Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Getting redirected clicking Google links in Firefox

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Getting redirected clicking Google links in Firefox

Unread postby bert4289 » November 19th, 2009, 4:04 pm

Have run all the major free malware programs to no avail (Spybot, SuperAntiSpyware, MalwareBytes). Here's HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:26 PM, on 11/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=4Er ... ZE4tcfE7ro
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 winsecure2009.microsoft.com
O1 - Hosts: 91.212.127.227 winsecure2009.com
O1 - Hosts: 91.212.127.227 www.winsecure2009.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c1/v1 ... boax10.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14425 bytes
bert4289
Active Member
 
Posts: 14
Joined: November 19th, 2009, 3:57 pm
Advertisement
Register to Remove

Re: Getting redirected clicking Google links in Firefox

Unread postby Cypher » November 22nd, 2009, 1:55 pm

Hi, Welcome to the Malware Removal forum.
My name is Cypher, and I will be helping you with your malware problems.
Before we begin...please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.
  • I am currently reviewing your log, and will return as soon as possible with your next set of instructions.


In the meantime Please post an Uninstall list.

  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.

In your next reply.

1. Uninstall list.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Getting redirected clicking Google links in Firefox

Unread postby bert4289 » November 22nd, 2009, 2:11 pm

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Actiontec Gateway
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 7.0
AI RoboForm (All Users)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 2 Revolution
Bonjour
Broadcom 802.11 Network Adapter
Brother HL-2070N
Conference Player
Corel VideoStudio 12
Diner Dash
DivX Web Player
Drivers Install For Linksys Easylink Advisor
DVD Solution
FATE
Gateway Drivers and Applications Recovery
Gateway Game Console
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
iTunes
J2SE Runtime Environment 5.0 Update 2
Linksys EasyLink Advisor 1.6 (0032)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Uninstall Wizard
McAfee Virtual Technician
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Napster Burn Engine
PC Inspector File Recovery
Penguins!
PokerStars
Polar Bowler
Polar Golfer
Power2Go 4.0
PowerDVD
QuickConnect
Quicken 2003 Deluxe
QuickTime
RealPlayer Basic
REALTEK RTL8187 Wireless LAN Driver and Utility
Safari
SCRABBLE
ScreenPrint32 v3.5
ScreenPrint32 v3.5 (C:\Program Files\ScreenPrint32 v3\)
Seagate Manager Installer
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SigmaTel Audio
Skype™ 4.0
SmartSound Quicktracks Plugin
Sonic Encoders
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Tradewinds
Unix Utilities for Yahoo! Widgets
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB914548
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Install Manager
Yahoo! Widgets
bert4289
Active Member
 
Posts: 14
Joined: November 19th, 2009, 3:57 pm

Re: Getting redirected clicking Google links in Firefox

Unread postby bert4289 » November 22nd, 2009, 8:51 pm

Hello Cypher,

Is that the information you required?
bert4289
Active Member
 
Posts: 14
Joined: November 19th, 2009, 3:57 pm

Re: Getting redirected clicking Google links in Firefox

Unread postby Cypher » November 23rd, 2009, 6:50 am

Hi bert4289.
Yes that is the correct information :)
The forum is really busy, but be assured i will get back to you as soon as possible with your next set of instructions.
Thank you for your patience.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Getting redirected clicking Google links in Firefox

Unread postby Cypher » November 25th, 2009, 7:18 am

Hi bert4289.
Sorry for the delay but lets get started,

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Next.


Please Download SysProt Antirootkit From one of the links below.

Link 1
Link 2
Link 3

Unzip it into a folder on your desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select all items.
    See images below.

    Image

    And check Hidden objects only
    Image
  • At the bottom of the window.Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

In your next reply.

  • RSIT log.txt file.
  • RSIT info.txt file.
  • Sysprot log.
  • Please let me know how your computer is performing now.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Getting redirected clicking Google links in Firefox

Unread postby bert4289 » November 25th, 2009, 8:08 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-11-25 05:05:31
Microsoft Windows XP Professional Service Pack 3
System drive C: has 84 GB (58%) free of 146 GB
Total RAM: 1918 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:02 AM, on 11/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\ehome\ehtray.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\WLTRAY.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Documents and Settings\Owner.TimmyB\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=4Er ... ZE4tcfE7ro
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 winsecure2009.microsoft.com
O1 - Hosts: 91.212.127.227 winsecure2009.com
O1 - Hosts: 91.212.127.227 www.winsecure2009.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c1/v1 ... boax10.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14837 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-03-11 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-10-31 5976904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-24 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-12 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-24 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-10-31 5976904]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-24 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-11-01 169984]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-05 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-11-05 688218]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-12-27 413696]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-05-23 573440]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-11-11 1236992]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"UVS12 Preload"=C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe [2008-06-09 397456]
"MaxMenuMgr"=C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2008-10-28 181544]
"ScreenPrint32"=C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe [2003-05-15 446464]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"=NA []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-17 68856]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2009-10-31 160592]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Billminder.lnk - C:\Program Files\Quicken\billmind.exe
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe
Quicken Startup.lnk - C:\Program Files\Quicken\QWDLLS.EXE
REALTEK RTL8187 Wireless LAN Utility.lnk - C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe

C:\Documents and Settings\Owner.TimmyB\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-04-04 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1162421530\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1162421530\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-11-25 05:05:31 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 05:05:31 ----D---- C:\rsit
2009-11-25 05:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-25 05:03:47 ----D---- C:\WINDOWS\LastGood
2009-11-25 05:02:28 ----SHD---- C:\Config.Msi
2009-11-24 14:14:26 ----A---- C:\WINDOWS\system32\SET67.tmp
2009-11-19 12:46:54 ----D---- C:\Program Files\Trend Micro
2009-11-18 05:04:25 ----D---- C:\Documents and Settings\Owner.TimmyB\Application Data\Mozilla
2009-11-13 09:48:20 ----A---- C:\WINDOWS\wininit.ini
2009-11-13 08:51:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-13 08:51:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-13 08:08:59 ----D---- C:\WINDOWS\ie8updates
2009-11-13 08:04:19 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-11-12 03:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-09 09:32:25 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

======List of files/folders modified in the last 1 months======

2009-11-25 05:05:43 ----D---- C:\WINDOWS\Prefetch
2009-11-25 05:05:34 ----D---- C:\WINDOWS
2009-11-25 05:05:33 ----D---- C:\WINDOWS\Temp
2009-11-25 05:05:33 ----D---- C:\WINDOWS\system32
2009-11-25 05:05:30 ----HD---- C:\WINDOWS\inf
2009-11-25 05:05:28 ----SHD---- C:\WINDOWS\Installer
2009-11-25 05:05:16 ----A---- C:\WINDOWS\imsins.BAK
2009-11-25 05:05:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-25 05:03:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-25 05:03:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-25 05:02:48 ----D---- C:\WINDOWS\WinSxS
2009-11-25 04:59:14 ----D---- C:\Program Files\Mozilla Firefox
2009-11-25 04:59:11 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt
2009-11-25 04:57:27 ----D---- C:\WINDOWS\Registration
2009-11-24 23:17:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-24 14:20:12 ----A---- C:\WINDOWS\qwimp.ini
2009-11-24 14:09:49 ----A---- C:\WINDOWS\QUICKEN.INI
2009-11-19 13:33:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-11-19 13:32:18 ----D---- C:\cabs
2009-11-19 12:46:54 ----D---- C:\Program Files
2009-11-19 12:10:31 ----D---- C:\Program Files\McAfee
2009-11-19 07:58:42 ----D---- C:\WINDOWS\system32\drivers
2009-11-18 05:51:23 ----D---- C:\WINDOWS\system32\en-us
2009-11-18 05:51:21 ----D---- C:\WINDOWS\Media
2009-11-18 05:51:21 ----D---- C:\WINDOWS\Help
2009-11-18 05:51:21 ----D---- C:\Program Files\Internet Explorer
2009-11-18 05:05:56 ----D---- C:\Documents and Settings\Owner.TimmyB\Application Data\Move Networks
2009-11-18 05:03:33 ----D---- C:\Downloads
2009-11-16 19:30:40 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-11-13 11:57:48 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-11-13 11:57:44 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2009-11-13 11:57:38 ----D---- C:\Program Files\Common Files
2009-11-13 11:57:27 ----RSD---- C:\WINDOWS\Fonts
2009-11-13 11:51:54 ----D---- C:\Program Files\Common Files\Research In Motion
2009-11-13 11:26:34 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2009-11-09 13:42:14 ----D---- C:\Program Files\SUPERAntiSpyware
2009-11-09 13:42:11 ----D---- C:\Documents and Settings\Owner.TimmyB\Application Data\SUPERAntiSpyware.com
2009-11-09 13:41:24 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-09 10:43:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-09 09:19:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-05 10:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-03 21:01:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-28 08:07:15 ----N---- C:\WINDOWS\system32\tzchange.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-02-02 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-02-02 9464]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-11-01 21035]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-11-01 8552]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-04 1536000]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-05-23 893952]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-06-15 1179784]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-05 185824]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-21 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-05-23 245248]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-04-04 405504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-04-10 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-11-01 172032]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2008-06-09 53392]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-11-11 18944]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
bert4289
Active Member
 
Posts: 14
Joined: November 19th, 2009, 3:57 pm

Re: Getting redirected clicking Google links in Firefox

Unread postby bert4289 » November 25th, 2009, 8:10 am

info.txt logfile of random's system information tool 1.06 2009-11-25 05:06:04

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Actiontec Gateway-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0x9
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->MsiExec.exe /X{9455959E-D588-EFAE-329C-F66CC797F32A}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{01C0CB1D-FF49-43F1-ADC5-65F05DB7BDD1}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bejeweled 2 Deluxe-->"C:\Program Files\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"
Blackhawk Striker 2-->"C:\Program Files\Gateway Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 2 Revolution-->"C:\Program Files\Gateway Games\Blasterball 2 Revolution\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom 802.11 Network Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter"
Brother HL-2070N-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FCFC70A-20CA-4372-961F-D7B2D1CCA9B4}\SETUP.exe" -l0x9 -removeonly /uninst
Conference Player-->MsiExec.exe /X{A7E4DFA1-0B3D-4674-9A13-D8BF50C539EF}
Corel VideoStudio 12-->C:\Program Files\InstallShield Installation Information\{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}\setup.exe -runfromtemp -l0x0409
Diner Dash-->"C:\Program Files\Gateway Games\Diner Dash\Uninstall.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
DVD Solution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
FATE-->"C:\Program Files\Gateway Games\FATE\Uninstall.exe"
Gateway Drivers and Applications Recovery-->C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
Gateway Game Console-->"C:\Program Files\WildTangent\Apps\Gateway Game Console\Uninstall.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
gtw_logo-->C:\WINDOWS\system32\gtw_logo.scr /UNINSTALL "C:\WINDOWS\system32\gtw_logo.log"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Linksys EasyLink Advisor 1.6 (0032)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Uninstall Wizard-->C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
McAfee Virtual Technician-->MsiExec.exe /I{FCC07EEA-FA18-4A21-9105-9666603C6885}
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Digital Image Starter Edition 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Publisher 2002-->MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56coin.dll,SM56UnInstaller
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
Penguins!-->"C:\Program Files\Gateway Games\Penguins!\Uninstall.exe"
PokerStars-->C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
Polar Bowler-->"C:\Program Files\Gateway Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files\Gateway Games\Polar Golfer\Uninstall.exe"
Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickConnect-->C:\Program Files\InstallShield Installation Information\{4998FF95-709A-430A-B104-92A009ABB848}\setup.exe -runfromtemp -l0x0009 -removeonly
Quicken 2003 Deluxe-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2D974D26-BA8F-4A0B-B7EE-3F563AF79746} anything
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
REALTEK RTL8187 Wireless LAN Driver and Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1DDE912-03B9-4C1C-A7EB-C60693820E18}\Setup.exe" -l0x9 REMOVE
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
SCRABBLE-->"C:\Program Files\Gateway Games\SCRABBLE\Uninstall.exe"
ScreenPrint32 v3.5 (C:\Program Files\ScreenPrint32 v3\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\ScreenPrint32 v3\ST6UNST.000"
ScreenPrint32 v3.5-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\ScreenPrint32 v3\ST6UNST.LOG"
Seagate Manager Installer-->"C:\Program Files\InstallShield Installation Information\{71883667-71F2-48A1-AB72-28D518D8AC4A}\setup.exe" -runfromtemp -l0x0409 -removeonly
Seagate Manager Installer-->MsiExec.exe /X{71883667-71F2-48A1-AB72-28D518D8AC4A}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 Series (KB969878)-->"C:\WINDOWS\$NtUninstallKB969878_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
Tradewinds-->"C:\Program Files\Gateway Games\Tradewinds\Uninstall.exe"
Unix Utilities for Yahoo! Widgets-->C:\Program Files\Yahoo!\Yahoo! Widget Engine\UnixUtils\uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLCII\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Media Center Edition 2005 KB914548-->"C:\WINDOWS\$NtUninstallKB914548$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\YAHOO!~1\uninstall.exe

======Hosts File======

127.0.0.1 localhost
::1 localhost
91.212.127.227 winsecure2009.microsoft.com
91.212.127.227 winsecure2009.com
91.212.127.227 www.winsecure2009.com

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: TIMMYB
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

Record Number: 39957
Source Name: Service Control Manager
Time Written: 20091113061359.000000-420
Event Type: error
User:

Computer Name: TIMMYB
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Record Number: 39955
Source Name: Ftdisk
Time Written: 20091113061314.000000-420
Event Type: error
User:

Computer Name: TIMMYB
Event Code: 45
Message: The system could not sucessfully load the crash dump driver.

Record Number: 39954
Source Name: Ftdisk
Time Written: 20091113061314.000000-420
Event Type: error
User:

Computer Name: TIMMYB
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office XP (KB974811).

Record Number: 39942
Source Name: Windows Update Agent
Time Written: 20091113040824.000000-420
Event Type: error
User:

Computer Name: TIMMYB
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office XP (KB974556).

Record Number: 39940
Source Name: Windows Update Agent
Time Written: 20091113040645.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: TIMMYB
Event Code: 1041
Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 11859
Source Name: Userenv
Time Written: 20090924165632.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: TIMMYB
Event Code: 1041
Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 11858
Source Name: Userenv
Time Written: 20090924165632.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: TIMMYB
Event Code: 1041
Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 11857
Source Name: Userenv
Time Written: 20090924165632.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: TIMMYB
Event Code: 1041
Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 11854
Source Name: Userenv
Time Written: 20090924071612.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: TIMMYB
Event Code: 1041
Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 11853
Source Name: Userenv
Time Written: 20090924071612.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4802
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------
bert4289
Active Member
 
Posts: 14
Joined: November 19th, 2009, 3:57 pm

Re: Getting redirected clicking Google links in Firefox

Unread postby bert4289 » November 25th, 2009, 8:25 am

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwYieldExecution
At Address: 80504AE8
Jump To: B117C7B8
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwUnmapViewOfSection
At Address: 805B2E12
Jump To: B117C7E4
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwUnloadKey
At Address: 80622062
Jump To: B117C8E9
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwTerminateProcess
At Address: 805D29AC
Jump To: B117C7FD
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwSetValueKey
At Address: 80621D38
Jump To: B117C87B
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwSetInformationProcess
At Address: 805CDE54
Jump To: B117C766
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwSetContextThread
At Address: 805D1704
Jump To: B117C77A
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwRestoreKey
At Address: 8062516A
Jump To: B117C913
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwReplaceKey
At Address: 8062585E
Jump To: B117C927
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwRenameKey
At Address: 806231D4
Jump To: B117C84F
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwQueryValueKey
At Address: 806219EA
Jump To: B117C891
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwQueryMultipleValueKey
At Address: 80622900
Jump To: B117C8A7
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwQueryKey
At Address: 80624EAA
Jump To: B117C93B
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwProtectVirtualMemory
At Address: 805B83E8
Jump To: B117C7A2
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenThread
At Address: 805CB696
Jump To: B117C728
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenProcess
At Address: 805CB40A
Jump To: B117C714
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenKey
At Address: 80624B84
Jump To: B117C811
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwNotifyChangeKey
At Address: 80625978
Jump To: B117C8FF
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwMapViewOfSection
At Address: 805B2004
Jump To: B117C7CE
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwEnumerateValueKey
At Address: 8062425C
Jump To: B117C8BD
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwEnumerateKey
At Address: 80623FF2
Jump To: B117C8D3
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwDeleteValueKey
At Address: 80623E12
Jump To: B117C865
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwDeleteKey
At Address: 80623C42
Jump To: B117C839
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateProcessEx
At Address: 805D1144
Jump To: B117C750
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateProcess
At Address: 805D11FA
Jump To: B117C73C
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateKey
At Address: 806237B2
Jump To: B117C825
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateFile
At Address: 80579084
Jump To: B117C78E
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: PsCreateSystemThread
At Address: 805D1144
Jump To: B117C750
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: PsCreateSystemProcess
At Address: 805D11FA
Jump To: B117C73C
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: TIMMYB.HSD1.CO.COMCAST.NET.:1320
Remote Address: POP3.EMERYVILLE.CA.MAIL.COMCAST.NET:POP3
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: TIMMYB.HSD1.CO.COMCAST.NET.:1308
Remote Address: XML.WEATHER.COM:HTTP
Type: TCP
Process: C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
State: CLOSE_WAIT

Local Address: TIMMYB.HSD1.CO.COMCAST.NET.:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: TIMMYB:27015
Remote Address: LOCALHOST:1029
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: TIMMYB:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: TIMMYB:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: TIMMYB:4664
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
State: LISTENING

Local Address: TIMMYB:1321
Remote Address: LOCALHOST:1322
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: TIMMYB:1318
Remote Address: LOCALHOST:1319
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: TIMMYB:1069
Remote Address: LOCALHOST:1068
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: TIMMYB:1068
Remote Address: LOCALHOST:1069
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: TIMMYB:1063
Remote Address: LOCALHOST:1062
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: TIMMYB:1062
Remote Address: LOCALHOST:1063
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: TIMMYB:1055
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
State: LISTENING

Local Address: TIMMYB:1054
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
State: LISTENING

Local Address: TIMMYB:1029
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: TIMMYB:1026
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
State: LISTENING

Local Address: TIMMYB:6646
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
State: LISTENING

Local Address: TIMMYB:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: TIMMYB:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: TIMMYB.HSD1.CO.COMCAST.NET.:6646
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
State: NA

Local Address: TIMMYB.HSD1.CO.COMCAST.NET.:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: TIMMYB.HSD1.CO.COMCAST.NET.:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: TIMMYB.HSD1.CO.COMCAST.NET.:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: TIMMYB.HSD1.CO.COMCAST.NET.:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: TIMMYB.HSD1.CO.COMCAST.NET.:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: TIMMYB:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: TIMMYB:1046
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: TIMMYB:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: TIMMYB:59042
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: TIMMYB:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: TIMMYB:3776
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\ehome\mcrdsvc.exe
State: NA

Local Address: TIMMYB:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: TIMMYB:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: TIMMYB:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\67QRATCD\AccountOverview-inside;lang=en_US;acct=biz;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\67QRATCD\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\67QRATCD\BizPremAccountHistory-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\67QRATCD\BizPremAccountHistory-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\67QRATCD\ShopsLogout-outside;lang=en_US;acct=;resid=US;DC=F;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F14=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\67QRATCD\ShopsLogout-outside;lang=en_US;acct=;resid=US;DC=F;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F14=f;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\67QRATCD\ShopsLogout-outside;lang=en_US;acct=;resid=US;DC=F;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F14=f;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZ8761W3\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\AccountHistory-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\AccountOverview-inside;lang=en_US;acct=biz;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\AccountOverview-inside;lang=en_US;acct=biz;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\AccountOverview-inside;lang=en_US;acct=biz;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\AccountOverview-inside;lang=en_US;acct=biz;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\activity;src=1389373;met=1;v=1;pid=18584781;aid=138473442;ko=0;cid=22687581;rid=22705464;rv=1;&timestamp=1191795307171;eid1=2;ecn1=1;etm1=10;eid2=12;e
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\activity;src=1389373;met=1;v=1;pid=18584781;aid=138473442;ko=0;cid=22687581;rid=22705464;rv=1;&timestamp=1191795347171;eid1=2;ecn1=0;etm1=30;eid6=3;ec
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\BizPremAccountHistory-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\ShopsLogout-outside;lang=en_US;acct=;resid=US;DC=F;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F14=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CAPVNFBI\ShopsLogout-outside;lang=en_US;acct=;resid=US;DC=F;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F14=f;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CVMNYTU9\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CVMNYTU9\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\CVMNYTU9\WebAcceptSuccess-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYAXWEI7\AccountOverview-inside;lang=en_US;acct=biz;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYAXWEI7\AccountOverview-inside;lang=en_US;acct=biz;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYAXWEI7\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYAXWEI7\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYAXWEI7\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYAXWEI7\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYAXWEI7\BizPremAccountHistory-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\EYAXWEI7\ShopsLogout-outside;lang=en_US;acct=;resid=US;DC=F;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F14=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\I9CFIHOT\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\I9CFIHOT\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\JI0BZ5S1\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\JI0BZ5S1\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\JI0BZ5S1\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\JI0BZ5S1\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\JI0BZ5S1\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\JI0BZ5S1\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\JI0BZ5S1\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\JI0BZ5S1\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\JI0BZ5S1\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\JI0BZ5S1\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\JI0BZ5S1\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\JI0BZ5S1\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\JI0BZ5S1\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\JI0BZ5S1\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\JI0BZ5S1\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\JI0BZ5S1\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1KFSNWZ\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1KFSNWZ\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1KFSNWZ\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1KFSNWZ\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1KFSNWZ\BizPremAccountHistory-inside;lang=en_US;acct=biz;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5IRWXAN\AccountHistory-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5IRWXAN\AccountOverview-inside;lang=en_US;acct=biz;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5IRWXAN\AccountOverview-inside;lang=en_US;acct=biz;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5IRWXAN\AccountOverview-inside;lang=en_US;acct=biz;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5IRWXAN\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5IRWXAN\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5IRWXAN\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5IRWXAN\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5IRWXAN\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5IRWXAN\activity;src=1389373;met=1;v=1;pid=18584781;aid=138473442;ko=0;cid=22687581;rid=22705464;rv=1;&timestamp=1191795317171;eid1=2;ecn1=0;etm1=10;eid2=12;e
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5IRWXAN\ShopsLogout-outside;lang=en_US;acct=;resid=US;DC=F;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F14=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\MTDE72L0\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\MTDE72L0\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\MTDE72L0\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\MTDE72L0\ShopsLogout-outside;lang=en_US;acct=;resid=US;DC=F;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F14=f;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O1UNQJ05\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\BizPremAccountHistory-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5CT6F8X\ResolutionCenter-inside;lang=en_US;acct=prem;resid=US;PVDN=none;DC=T;bcapp=F;bcpre=F;ver=T;ebayS=T;ebayB=T;bcacc=F;pcpre=F;pcacc=F;F1=f;F2=f;F3=f;F4=f
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7BIDNLJ\AccountHistory-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7BIDNLJ\AccountHistory-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7BIDNLJ\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7BIDNLJ\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7BIDNLJ\ShopsLogout-outside;lang=en_US;acct=;resid=US;DC=F;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F14=f;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SRQRU1G9\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SRQRU1G9\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SRQRU1G9\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVRF2WXH\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVRF2WXH\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVRF2WXH\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVRF2WXH\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVRF2WXH\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVRF2WXH\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVRF2WXH\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVRF2WXH\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVRF2WXH\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVRF2WXH\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVRF2WXH\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVRF2WXH\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVRF2WXH\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVRF2WXH\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVRF2WXH\AccountOverview-inside;lang=en_US;acct=prem;resid=US;PVDN=none;DC=T;bcapp=F;bcpre=F;ver=T;ebayS=T;ebayB=T;bcacc=F;pcpre=F;pcacc=F;F1=f;F2=f;F3=f;F4=f;
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\T0H9592J\AccountHistory-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\T0H9592J\AccountOverview-inside;lang=en_US;acct=biz;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\T0H9592J\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\T0H9592J\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\T0H9592J\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\T0H9592J\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\T0H9592J\BizPremAccountHistory-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\T0H9592J\ShopsLogout-outside;lang=en_US;acct=;resid=US;DC=F;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F14=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\T0H9592J\ShopsLogout-outside;lang=en_US;acct=;resid=US;DC=F;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F14=f;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\UJMVO5Y9\AccountOverview-inside;lang=en_US;acct=biz;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\UJMVO5Y9\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\UJMVO5Y9\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\UJMVO5Y9\ShopsLogout-outside;lang=en_US;acct=;resid=US;DC=F;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F14=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\UJMVO5Y9\ShopsLogout-outside;lang=en_US;acct=;resid=US;DC=F;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F14=f;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\1221680938@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\1936051664@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\1985484309@Position1,Top,Top1,Right,Right1,Right2,Right3,Right4,Right5,Right6,Left,Left1,Left2,Left3,Bottom,Bottom1,Bottom2,BottomLeft,Middle,Middle1,
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\AccountHistory-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\AccountOverview-inside;lang=en_US;acct=prem;resid=US;PVDN=none;DC=T;bcapp=F;bcpre=F;ver=T;ebayS=T;ebayB=T;bcacc=F;pcpre=F;pcacc=F;F1=f;F2=f;F3=f;F4=f;
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ULOBQLU5\ist[2].subchixdump&border_color=%23EEEEEE&background_color=%23EEEEEE&title_color=%23000000&text_color=%23000000&override=1&class=my_banner_class&show_
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\UTWV2HIX\AccountHistory-inside;lang=en_US;acct=biz;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F14
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\UTWV2HIX\AccountOverview-inside;lang=en_US;acct=biz;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\UTWV2HIX\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\UTWV2HIX\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\UTWV2HIX\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\UTWV2HIX\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\UTWV2HIX\ShopsLogout-outside;lang=en_US;acct=;resid=US;DC=F;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F14=f;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZE8JJLCP\AccountOverview-inside;lang=en_US;acct=biz;resid=US;DC=T;bcapp=F;bcpre=F;ver=F;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F1
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZE8JJLCP\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZE8JJLCP\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZE8JJLCP\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZE8JJLCP\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=f;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\Documents and Settings\Owner.TimmyB\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZE8JJLCP\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=T;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=t;F8=f;F9=t;F10=t;F11=f;F12=t;F13=t;F
Status: Hidden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}
Status: Access denied
bert4289
Active Member
 
Posts: 14
Joined: November 19th, 2009, 3:57 pm

Re: Getting redirected clicking Google links in Firefox

Unread postby bert4289 » November 25th, 2009, 8:39 am

Hello Cypher,
Overall speed in loading pages seems faster but I am still getting redirected when clicking some google links. What's next?
bert4289
Active Member
 
Posts: 14
Joined: November 19th, 2009, 3:57 pm

Re: Getting redirected clicking Google links in Firefox

Unread postby Cypher » November 25th, 2009, 3:10 pm

Hi bert4289.

Can you tell me if you know what this is?
C:\cabs


Fix HijackThis entries

Run HijackThis

  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.

    O1 - Hosts: ::1 localhost
    O1 - Hosts: 91.212.127.227 winsecure2009.microsoft.com
    O1 - Hosts: 91.212.127.227 winsecure2009.com
    O1 - Hosts: 91.212.127.227 http://www.winsecure2009.com


  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.


Next.


Reset Host File

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: (Do not include the word Code:)
    Code: Select all
    @Echo off
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    del %0
  • Go to File >> Save As
  • Save File name as FixHosts.bat
  • Change Save as Type to All Files and save the file to your Desktop.
Now double click on the desktop FixHosts.bat to run the batch file. It will self-delete when completed.


Next.

Post a New HJT Log
  • Start HijackThis.
  • If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
  • From the Main Menu... Press the "Do System Scan and Save a Log File"...button.
  • When completed...Notepad will open with the new "hijackthis.log" file contents.
  • Copy/paste the entire (hijackthis.log) file contents in your next reply.


Next.

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Next.

We need to disable McAfee Security Center and its components temporarily as it will interfere with the below scan.
Note: Please disconnect from the Internet when your security softwares are disabled or not active.
  • Open McAfee Security Center.
  • Click on Home on the left pane.
  • Beside Computer & Files, click on the arrow button.
  • Next, click on the arrow button beside Configure at the middle right (NOT the bottom one).
  • You will come to a new page. Please check (click) Off for all the protections. Remember to scroll down.
  • You will be prompted, select Never and just click OK.
  • Note: Don't forget to re-enable it after the scan.

Here is an illustration to assist you:
Image


Next.


ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

In your next reply.

  • Hijackthis.log
  • ESET log.
  • Please let me know how your computer is performing now.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Getting redirected clicking Google links in Firefox

Unread postby bert4289 » November 25th, 2009, 4:19 pm

Not sure what c:\cabs is but there are downloaded files in it, I'd give you the screenprint of its directories but this won't let me paste the pic in here. Here's the Hijack This log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:38 PM, on 11/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=4Er ... ZE4tcfE7ro
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c1/v1 ... boax10.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14325 bytes
bert4289
Active Member
 
Posts: 14
Joined: November 19th, 2009, 3:57 pm

Re: Getting redirected clicking Google links in Firefox

Unread postby bert4289 » November 25th, 2009, 6:18 pm

Still having the issue when clicking the links, nothings changed, is there nothing coming across in all this info? ESET log below:




ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f93390b13d7d574eb8b68d7669208bb0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-25 09:53:13
# local_time=2009-11-25 02:53:13 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 438976 438976 0 0
# compatibility_mode=5121 16776869 100 96 443116 12018514 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=107173
# found=0
# cleaned=0
# scan_time=4203
bert4289
Active Member
 
Posts: 14
Joined: November 19th, 2009, 3:57 pm

Re: Getting redirected clicking Google links in Firefox

Unread postby bert4289 » November 26th, 2009, 1:40 am

This is not good Cypher, now my outer won't even boot up, not even in safe mode! now I need real help and fast!
bert4289
Active Member
 
Posts: 14
Joined: November 19th, 2009, 3:57 pm

Re: Getting redirected clicking Google links in Firefox

Unread postby Cypher » November 26th, 2009, 11:58 am

Hi bert4289.

I am really sorry to hear what has happened to your computer. We need to ask you some questions in order for us to come up with a plan.

Did you manage to complete all the instructions?
Did you enabled Mcafee?
Do you have windows XP disc for this computer?
Do you get any error messages when trying to access safe mode or normal mode?
Does the computer make any sounds when booting up?

Please answer each of these questions in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware