Solved Enterprise Suite - Ran MalwareBytes 1.45 - Problem continues

Hi broni

Minor annoyance ...
After bootup, "Search Enhancement Pack" folder view is displayed. This is a MS Live feature that has been misbehaving per Google/Bing searches for numerous folks (yes, Windows Live Messenger is set to auto-load).
The fix involves the following via Start / run ...
msiexec /x {8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
I have validated above is correct Product Code via regedit via path
HKEY_LOCAL_MACHINE - SOFTWARE - Microsoft - Search Enhancement Pack - Choice Guard
But when I execute above get "Using a feature on a unavailable network path "
The path it's using "C:\Program Files\CommonFiles\Windows Live\cache\xxxxxxxxxxx\

The path in regedit when I looked up Product ID is the following ...
C:\Program Files\Microsoft\Search Enhancement Pack\Choice Guard

Both paths fail when used during uninstall attempts.

Again, I remind this Fixed computer has a USB/modem ISP connection, so I can NOT be on Internet during uninstall ...
Which MAY be required to uninstall this feature???

 

Sorry, tried that trick previously, does not work.
Later when I tried "Product ID" uninstall and failed, I restarted "Seaport" service hoping it needed to be active for uninstall to work ... but no such luck.

 

With Seaport service disabled
AND
Seaport.exe changed to Seaport.old - reboot
Issue continues.
MS sure makes it tough ... again this is a minor annoyance.
If you have more pressing issues, this is not a deal breaker.

Thanks
Dennis

 

No, Seaport is not in running processes.

In the same Search Enhancement Pack folder (parent folder), contains another folder containing CGuard.exe.
With Seaport service disable and Seaport.old I CHANGED CGuard.exe to CGuard.old - problem continues

 

Post 18 contains a OTL Quick Scan Report with CGguard.exe, Seaport.exe and service allowed.
Would you like this next OTL Quick Scan Report to reflect ...
Seaport service disabled.
Seaport.OLD
CGuard.OLD

 

Understood ... would you like this next OTL full scan (including copy/paste input stated in post 14) to reflect file status ...
Seaport service disabled.
Seaport.OLD
CGuard.OLD

 

Previous file changes are included in current status ........
Seaport service disabled.
Seaport.OLD
CGuard.OLD

Then the following was done ...

OTL log ....

OTL logfile created on: 4/18/2010 4:54:58 PM - Run 3
OTL by OldTimer - Version 3.2.1.1 Folder = E:\ShellyFixes - FLASH DRIVE
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 210.00 Mb Available Physical Memory | 55.00% Memory free
924.00 Mb Paging File | 751.00 Mb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 19.95 Gb Free Space | 52.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.83 Gb Total Space | 1.26 Gb Free Space | 68.77% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHELLE-XJH2AW
Current User Name: Michelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/17 01:35:58 | 000,561,664 | ---- | M] (OldTimer Tools) -- E:\ShellyFixes - FLASH DRIVE\OTL.exe
PRC - [2008/11/26 11:18:51 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/11/26 11:18:46 | 000,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/11/26 11:12:08 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/25 13:20:09 | 000,036,864 | ---- | M] (Lexmark) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
PRC - [2001/10/18 13:25:18 | 000,040,960 | ---- | M] (Jetsoft Development Company) -- C:\Program Files\LexmarkX83\ACMonitor_X83.exe
PRC - [2001/06/14 15:42:26 | 000,053,248 | ---- | M] (Jetsoft Development Company) -- C:\Program Files\LexmarkX83\AcBtnMgr_X83.exe
PRC - [2000/08/08 15:00:00 | 000,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe


========== Modules (SafeList) ==========

MOD - [2010/04/17 01:35:58 | 000,561,664 | ---- | M] (OldTimer Tools) -- E:\ShellyFixes - FLASH DRIVE\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (SeaPort)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/11/26 11:18:46 | 000,155,160 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/11/26 11:18:32 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/11/26 11:16:23 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/11/26 11:12:08 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 CF 84 D5 1D CA CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/04/17 17:29:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Lexmark X83 Button Manager] C:\Program Files\LexmarkX83\AcBtnMgr_X83.exe (Jetsoft Development Company)
O4 - HKLM..\Run: [Lexmark X83 Button Monitor] C:\Program Files\LexmarkX83\ACMonitor_X83.exe (Jetsoft Development Company)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe File not found
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe (Lexmark)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1203803277936 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1203803205795 (MUWebControl Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://alyssamb50aly.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} http://messenger.zone.msn.com/binary/WoF.cab57176.cab (WheelofFortune Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.115.71.53 24.196.64.53 24.159.193.40
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/16 16:10:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/02/16 16:10:17 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Unable to start service SrService!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/18 02:42:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michelle\Recent
[2010/04/17 17:29:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/17 17:28:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/16 14:11:37 | 000,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/16 14:11:36 | 000,050,864 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/16 14:11:35 | 000,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/16 14:11:33 | 000,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2010/04/16 14:11:31 | 000,111,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/16 14:11:31 | 000,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/16 14:11:31 | 000,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/16 14:11:31 | 000,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/16 14:11:01 | 001,236,208 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/16 14:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/16 11:02:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/16 10:35:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/15 22:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\GMER Rootkit
[2010/04/15 21:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2010/04/15 11:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/15 10:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\Everything
[2010/04/14 23:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Malwarebytes
[2010/04/14 23:45:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/14 23:45:46 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/14 23:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/14 23:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/14 23:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\ProcessExplorer
[2010/04/14 23:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows-In-A-Box
[2010/04/14 23:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\AutoRuns
[2009/11/22 16:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Trend Micro
[2009/08/03 03:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/10/07 21:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/10/07 21:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/08/14 12:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/05/11 21:59:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/05/01 03:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/02/16 16:10:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/04/18 16:44:37 | 000,000,020 | ---- | M] () -- C:\WINDOWS\ACMonitor_X83.ini
[2010/04/18 16:44:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/18 16:44:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/18 16:44:12 | 401,686,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/18 16:43:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Michelle\ntuser.ini
[2010/04/18 16:43:29 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Michelle\ntuser.dat
[2010/04/18 16:43:24 | 004,294,870 | -H-- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\IconCache.db
[2010/04/18 16:38:38 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Shortcut to Search Enhancement Pack.lnk
[2010/04/18 16:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/18 02:44:06 | 000,005,514 | ---- | M] () -- C:\Documents and Settings\Michelle\My Documents\cc_20100418_024359.reg
[2010/04/17 17:29:08 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/04/17 00:59:56 | 000,000,270 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/16 14:11:31 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/15 11:57:26 | 000,186,322 | ---- | M] () -- C:\Documents and Settings\Michelle\My Documents\cc_20100415_115719.reg
[2010/04/14 23:45:52 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/14 22:11:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2100/04/01 20:22:34 | 000,000,194 | ---- | C] () -- C:\WINDOWS\X83_DS.ini
[2100/02/24 17:15:04 | 000,000,821 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2100/02/16 19:09:06 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.INI
[2010/04/18 16:38:38 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\Shortcut to Search Enhancement Pack.lnk
[2010/04/18 02:44:03 | 000,005,514 | ---- | C] () -- C:\Documents and Settings\Michelle\My Documents\cc_20100418_024359.reg
[2010/04/16 14:11:01 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/04/15 12:52:10 | 401,686,528 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/15 11:57:23 | 000,186,322 | ---- | C] () -- C:\Documents and Settings\Michelle\My Documents\cc_20100415_115719.reg
[2010/04/14 23:45:52 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/29 12:05:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/29 12:05:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/10/22 07:15:41 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Michelle\ntuser.dat
[2009/08/24 11:48:40 | 000,003,789 | ---- | C] () -- C:\Documents and Settings\Michelle\_GEAREXT.WO_IDENT.TXT
[2008/06/06 08:23:08 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/06/06 08:22:38 | 000,000,078 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2008/06/03 18:42:50 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Michelle\.recently-used.xbel
[2008/05/05 16:54:25 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/04/20 21:07:10 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\PFP120JPR.{PB
[2008/04/20 21:07:10 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\PFP120JCM.{PB
[2008/04/20 20:49:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FoneSync.INI
[2008/03/21 09:24:29 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2008/03/02 19:26:01 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/16 18:00:43 | 000,000,020 | ---- | C] () -- C:\WINDOWS\ACMonitor_X83.ini
[2008/02/16 17:59:46 | 000,004,672 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.DLL
[2008/02/16 16:34:48 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/02/16 16:21:42 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Michelle\ntuser.ini
[2008/02/16 16:21:41 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Michelle\ntuser.dat.LOG
[2001/10/25 13:20:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXASICO.DLL
[2001/10/25 13:20:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\LXASBCE.DLL
[2001/10/25 13:20:08 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/01/05 16:34:30 | 000,016,812 | ---- | C] () -- C:\WINDOWS\System32\lxas2kpm.dll
[2001/01/05 15:08:02 | 000,008,427 | ---- | C] () -- C:\WINDOWS\System32\lxas2kui.dll
[2000/10/24 12:08:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 12:08:33 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

========== LOP Check ==========

[2008/02/23 16:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008/02/23 15:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010/03/20 22:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/13 15:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/02/23 19:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\DataCast
[2008/02/23 15:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\F-Secure
[2010/03/20 21:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Facebook
[2008/06/03 18:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\gtk-2.0
[2009/01/22 17:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\LimeWire
[2009/11/08 15:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Smilebox
[2008/07/29 17:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Snapfish
[2010/04/18 16:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/02/23 18:10:25 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/25 14:41:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/02/23 18:10:25 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/03/25 14:41:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/02/23 18:10:25 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/25 14:41:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/02/23 18:10:25 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/03/25 14:41:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/02/16 07:58:08 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/02/16 07:58:08 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/02/16 07:58:08 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

 

Results for request - post 35

SystemLook.txt

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:50 on 18/04/2010 by Michelle (Administrator - Elevation successful)

========== reg ==========

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe "
"MsnMsgr "=" "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background "


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher "=" "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe "
"Lexmark X83 Button Manager "= "C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe "
"Lexmark X83 Button Monitor "= "C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe "
"Microsoft Works Portfolio "= "C:\Program Files\Microsoft Works\WksSb.exe /AllUsers "
"Microsoft Works Update Detection "= "C:\Program Files\Microsoft Works\WkDetect.exe "
"MSSE "=" "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide "
"PrinTray "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe "
"QuickTime Task "=" "C:\Program Files\QuickTime\qttask.exe" -atboottime "
"WorksFUD "= "C:\Program Files\Microsoft Works\wkfud.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]
(Unable to open key - key not found)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]
(No values found)


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
(No values found)


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]
(No values found)


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
(No values found)


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
(No values found)


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
(No values found)


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit]
(Unable to open key - key not found)

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout "= "15 "
"GDIProcessHandleQuota "= 0x0000002710 (10000)
"Spooler "= "yes "
"swapdisk "=" "
"TransmissionRetryTimeout "= "90 "
"USERProcessHandleQuota "= 0x0000002710 (10000)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"WPDShServiceObj "= "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
"{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "


-=End Of File=-

If we can not find anything, is it possible we need to be linked into Windows Live to get access/Live account ??
Not sure how "Cloud computing" manages user access to programs at a user level.

I will be away from computer until about 9:00 pm

Thanks broni
Later

 

Holding off on the Program Files\Microsoft\Search Enhancement Pack\SeaPort folder issue opening at boot / windows load.

One of her kids wants to wifi an iPod or similar device. Going through my old / dead computers looking for a NIC card I can install into fixed computer and get her off USB/modem, onto a router. I could just hang a wifi dongle on fixed computer, but this is only computer in house .... feel more comfortable having a wired connection.