My laptop got infected. I ran Malwarebytes (could only run in safe mode) Log Attached. I also ran Superantispyware (log attached) and SDFix. After running SDFix I was finally ableto log into computer out of Safe Mode, but could not open a browser. I am now in Safe mode with networking, but it is the only way I can use the net.
The following Highjack Log is from after running the earlier mentioned programs.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:33 AM, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\Marilyn\LOCALS~1\Temp\SSUPDATE.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.0\PEhelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://toolbar.imageshack.us
O15 - Trusted Zone: http://*.nwmls.com
O15 - Trusted Zone: http://*.rapmls.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://www.corestaf...ion/ScriptX.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.image...hackToolbar.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://lycosmail.lyc.../AttachMail.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.h.../qdiagh.cab?326
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
--
End of file - 6430 bytes
Malwarebytes Log...
Malwarebytes' Anti-Malware 1.31
Database version: 1483
Windows 5.1.2600 Service Pack 3
12/10/2008 4:18:28 PM
mbam-log-2008-12-10 (16-18-28).txt
Scan type: Quick Scan
Objects scanned: 81791
Time elapsed: 9 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 6
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 31
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{341bd909-3367-4307-b37d-fb1cc56387ad} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pandsf.Video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\pandsf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{341bd909-3367-4307-b37d-fb1cc56387ad} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vmware hptray (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\quicktime task (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\WebMediaViewer (Trojan.Zlob) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\WebMediaViewer\hpmun.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marilyn\Local Settings\Temp\qpgiqmsi3.exe (Zlob.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marilyn\Local Settings\Temp\qpgiqmsi4.exe (Rootkit.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\browseu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\hpmom.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\hpmon.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\hpmun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\myc.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\qttask.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\qttaskm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\qttasku.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\bolivar28.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\tcb.pmw (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Online Spyware Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marilyn\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marilyn\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marilyn\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Niko\Start Menu\Programs\Startup\Think-Adz.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marilyn\Favorites\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Niko\Start Menu\Programs\Startup\TA_Start.lnk (Malware.Trace) -> Quarantined and deleted successfully.
Superantispyware log...
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 12/10/2008 at 06:26 PM
Application Version : 4.21.1004
Core Rules Database Version : 3670
Trace Rules Database Version: 1649
Scan type : Complete Scan
Total Scan Time : 01:47:48
Memory items scanned : 202
Memory threats detected : 0
Registry items scanned : 7631
Registry threats detected : 1
File items scanned : 125421
File threats detected : 1
Rogue.WebMediaViewer
HKU\S-1-5-21-3462347659-133072600-4044861901-1006\Software\WebMediaViewer
Trojan.FakeAlert-YAO
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ELMNPLW.DLL.000
SDFix Log...
SDFix: Version 1.240
Run by Marilyn on Thu 12/11/2008 at 10:27 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\Marilyn\My Documents\Symantec\My Videos\My Video.url - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 10:49:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6EE2834431088934]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\Documents and Settings\Marilyn\6EE2834431088934\6EE2834431088934"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6EE2834431088934\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\6EE2834431088934]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\Documents and Settings\Marilyn\6EE2834431088934\6EE2834431088934"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\6EE2834431088934\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1154755108\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1154755108\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1154755108\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1154755108\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\1155617073\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1155617073\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1155617073\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1155617073\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary"
"%windir%\\system32\\tcpip.exe"="%windir%\\system32\\tcpip.exe:*:Enabled:TCP and UDP Support"
"C:\\Program Files\\Common Files\\AOL\\1162526536\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1162526536\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1162526536\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1162526536\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\BitZip\\bitzip.exe"="C:\\Program Files\\BitZip\\bitzip.exe:*:Enabled:bitzip"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Wyzo\\wyzo.exe"="C:\\Program Files\\Wyzo\\wyzo.exe:*:Disabled:Wyzo"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 7 Oct 2008 6,108,728 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 15 Jul 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 7 Jul 2006 319 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti45.tmp"
Mon 30 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Mon 6 Feb 2006 24,064 A..H. --- "C:\Documents and Settings\Marilyn\My Documents\My Documents\Work Documents\~WRL3473.tmp"
Tue 19 Oct 2004 38,912 A..H. --- "C:\Documents and Settings\Marilyn\My Documents\My Documents\MAD School\HUM100\~WRL0001.tmp"
Sun 24 Oct 2004 38,912 A..H. --- "C:\Documents and Settings\Marilyn\My Documents\My Documents\MAD School\HUM100\~WRL0003.tmp"
Sun 24 Oct 2004 38,912 A..H. --- "C:\Documents and Settings\Marilyn\My Documents\My Documents\MAD School\HUM100\~WRL3397.tmp"
Mon 17 Oct 2005 22,528 A..H. --- "C:\Documents and Settings\Marilyn\My Documents\My Documents\MAD School\psy200\~WRL0004.tmp"
Wed 19 Oct 2005 29,696 A..H. --- "C:\Documents and Settings\Marilyn\My Documents\My Documents\MAD School\psy200\~WRL2009.tmp"
Wed 19 Oct 2005 30,720 A..H. --- "C:\Documents and Settings\Marilyn\My Documents\My Documents\MAD School\psy200\~WRL3534.tmp"
Mon 17 Oct 2005 27,648 A..H. --- "C:\Documents and Settings\Marilyn\My Documents\My Documents\MAD School\psy200\~WRL3917.tmp"
Sat 15 Jul 2006 4,348 A..H. --- "C:\Documents and Settings\Chris\My Documents\My Pictures\My Music\iTunes\License Backup\drmv1key.bak"
Mon 17 Jul 2006 20 A..H. --- "C:\Documents and Settings\Chris\My Documents\My Pictures\My Music\iTunes\License Backup\drmv1lic.bak"
Sat 15 Jul 2006 488 A.SH. --- "C:\Documents and Settings\Chris\My Documents\My Pictures\My Music\iTunes\License Backup\drmv2key.bak"
Mon 18 Sep 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Finished!
Thank you in advance for your help!
EstherM
Edited by EstherM, 11 December 2008 - 06:51 PM.