number: 9444
Source Name: Microsoft-Windows-Search
Time Written: 20090519142634.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Rachel
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 13124
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090519145734.447489-000
Event Type: Audit Failure
User:
Computer Name: Rachel
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 13125
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090519145734.472878-000
Event Type: Audit Failure
User:
Computer Name: Rachel
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 13126
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090519145734.504126-000
Event Type: Audit Failure
User:
Computer Name: Rachel
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 13127
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090519145734.531468-000
Event Type: Audit Failure
User:
Computer Name: Rachel
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 13128
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090519145734.569552-000
Event Type: Audit Failure
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
-----------------EOF-----------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Logfile of random's system information tool 1.06 (written by random/random)
Run by Josh at 2009-05-19 10:04:58
Microsoft® Windows Vista™ Business Service Pack 1
System drive C: has 63 GB (63%) free of 100 GB
Total RAM: 3230 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:00 AM, on 5/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AMS Services\TransactNOW\OALaunch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Josh\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Josh.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: TransactNOW SSO Update Monitor.lnk = C:\Program Files\AMS Services\TransactNOW\OALaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.AMSSetWrite.com (HKLM)
O15 - Trusted Zone: *.silverplume.com (HKLM)
O15 - Trusted Zone: http://*.travelers.com (HKLM)
O15 - Trusted Zone: http://*.travelerspc.com (HKLM)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239981720140&h=8f9991cf495bc8f22bcd09d8a6c5f4b6/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 5290 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-17 35840]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2008-04-30 96800]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-04-30 13515296]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-04-30 92704]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-03-13 1443072]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2008-01-10 53248]
""= []
"HPUsageTracking"=C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-08-31 36864]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-17 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-04 149040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-05-04 161328]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
C:\PROGRA~1\RALINK\Common\RaUI.exe [2007-04-25 946176]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TransactNOW SSO Update Monitor.lnk - C:\Program Files\AMS Services\TransactNOW\OALaunch.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 2 months======
2009-05-19 09:59:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-19 09:57:32 ----D---- C:\rsit
2009-05-19 09:37:22 ----D---- C:\Users\Josh\AppData\Roaming\AMS Services
2009-05-19 08:40:16 ----D---- C:\Users\Josh\AppData\Roaming\Macromedia
2009-05-19 08:40:16 ----D---- C:\Users\Josh\AppData\Roaming\Adobe
2009-05-19 08:38:12 ----D---- C:\Users\Josh\AppData\Roaming\HP
2009-05-19 08:37:50 ----D---- C:\Users\Josh\AppData\Roaming\Mozilla
2009-05-19 08:36:56 ----D---- C:\Users\Josh\AppData\Roaming\Identities
2009-05-19 08:36:47 ----SD---- C:\Users\Josh\AppData\Roaming\Microsoft
2009-05-18 15:23:50 ----D---- C:\Program Files\Microsoft
2009-05-18 15:23:34 ----D---- C:\Program Files\Windows Live SkyDrive
2009-05-18 15:21:40 ----D---- C:\Program Files\Common Files\Windows Live
2009-05-11 09:50:21 ----D---- C:\Program Files\Trend Micro
2009-04-29 09:16:54 ----D---- C:\Windows\Minidump
2009-04-29 09:14:35 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-04-29 09:14:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-17 10:21:18 ----A---- C:\Windows\system32\javaws.exe
2009-04-17 10:21:18 ----A---- C:\Windows\system32\javaw.exe
2009-04-17 10:21:18 ----A---- C:\Windows\system32\java.exe
2009-04-17 10:21:08 ----D---- C:\Program Files\Java
2009-04-17 10:03:35 ----D---- C:\RECYCLER
2009-04-16 08:39:26 ----A---- C:\Windows\system32\winhttp.dll
2009-04-16 08:39:24 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-16 08:39:24 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-16 08:39:18 ----A---- C:\Windows\system32\rpcss.dll
2009-04-16 08:39:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-16 08:39:17 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-16 08:39:16 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-16 08:39:16 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-16 08:39:16 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-16 08:39:16 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-16 08:39:16 ----A---- C:\Windows\system32\iashost.exe
2009-04-16 08:39:16 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-16 08:39:16 ----A---- C:\Windows\system32\iasads.dll
2009-04-16 08:39:12 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-16 08:39:11 ----A---- C:\Windows\system32\secur32.dll
2009-04-16 08:39:11 ----A---- C:\Windows\system32\kernel32.dll
2009-04-16 08:39:11 ----A---- C:\Windows\system32\apilogen.dll
2009-04-16 08:39:11 ----A---- C:\Windows\system32\amxread.dll
2009-04-16 08:39:00 ----A---- C:\Windows\system32\mshtml.dll
2009-04-16 08:38:57 ----A---- C:\Windows\system32\ieframe.dll
2009-04-16 08:38:55 ----A---- C:\Windows\system32\urlmon.dll
2009-04-16 08:38:55 ----A---- C:\Windows\system32\iertutil.dll
2009-04-16 08:38:54 ----A---- C:\Windows\system32\wininet.dll
2009-04-16 08:38:54 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-16 08:38:54 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-16 08:38:53 ----A---- C:\Windows\system32\occache.dll
2009-04-16 08:38:53 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-16 08:38:53 ----A---- C:\Windows\system32\ieencode.dll
2009-04-16 08:38:53 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-16 08:38:52 ----A---- C:\Windows\system32\mstime.dll
2009-04-16 08:38:52 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-07 11:27:10 ----D---- C:\Program Files\MSECache
2009-04-06 10:16:20 ----D---- C:\ProgramData\zvprt50
2009-04-06 10:11:55 ----D---- C:\hp_LJM2727_full_solution_AM_EMEA1
======List of files/folders modified in the last 2 months======
2009-05-19 10:04:57 ----D---- C:\Windows\Temp
2009-05-19 10:03:49 ----HD---- C:\ProgramData
2009-05-19 10:03:49 ----D---- C:\Windows\system32\drivers
2009-05-19 10:03:49 ----D---- C:\Windows\Prefetch
2009-05-19 09:59:45 ----RD---- C:\Program Files
2009-05-19 09:54:02 ----SHD---- C:\Windows\Installer
2009-05-19 09:54:02 ----HD---- C:\Config.Msi
2009-05-19 09:54:02 ----A---- C:\Windows\ODBC.INI
2009-05-19 09:36:15 ----D---- C:\ProgramData\Adobe
2009-05-19 09:36:13 ----D---- C:\Program Files\Common Files\Adobe
2009-05-19 09:36:04 ----D---- C:\Windows\System32
2009-05-19 09:29:02 ----D---- C:\Windows\inf
2009-05-19 09:29:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-19 09:24:35 ----D---- C:\Windows
2009-05-19 08:37:17 ----SHD---- C:\$Recycle.Bin
2009-05-19 08:36:47 ----RD---- C:\Users
2009-05-18 15:24:12 ----D---- C:\Windows\winsxs
2009-05-18 15:23:45 ----D---- C:\Windows\system32\catroot
2009-05-18 15:23:39 ----D---- C:\Program Files\Common Files\microsoft shared
2009-05-18 15:23:19 ----D---- C:\Program Files\Windows Live
2009-05-18 15:21:40 ----D---- C:\Program Files\Common Files
2009-05-18 15:21:39 ----SD---- C:\ProgramData\Microsoft
2009-05-14 08:42:02 ----D---- C:\Program Files\Windows Mail
2009-05-07 02:16:29 ----A---- C:\Windows\system32\mrt.exe
2009-04-29 17:17:07 ----D---- C:\Windows\system32\catroot2
2009-04-17 10:21:32 ----SD---- C:\Windows\Downloaded Program Files
2009-04-17 10:21:10 ----A---- C:\Windows\system32\deploytk.dll
2009-04-17 09:10:35 ----D---- C:\Windows\system32\wbem
2009-04-17 09:10:32 ----D---- C:\Windows\system32\manifeststore
2009-04-17 09:10:32 ----D---- C:\Windows\AppPatch
2009-04-17 09:10:32 ----D---- C:\Program Files\Internet Explorer
2009-04-17 08:51:56 ----A---- C:\Windows\win.ini
2009-04-17 08:50:49 ----SHD---- C:\System Volume Information
2009-04-07 11:27:29 ----D---- C:\Program Files\Microsoft Office
2009-04-06 10:16:31 ----RSD---- C:\Windows\assembly
2009-04-06 10:16:30 ----D---- C:\Program Files\HP
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-20 350720]
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-04-30 1042464]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-04-30 7928864]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-04-30 13312]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr61.sys [2006-12-13 286208]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-20 9216]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-03-13 19200]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-20 523776]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-04 267824]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-20 917504]
-----------------EOF-----------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)