Thread: [Resolved] Having problems with search redirecting
View Single Post
  #8 (permalink)  
Old 10-07-2009, 09:32 PM
robert39n robert39n is offline
Junior Member
New Recruit
  
Join Date: Sep 2008
Posts: 48
robert39n Is a beginner here at D-A-L
re: [Resolved] Having problems with search redirecting
ok i ran the CFScript in combofix hereis combos new log
ComboFix 09-07-09.08 - DAD 07/10/2009 16:08.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.813 [GMT -4:00]
Running from: c:\documents and settings\DAD\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\DAD\Desktop\CFScript.txt
AV: Charter Security Suite 8.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 8.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

FILE ::
"c:\program files\mozilla firefox\components\hspnlgtgsbkm.dll"
"c:\windows\enlw7870.exe"
"c:\windows\vhtp71375.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\mozilla firefox\components\hspnlgtgsbkm.dll
c:\windows\enlw7870.exe
c:\windows\vhtp71375.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-10 02:08 . 2009-07-10 02:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-08 15:49 . 2009-07-08 15:49 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-08 01:47 . 2004-08-18 01:34 442368 ----a-w- c:\windows\system32\vp6vfw.dll
2009-06-29 15:27 . 2009-06-29 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-10 17:12 . 2008-08-13 19:52 26 ----a-w- c:\windows\popcinfo.dat
2009-07-10 16:15 . 2008-08-10 20:46 -------- d-----w- c:\program files\Java
2009-07-10 15:19 . 2008-09-06 20:18 -------- d-----w- c:\program files\Charter High-Speed Security Suite
2009-07-09 00:51 . 2008-08-10 00:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-09 00:30 . 2008-09-10 18:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-09 00:21 . 2008-09-10 23:49 -------- d-----w- c:\docume~1\DAD\APPLIC~1\FrostWire
2009-07-08 15:50 . 2009-03-31 15:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-08 12:14 . 2009-02-14 19:07 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-06-29 15:45 . 2008-08-02 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-17 15:27 . 2009-03-31 15:56 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-03-31 15:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 21:57 . 2009-06-03 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ThumbnailCache4R
2009-05-30 14:31 . 2008-11-15 03:22 -------- d-----w- c:\docume~1\DAD\APPLIC~1\Yahoo!
2009-05-30 14:08 . 2008-08-02 04:22 -------- d-----w- c:\program files\Yahoo!
2009-05-30 01:26 . 2009-05-30 01:26 262144 ----a-w- C:\ntuser.dat
2009-05-26 20:21 . 2008-08-09 20:59 -------- d-----w- c:\program files\FrostWire
2009-05-21 15:33 . 2008-12-09 15:24 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-07 15:32 . 2008-08-03 20:36 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2006-06-23 18:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2009-03-23 21:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2008-08-03 20:36 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-10_15.17.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-10 17:42 . 2009-07-10 17:42 16384 c:\windows\temp\Perflib_Perfdata_514.dat
+ 2009-07-10 16:22 . 2009-07-10 16:22 16384 c:\windows\temp\Perflib_Perfdata_240.dat
- 1980-01-01 07:00 . 2009-04-18 12:46 64250 c:\windows\system32\perfc009.dat
+ 1980-01-01 07:00 . 2009-07-10 15:20 64250 c:\windows\system32\perfc009.dat
+ 2007-08-14 01:39 . 2007-08-13 22:39 13312 c:\windows\system32\ieudinit.exe
+ 1980-01-01 07:00 . 2009-07-10 15:20 404350 c:\windows\system32\perfh009.dat
- 1980-01-01 07:00 . 2009-04-18 12:46 404350 c:\windows\system32\perfh009.dat
+ 2009-07-10 16:16 . 2009-05-21 15:34 148888 c:\windows\system32\javaws.exe
- 2009-04-12 01:48 . 2009-03-09 09:19 148888 c:\windows\system32\javaws.exe
- 2009-04-12 01:48 . 2009-03-09 09:19 144792 c:\windows\system32\javaw.exe
+ 2009-07-10 16:16 . 2009-05-21 15:34 144792 c:\windows\system32\javaw.exe
+ 2009-07-10 16:16 . 2009-05-21 15:34 144792 c:\windows\system32\java.exe
- 2009-04-12 01:48 . 2009-03-09 09:19 144792 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-03-24 1488112]
"Google Update"="c:\documents and settings\DAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-30 133104]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-11 114688]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2002-10-16 1622016]
"UC_Start"="c:\ibmtools\Updater\ucstartup.exe" [2003-03-17 32768]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-05-05 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-12 86016]
"F-Secure TNB"="c:\program files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" [2008-09-23 957024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"BluetoothAuthenticationAgent"="irprops.cpl" - c:\windows\system32\irprops.cpl [2008-04-14 380416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\DAD\Start Menu\Programs\Startup\
My On Target Forecast - Desktop.lnk - c:\program files\My On Target Forecast - Desktop\liveonline_2803147.exe [2008-9-14 450560]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-05 16:18 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe"
"lxdpamon"="c:\program files\Lexmark Z2300 Series\lxdpamon.exe"
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe"
"F-Secure Manager"="c:\program files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2/14/2009 3:07 PM 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2/14/2009 2:56 PM 79904]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys [2/14/2009 2:56 PM 66720]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 3:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 3:07 PM 55024]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpco ms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys [2/14/2009 2:55 PM 99960]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe [2/14/2009 2:56 PM 55904]
S0 pxark;pxark;c:\windows\system32\drivers\pxark.sys --> c:\windows\system32\drivers\pxark.sys [?]
S2 CSIScanner;CSIScanner;"c:\program files\PrevxCSI\prevxcsi.exe" /service --> c:\program files\PrevxCSI\prevxcsi.exe [?]
S3 EraserUtilDrv10820;EraserUtilDrv10820;\??\c:\progr am files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10820.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10820.sys [?]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 3:07 PM 7408]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter High-Speed Security Suite\Anti-Virus\win2k\fsfilter.sys [2/14/2009 2:55 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter High-Speed Security Suite\Anti-Virus\win2k\fsrec.sys [2/14/2009 2:55 PM 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-461431683-1972036021-255455817-1007Core.job
- c:\documents and settings\DAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-30 16:13]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-461431683-1972036021-255455817-1007UA.job
- c:\documents and settings\DAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-30 16:13]

2009-07-10 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\CHARTE~1\ANTI-V~1\fsav.exe [2009-02-14 13:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo!
LSP: c:\program files\Charter High-Speed Security Suite\FSPS\program\fslsp.dll
FF - ProfilePath - c:\docume~1\DAD\APPLIC~1\Mozilla\Firefox\Profiles\ bkjsbhte.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\DAD\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
 FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-10 16:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(688)
c:\program files\Charter High-Speed Security Suite\FSPS\program\fslsp.dll
.
Completion time: 2009-07-10 16:17
ComboFix-quarantined-files.txt 2009-07-10 20:16
ComboFix2.txt 2009-07-10 15:30

Pre-Run: 58,474,504,192 bytes free
Post-Run: 58,487,967,744 bytes free

179 --- E O F --- 2009-07-10 14:24
And here is the new HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:09 PM, on 7/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\My On Target Forecast - Desktop\liveonline_2803147.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\lxdpcoms.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - S-1-5-18 Startup: My On Target Forecast - Desktop.lnk = C:\Program Files\My On Target Forecast - Desktop\liveonline_2803147.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: My On Target Forecast - Desktop.lnk = C:\Program Files\My On Target Forecast - Desktop\liveonline_2803147.exe (User 'Default user')
O4 - Startup: My On Target Forecast - Desktop.lnk = C:\Program Files\My On Target Forecast - Desktop\liveonline_2803147.exe
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%20Twist/Images/stg_drm.ocx
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/a...tent/AcpIR.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1217634334982
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%20Twist/Images/armhelper.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\PrevxCSI\prevxcsi.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdp_device - - C:\WINDOWS\system32\lxdpcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe

--
End of file - 8871 bytes And Thank You again For your help
Reply With Quote