D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O15 - Trusted Zone: *.intuit.com
O15 - Trusted IP range: http://192.168.1.114
O15 - Trusted IP range: http://192.168.1.111
O15 - Trusted IP range: http://192.168.1.115
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O8 - Extra context menu item: &Search - ?p=ZNfox000>>> SmileyCentralPFSetup2.3.50.19
File Behavior
SMILEYCENTRALPFSETUP2.3.50.22.ZNFOX000.EXE has been seen to perform the following behavior:
* This process creates other processes on disk
* Executes Processes stored in Temporary Folders
* This Process Deletes Other Processes From Disk
* Executes a Process
SMILEYCENTRALPFSETUP2.3.50.22.ZNFOX000.EXE has been the subject of the following behavior:
* Executed as a Process
* Created as a process on disk
* Deleted as a process from disk
* Has code inserted into its Virtual Memory space by other programs
* Executed by Internet Explorer[/B]
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe>> The F2 entry will only show in HijackThis if something unknown is found. This does not necessarily mean it is bad, but in most cases, it will be malware.
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Windows Home Server.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
3. None of the scans can be relied on to be accurate because you are running 2 Real Time Protection programs: TeaTimer and Spysweeper.
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - (no file)
O4 - HKLM\..\Run: [Ptipbmf] "C:\WINDOWS\system32\rundll32.exe" ptipbmf.dll,SetWriteCacheMode
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Windows Home Server.lnk = ?
O23 - Service: wnvirq32 Service (Wnvirq32Service) - Unknown owner - C:\WINDOWS\system32\wnvirq32.exe (file missing)