Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Redirect Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Redirect Virus

Unread postby snickerzmom » February 9th, 2010, 4:57 pm

Hi All,

I am really confused as I am convinced I reposted my issue this morning after my (appropriate) slap for posting incorrectly yesterday...but I can't find my post. So if this turns out to be a duplicate. My apologies.

I seem to have the google redirect virus, although I understand it can affect other search engines as well. I was on a corporate site a couple of weeks ago that was infected with JS:Illredir-D. Unfortunately my Spybot definitions were not up to date (by months, I didn't realise that) and I was heavily infected with viruses and trojans. I have been able to remove everything except for the google redirect virus.

It is a slippery thing because everytime I think I get it, it pops back up after a few days or hours again and redirects my google search links to commercial sites of it's choosing.

I have also noticed that the registry was impacted and was not allowing me to update Firefox or Adobe. (Error 1402) I have read that Windows Update gets impacted by this virus as well, but when I went to the Windows Update site it was satisfied that I was running with the latest updates.

I have added a number of antispyware programs to my system, and once this problem is resolved would appreciate your suggestions on which to keep and which to remove as them must interfere with each other.

Thanks in advance for your assistance.

Colleen

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:01 PM, on 02/09/10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Colleen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/cust ... ch/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe" /scan:boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Clear Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Identities Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Logoff - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?b47e549c26a34636ab43a2be5ca101c3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?b47e549c26a34636ab43a2be5ca101c3
O8 - Extra context menu item: Passcards Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Password Generator - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: Reset Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O8 - Extra context menu item: RoboForm Options - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Safenotes Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Set Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra 'Tools' menuitem: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O9 - Extra 'Tools' menuitem: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O9 - Extra button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra 'Tools' menuitem: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/dow ... ysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://colleenc63.spaces.live.com//Phot ... nPUpld.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/be ... eweled.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9556576454
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 16345 bytes

32 Bit HP CIO Components Installer
ABBYY FineReader 5.0 Sprint
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11
AI RoboForm (All Users)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
Audible Download Manager
Auslogics Duplicate File Finder
avast! Antivirus
Avery Wizard 3.1
Belarc Advisor 8.1
Bonjour
BurnPlugin for Audible
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 1.0
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CleanUp!
Compatibility Pack for the 2007 Office system
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW(R) Graphics Suite X4
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
CutePDF Writer 2.7
eMachines Bay Reader
GIMP 2.6.7
GoodSync
Google Desktop
Google Talk Plugin
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HijackThis 2.0.2
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 10.0
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
ISO Recorder
Itiva Media Accelerator
iTunes
Java(TM) 6 Update 18
jv16 PowerTools 2009
K-Lite Codec Pack 3.4.5 Full
LaserJet 1018
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint 2003 Template Pack 1
Microsoft Office XP Professional
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.4)
Mozilla Thunderbird (2.0.0.23)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
neroxml
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OCR Software by I.R.I.S. 10.0
Paint.NET v3.5.2
PC Pitstop Optimize2 2.0
PhotoImpression 5
Presto! PageManager 7.15.16
Prevx
QuickTax 2004
QuickTax 2005
QuickTax 2006
RealPlayer
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
Rhapsody Player Engine
RoboForm Companion
ScanSoft OmniPage SE 4
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Seesmic Desktop
Seesmic Desktop
Serif PagePlus SE 1.0
Serif WebPlus SE
Shop for HP Supplies
Smart Menus (Windows Live Toolbar)
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
System Requirements Lab
Tabbed Browsing (Windows Live Toolbar)
TweakNow RegCleaner Standard
TweetDeck
TweetDeck
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009
Uniblue SpeedUpMyPC
Uniblue System Tweaker
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
VLC media player 0.9.4
Wild Things! by Wild Ginger Software, Inc.
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip
WinZip Self-Extractor
ZIP Reader 8.00.0018
snickerzmom
Active Member
 
Posts: 11
Joined: February 8th, 2010, 6:26 pm
Advertisement
Register to Remove

Re: Google Redirect Virus

Unread postby MWR 3 day Mod » February 13th, 2010, 1:04 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Google Redirect Virus

Unread postby shinybeast » February 16th, 2010, 5:20 pm

Hello and welcome to Malware Removal Forums

My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.

Please follow these guidelines as we work to clean your computer.
  • Read through the instructions before you perform them and if you have questions please ask before you perform them. Please do not guess. I will be happy to clarify or explain.
  • Perform all instructions in the order given.
  • Stick with the process until I give you an "all clean." If the symptoms are gone, it does not necessarily mean your computer is safe and secure.
  • Do not run any other tools to remove malware while we are working.
  • If your security software throws up warnings about some of these tools, please allow these tools to run.
  • If you have not done so, please take time to read the Malware Removal Forum Guidelines and Rules and How to get help at this forum where the conditions for receiving help at this forum are explained.
NOTE: I am in training here at Malware Removal University.
I must get my replies to you approved by a malware expert which means it could take slightly longer to get back to you.
Your patience is appreciated. :)


Be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before we start.

I will have further instructions once they are approved.
In the mean time, describe for me what you did that you think may have solved the problem.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Google Redirect Virus

Unread postby snickerzmom » February 17th, 2010, 9:10 am

Thank you very much for getting back to me, and also for learning to help others remove malware. I appreciate your efforts as a volunteer.

It finally dawned on me that the history library on Firefox might be storing the redirects as they were occurring. So I opened the library and ran a search for "512 sdram" which seemed to generate a redirect every time I ran it. Sure enough, I was redirected - via three sites - all of which were recorded by the library. So I ran a few more searches that I expected would be redirected, and they were, and I studied the bounces and found that only the last bounce before the redirect was consistent. So I pulled the site name and started searching via google for others with the same issue.

The last bounce reference for one search: http://tracking.bposervers.com/in.php?trsc=looksmart&capn=ls_tl_sf_m_ron&adgp=&ptnr=tlmedia&kwd=c.php&url=www.searchfindsite.com%2F[TYPETAG]%2Fsearch.php%3Fkeyword%3Dc.php
The last bounce reference for the next search: http://tracking.bposervers.com/in.php?trsc=looksmart&capn=ls_vc_yw_o_ron&adgp=&ptnr=validclick&kwd=512%20sdram&url=www.yellowise.com%2Fresults%2Fip%2F512%20sdram%3Faffid%3D%5BTYPETAG%5D

That brought me to this blog entry: http://cantalktech.com/2009/03/12/googl ... ect-virus/, and the googredfix, which is located here: http://www.geekstogo.com/forum/redirect ... redFix.exe, at this point, I figured anything was worth a shot, so I ran the fix...and all has appeared to be better since then.

The fix did generate a file. Would you like to see the file?
snickerzmom
Active Member
 
Posts: 11
Joined: February 8th, 2010, 6:26 pm

Re: Google Redirect Virus

Unread postby shinybeast » February 19th, 2010, 11:26 am

Hello snickerzmom,

Apologies for the delay.

It sounds as if you did indeed solve the issue with gooredfix. Let's clean up some stuff and give your computer a good check to be sure it is clean.

I notice you have too many anti-malware programs running simultaneously. This can slow the computer and cause conflicts.

Ad-Aware, while a decent program is not effective against today's threats. I suggest you uninstall it.

Choose one of the following to keep and uninstall the other one.
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition


Uninstall Programs

Click Start, click Run...
Type appwiz.cpl and press Enter to open Add or Remove Programs
For each of the programs listed below, highlight them in the list and click Remove

Ad-Aware
Hitman Pro 3.5
Prevx
<- If you have not paid for it.
and one of these:
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition


Once finished, close Add or Remove Programs window


Registry "Cleaner," "Fixer," or "Optimizer" Warning

I notice you have the following program(s) installed.

jv16 PowerTools 2009
TweakNow RegCleaner Standard
Uniblue DriverScanner 2009
Uniblue SpeedUpMyPC
Uniblue System Tweaker


I strongly suggest you avoid anything that claims to clean, fix or optimize the Windows registry and recommend you uninstall the above program(s). Even the best programs have occasionally made "mistakes" and made Windows inoperable by deleting critical registry entries. The gains are negligible and the risks are great.

Check the links below for various explanations and opinions.
An example of what can happen.
Registry cleaners?
Do I Need a Registry Cleaner? - Bill Pytlovany (creator of WinPatrol)
Should I Use a Registry Cleaner?

It appears you have purchased the Uniblue software. If I were you, I would try to get a refund. If you insist on using these against my recommendations, at least back up the registry before using them.
Let's do that now.


Backup Registry With ERUNT

  • Please download ERUNT (Emergency Recovery Utility NT) by Lars Hederer from one of the links below and save it to a convenient location
    Link 1 | Link 2
  • Double-click the file erunt-setup.exe that you downloaded to start the install
  • After the language selection, click Next three times to choose the default location, folder name and start menu folder.
  • You may choose to uncheck the desktop icons at the Select Additional Options window.
  • IMPORTANT: After clicking Install, you will get a popup asking if you want to run ERUNT at each startup. Click No (Once we are finished, you may choose to enable this option).
  • Keep the option to run ERUNT checked and click Finish
  • Click OK at the Welcome dialog box
  • Ensure the System Registry and Current User Registry boxes are checked and click OK to backup the registry to the default location and filename. You will be asked if you want to create the folder, click Yes
  • A window should appear that says "Registry backup is complete!." Click OK in that window.

Let me know if backup was successful

NOTE: If the "registry optimization tool" NTREGOPT is installed with ERUNT, do NOT, for any reason, run NTREGOPT.


HijackThis

  • Start HijackThis and select Do a system scan only.
  • Place a check next to the lines listed below.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/cust ... ch/ie.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file)


  • After placing a check next to the above lines, close all windows except for HijackThis.
  • Click Fix checked, then click Yes to confirm.
  • Close HijackThis, then reboot the computer.


Scan with RSIT

  • Click here to download Random's System Information Tool by random/random and save it to your desktop.
  • Double-click RSIT.exe to run the tool
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open...
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.

Along with the RSIT logs, please include the gooredfix log if you still have it.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Google Redirect Virus

Unread postby snickerzmom » February 19th, 2010, 10:47 pm

Thanks again! All files that you asked/recommended I remove, have been removed.

I had no issues with the registry backup and I have decided to go with SuperAntiSpyware, and purchase a licence for it. (I have had issues with TeaTimer on occasion).

Here are the logs you asked for:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Colleen at 2010-02-19 21:53:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (16%) free of 181 GB
Total RAM: 1022 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:51 PM, on 02/19/10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Colleen\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Colleen.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Clear Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Identities Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Logoff - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?b47e549c26a34636ab43a2be5ca101c3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?b47e549c26a34636ab43a2be5ca101c3
O8 - Extra context menu item: Passcards Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Password Generator - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: Reset Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O8 - Extra context menu item: RoboForm Options - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Safenotes Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Set Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra 'Tools' menuitem: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O9 - Extra 'Tools' menuitem: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O9 - Extra button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra 'Tools' menuitem: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/dow ... ysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://colleenc63.spaces.live.com//Phot ... nPUpld.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/be ... eweled.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9556576454
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 15395 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-675555752-2672435813-4116015638-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-675555752-2672435813-4116015638-1005UA.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{B555077E-99E3-4F2A-A3C3-BAD4B3FD2804}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-02-18 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2010-01-23 6013768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-06-01 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-26 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2010-01-23 6013768]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-06-01 2554944]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
"SunKistEM"=C:\Program Files\eMachines Bay Reader\shwiconem.exe [2004-03-11 135168]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-28 30192]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 1468296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-02-18 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2
"CiSvc"=3
"CCALib8"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Colleen\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLogonScripts"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"HideShutdownScripts"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoWinKeys"=0
"NoChangeKeyboardNavigationIndicators"=0
"NoStartMenuMFUprogramsList"=0
"NoFavoritesMenu"=0
"NoUserNameInStartMenu"=0
"MaxRecentDocs"=10
"NoSimpleStartMenu"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\kdx\khost.exe"="C:\WINDOWS\kdx\khost.exe:*:Enabled:Delivery Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe"="C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe:*:Enabled:Itiva Media Accelerator"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Documents and Settings\Colleen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Colleen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Colleen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Colleen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"

======List of files/folders created in the last 1 months======

2010-02-19 20:27:38 ----D---- C:\rsit
2010-02-19 15:34:32 ----D---- C:\Program Files\ERUNT
2010-02-18 06:59:13 ----D---- C:\Program Files\Common Files\xing shared
2010-02-15 15:00:12 ----D---- C:\Program Files\iPod
2010-02-15 14:59:33 ----D---- C:\Program Files\iTunes
2010-02-15 14:50:06 ----D---- C:\Program Files\QuickTime
2010-02-12 09:59:41 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-12 09:59:40 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-12 09:59:40 ----A---- C:\WINDOWS\system32\java.exe
2010-02-10 07:43:05 ----SHD---- C:\RECYCLER
2010-02-09 22:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-09 22:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-09 22:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-09 22:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-09 22:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-09 22:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-09 21:58:30 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-09 21:58:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-09 21:58:03 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-09 09:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2010-02-08 16:50:23 ----A---- C:\ComboFix.txt
2010-02-08 16:24:10 ----A---- C:\WINDOWS\zip.exe
2010-02-08 16:24:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-08 16:24:10 ----A---- C:\WINDOWS\SWSC.exe
2010-02-08 16:24:10 ----A---- C:\WINDOWS\SWREG.exe
2010-02-08 16:24:10 ----A---- C:\WINDOWS\sed.exe
2010-02-08 16:24:10 ----A---- C:\WINDOWS\PEV.exe
2010-02-08 16:24:10 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-08 16:24:10 ----A---- C:\WINDOWS\MBR.exe
2010-02-08 16:24:10 ----A---- C:\WINDOWS\grep.exe
2010-02-08 16:23:59 ----D---- C:\WINDOWS\ERDNT
2010-02-08 16:21:45 ----D---- C:\Qoobox
2010-02-08 09:45:22 ----D---- C:\Program Files\Windows Installer Clean Up
2010-02-08 08:20:17 ----D---- C:\Documents and Settings\All Users\Application Data\Hitman Pro
2010-02-08 08:20:16 ----D---- C:\Program Files\Hitman Pro 3.5
2010-02-08 07:48:07 ----D---- C:\Documents and Settings\Colleen\Application Data\Windows Search
2010-02-08 07:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2010-02-08 07:00:51 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-02-08 07:00:48 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-02-08 06:56:00 ----HDC---- C:\WINDOWS\$NtUninstallKB900325$
2010-02-08 06:54:48 ----HDC---- C:\WINDOWS\$NtUninstallKB903157$
2010-02-08 06:53:23 ----D---- C:\Documents and Settings\Colleen\Application Data\Windows Desktop Search
2010-02-08 06:52:40 ----D---- C:\WINDOWS\system32\GroupPolicy
2010-02-08 06:52:40 ----D---- C:\Program Files\Windows Desktop Search
2010-02-08 06:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2010-02-08 06:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2010-02-05 13:07:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-05 12:05:06 ----D---- C:\Documents and Settings\All Users\Application Data\GoodSync
2010-02-05 10:40:43 ----D---- C:\Documents and Settings\Colleen\Application Data\Malwarebytes
2010-02-05 10:40:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-04 00:20:04 ----D---- C:\Documents and Settings\Colleen\Application Data\Corel
2010-02-04 00:19:14 ----D---- C:\Program Files\Common Files\Protexis
2010-02-04 00:19:14 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
2010-02-04 00:15:23 ----D---- C:\Program Files\Corel
2010-02-03 20:58:23 ----D---- C:\Program Files\Common Files\Corel
2010-02-03 20:12:43 ----D---- C:\Program Files\LogoSmartz Trial
2010-02-03 15:06:08 ----A---- C:\WINDOWS\unvise32.exe
2010-02-01 07:58:39 ----D---- C:\Program Files\Microsoft IntelliPoint
2010-01-26 15:42:04 ----D---- C:\Program Files\Coupons
2010-01-21 08:10:38 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-21 08:10:37 ----D---- C:\Program Files\Common Files\Java

======List of files/folders modified in the last 1 months======

2010-02-19 21:36:04 ----D---- C:\WINDOWS\Prefetch
2010-02-19 21:25:24 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2010-02-19 20:35:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-19 20:34:11 ----SHD---- C:\WINDOWS\Installer
2010-02-19 20:34:10 ----D---- C:\Config.Msi
2010-02-19 20:34:05 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-19 20:33:58 ----D---- C:\Documents and Settings\Colleen\Application Data\SUPERAntiSpyware.com
2010-02-19 20:33:29 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-19 20:24:08 ----D---- C:\Program Files\Mozilla Thunderbird
2010-02-19 20:22:37 ----D---- C:\WINDOWS\Temp
2010-02-19 20:21:12 ----D---- C:\WINDOWS\Registration
2010-02-19 20:19:30 ----SD---- C:\WINDOWS\Tasks
2010-02-19 20:19:20 ----D---- C:\WINDOWS
2010-02-19 20:18:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-19 20:16:49 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-19 19:45:49 ----RD---- C:\Program Files
2010-02-19 19:45:48 ----D---- C:\WINDOWS\system32\drivers
2010-02-19 15:26:48 ----D---- C:\Program Files\Uniblue
2010-02-19 15:26:37 ----D---- C:\Documents and Settings\Colleen\Application Data\Uniblue
2010-02-19 15:25:09 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2010-02-19 15:24:08 ----D---- C:\Program Files\TweakNow RegCleaner Std
2010-02-19 15:07:39 ----D---- C:\Program Files\Lavasoft
2010-02-19 15:07:21 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-19 13:19:27 ----D---- C:\Documents and Settings\Colleen\Application Data\GoodSync
2010-02-19 08:49:32 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-02-18 21:43:37 ----D---- C:\Program Files\Mozilla Firefox
2010-02-18 17:09:10 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-02-18 07:12:55 ----D---- C:\WINDOWS\system32
2010-02-18 07:01:02 ----D---- C:\Program Files\Common Files\Real
2010-02-18 07:00:49 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-02-18 06:59:34 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-02-18 06:59:34 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-02-18 06:59:13 ----D---- C:\Program Files\Common Files
2010-02-18 06:56:40 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-02-16 18:25:20 ----HD---- C:\WINDOWS\inf
2010-02-15 15:00:04 ----D---- C:\Program Files\Common Files\Apple
2010-02-14 15:57:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-02-13 14:12:53 ----D---- C:\Documents and Settings\Colleen\Application Data\Mozilla
2010-02-12 09:59:12 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-02-10 07:50:43 ----D---- C:\Program Files\CCleaner
2010-02-10 07:43:12 ----D---- C:\WINDOWS\Debug
2010-02-10 07:09:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-09 22:03:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-09 22:03:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-09 09:07:54 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-08 16:35:47 ----A---- C:\WINDOWS\system.ini
2010-02-08 16:33:03 ----D---- C:\WINDOWS\system32\config
2010-02-08 16:30:26 ----D---- C:\WINDOWS\AppPatch
2010-02-08 16:21:54 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-02-08 10:32:12 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-02-08 10:15:00 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-08 10:14:07 ----D---- C:\Program Files\SpywareBlaster
2010-02-08 10:05:47 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-02-08 10:02:18 ----D---- C:\Program Files\Common Files\Adobe
2010-02-08 09:45:05 ----D---- C:\Program Files\MSECache
2010-02-08 09:39:56 ----D---- C:\Program Files\Adobe
2010-02-08 09:30:10 ----A---- C:\WINDOWS\WININIT.INI
2010-02-08 07:17:28 ----D---- C:\WINDOWS\ehome
2010-02-08 07:07:05 ----D---- C:\WINDOWS\security
2010-02-08 07:02:28 ----D---- C:\Program Files\Internet Explorer
2010-02-08 07:02:26 ----D---- C:\WINDOWS\ie8updates
2010-02-08 07:00:16 ----D---- C:\WINDOWS\RegisteredPackages
2010-02-08 06:57:40 ----RSD---- C:\WINDOWS\Fonts
2010-02-08 06:52:52 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-08 06:52:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-08 06:52:43 ----D---- C:\WINDOWS\system32\en-US
2010-02-08 06:52:40 ----D---- C:\WINDOWS\system32\wbem
2010-02-07 18:45:49 ----D---- C:\Documents and Settings
2010-02-05 13:54:35 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2010-02-05 12:04:56 ----D---- C:\Program Files\Siber Systems
2010-02-05 11:20:46 ----D---- C:\WINDOWS\pss
2010-02-05 10:58:55 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2010-02-04 01:46:54 ----A---- C:\WINDOWS\win.ini
2010-02-03 19:40:11 ----D---- C:\Documents and Settings\Colleen\Application Data\gtk-2.0
2010-02-03 08:08:18 ----D---- C:\Documents and Settings\Colleen\Application Data\Serif
2010-02-03 06:45:30 ----D---- C:\Documents and Settings\Colleen\Application Data\CBS Interactive
2010-02-03 06:43:18 ----D---- C:\Program Files\Serif
2010-02-01 14:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-01 08:00:04 ----SD---- C:\Documents and Settings\Colleen\Application Data\Microsoft
2010-01-28 14:28:19 ----RSD---- C:\WINDOWS\assembly
2010-01-28 14:27:42 ----D---- C:\Program Files\Paint.NET
2010-01-28 14:27:40 ----D---- C:\WINDOWS\WinSxS
2010-01-26 19:12:43 ----RASH---- C:\boot.ini
2010-01-26 17:42:00 ----D---- C:\Documents and Settings\Colleen\Application Data\Nero
2010-01-26 17:41:42 ----D---- C:\Program Files\IObit
2010-01-21 08:08:30 ----D---- C:\Program Files\Java
2010-01-21 07:36:49 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-24 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-18 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-18 2560]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-24 94160]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-08-29 13059]
R3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2005-03-15 283904]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-08-06 4122112]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-08-29 1033600]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2006-08-29 221440]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-06-01 14736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-16 7729568]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2009-05-08 27792]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-07-17 109952]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-08-29 705280]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ATHFMWDL;D-Link predator Bootloader driver; C:\WINDOWS\System32\Drivers\ATHFMWDL.sys [2005-03-15 43392]
S3 BRIDGE;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\WINDOWS\system32\DRIVERS\netaapl.sys [2009-07-09 17408]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys []
S3 RIOUNIV;Rio universal USB driver; C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2006-08-19 16128]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-01-30 513152]
S3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-08-05 235520]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-12 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-13 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
S3 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-28 30192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-04 163840]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-02-19 21:53:52

======Uninstall list======

-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->MsiExec.exe /X{85808CBD-8E3E-4F04-B626-167115874290} /Q
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Audible Download Manager-->C:\Program Files\Audible\Bin\AudibleDM_iTunesSetup.exe /Uninstall
Auslogics Duplicate File Finder-->"C:\Program Files\Auslogics\Auslogics Duplicate File Finder\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Avery Wizard 3.1-->MsiExec.exe /I{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}
Belarc Advisor 8.1-->"C:\PROGRA~1\Belarc\Advisor\Uninstall.exe" "C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BurnPlugin for Audible-->MsiExec.exe /I{301120E0-45A9-498C-8627-19E7E20EFA3A}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon PhotoRecord-->MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon Utilities RemoteCapture DC-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CorelDRAW Graphics Suite X4 - Capture-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF012}
CorelDRAW Graphics Suite X4 - Content-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF016}
CorelDRAW Graphics Suite X4 - Draw-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF013}
CorelDRAW Graphics Suite X4 - Filters-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF017}
CorelDRAW Graphics Suite X4 - FontNav-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF019}
CorelDRAW Graphics SUite X4 - ICA-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF010}
CorelDRAW Graphics Suite X4 - IPM-->MsiExec.exe /I{11FC22F2-F582-40ED-B787-2C1FDC04CB3B}
CorelDRAW Graphics Suite X4 - Lang EN-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF100}
CorelDRAW Graphics Suite X4 - PP-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF014}
CorelDRAW Graphics Suite X4 - VBA-->MsiExec.exe /I{BF439B41-0252-48DE-8B8B-0430CB26A181}
CorelDRAW Graphics Suite X4-->MsiExec.exe /I{44A27085-0616-4181-A0C3-81C7ECA17F73}
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->c:\Program Files\Common Files\Corel\Shared\Shell Extension\Uninst.exe
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->MsiExec.exe /X{CE2DA11A-917F-4CF5-AB55-755EC115DD10}
CorelDRAW(R) Graphics Suite X4-->c:\Program Files\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arp
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
eMachines Bay Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GoodSync-->"C:\Program Files\Siber Systems\GoodSync\uninstall.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Talk Plugin-->MsiExec.exe /I{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}
Google Toolbar for Firefox-->C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
Google Toolbar for Firefox-->MsiExec.exe /X{AA345678-12B4-1C34-12D4-12345678FFEE}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}\setup\hpzscr01.exe -datfile hposcr28.dat -onestop
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 3.5-->C:\Program Files\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
Itiva Media Accelerator-->C:\Program Files\Itiva\Itiva Media Accelerator\uninst.exe
iTunes-->MsiExec.exe /I{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
K-Lite Codec Pack 3.4.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LaserJet 1018-->C:\Program Files\Zenographics\{470E3818-FB6D-4721-A463-3DF06F422C30}\Setup.exe -u "HPLJInstaller.dll=Hplj1018.inf"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint 2003 Template Pack 1-->MsiExec.exe /I{90AB0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002-->MsiExec.exe /I{91190409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{60fa7bf1-3044-4718-9857-21eb48df6789}
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Paint.NET v3.5.2-->MsiExec.exe /X{4F77F6EE-2C99-49F7-940A-2E9C208C3BE1}
PC Pitstop Optimize2 2.0-->"C:\Program Files\PCPitstop\Optimize2\unins000.exe"
PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\SETUP.EXE" -l0x9
Presto! PageManager 7.15.16-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anythinganything -removeonly
QuickTax 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53337CA9-E9A4-4C59-9D1C-D980EF9BF0C2}\isetup.ex_" -l0x9 -uninst
QuickTax 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8D0BC3E-67DF-48A3-ACC9-EEAA8DBFBF29}\isetup.ex_" -l0x9 -uninst
QuickTax 2006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAFDA89B-1031-4BDB-8619-DE20CBDEDF32}\isetup.ex_" -l0x9 -uninst
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0009 -removeonly
Rhapsody Player Engine-->MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
RoboForm Companion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C50541F7-96D1-4862-86FE-4EDEF93DFC59}\setup.exe" -l0x9 -removeonly
ScanSoft OmniPage SE 4-->MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Seesmic Desktop-->msiexec /qb /x {72EF21F6-6DF7-C5C5-3AEA-1C8F52E0AADD}
Seesmic Desktop-->MsiExec.exe /I{72EF21F6-6DF7-C5C5-3AEA-1C8F52E0AADD}
Serif PagePlus SE 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}\Setup.exe" -l0x9
Serif WebPlus SE-->MsiExec.exe /X{6A5FE305-1147-400D-9795-8B80E693476A}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe
Tabbed Browsing (Windows Live Toolbar)-->MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
TweetDeck-->msiexec /qb /x {755C5628-7C85-C99A-4035-1B89D6D43BD8}
TweetDeck-->MsiExec.exe /I{755C5628-7C85-C99A-4035-1B89D6D43BD8}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM-->MsiExec.exe /I{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Wild Things! by Wild Ginger Software, Inc.-->C:\WGWILD~1\UNWISE.EXE C:\WGWILD~1\INSTALL.LOG
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip Self-Extractor-->"C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZIP Reader 8.00.0018-->MsiExec.exe /I{856C155E-4A74-4041-B026-04F96FFD1BCD}

=====HijackThis Backups=====

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [2010-01-26]
O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file) [2010-02-19]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2010-02-19]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/cust ... ch/ie.html [2010-02-19]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2010-02-19]
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) [2010-02-19]

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 100219-0]

======System event log======

Computer Name: COLE-2B59FCF3F9
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 18863
Source Name: Service Control Manager
Time Written: 20100126191541.000000-300
Event Type: error
User:

Computer Name: COLE-2B59FCF3F9
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Lbd

Record Number: 18827
Source Name: Service Control Manager
Time Written: 20100126190725.000000-300
Event Type: error
User:

Computer Name: COLE-2B59FCF3F9
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 18826
Source Name: Service Control Manager
Time Written: 20100126190725.000000-300
Event Type: error
User:

Computer Name: COLE-2B59FCF3F9
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Lbd

Record Number: 18790
Source Name: Service Control Manager
Time Written: 20100126183115.000000-300
Event Type: error
User:

Computer Name: COLE-2B59FCF3F9
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 18789
Source Name: Service Control Manager
Time Written: 20100126183115.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: COLE-2B59FCF3F9
Event Code: 25
Message:
Record Number: 2831
Source Name: UmxCfg
Time Written: 20100109215439.000000-300
Event Type:
User:

Computer Name: COLE-2B59FCF3F9
Event Code: 0
Message:
Record Number: 2824
Source Name: Media Center Scheduler
Time Written: 20100107162035.000000-300
Event Type: error
User:

Computer Name: COLE-2B59FCF3F9
Event Code: 88
Message:
Record Number: 2822
Source Name: UmxAgent
Time Written: 20100107162022.000000-300
Event Type:
User:

Computer Name: COLE-2B59FCF3F9
Event Code: 88
Message:
Record Number: 2821
Source Name: UmxAgent
Time Written: 20100107162022.000000-300
Event Type:
User:

Computer Name: COLE-2B59FCF3F9
Event Code: 88
Message:
Record Number: 2820
Source Name: UmxAgent
Time Written: 20100107162022.000000-300
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


GooredFix by jpshortstuff (08.01.10.1)
Log created at 13:47 on 12/02/2010 (Colleen)
Firefox version 3.5.4 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{7F5CE1A5-8B93-43F4-BFA1-8CEEA214695F} -> Success!
Deleting C:\Documents and Settings\Colleen\Local Settings\Application Data\{7F5CE1A5-8B93-43F4-BFA1-8CEEA214695F} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
Access Privileges Test [15:33 25/02/2007]
{3112ca9c-de6d-4884-a869-9855de68056c} [03:22 15/02/2006]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:22 15/02/2006]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [14:59 12/02/2010]

C:\Documents and Settings\Colleen\Application Data\Mozilla\Firefox\Profiles\c9in12t4.default\extensions\
en-CA@dictionaries.addons.mozilla.org [16:40 05/11/2009]
statusbar@toodledo.com [15:30 25/03/2009]
{20a82645-c095-46ed-80e3-08825760534b} [17:14 02/09/2009]
{22119944-ED35-4ab1-910B-E619EA06A115}(2) [16:16 18/02/2007]
{3112ca9c-de6d-4884-a869-9855de68056c} [21:10 21/12/2009]
{31d88f70-c791-42d8-8187-faaf71d42f67} [16:56 06/02/2010]
{77b819fa-95ad-4f2c-ac7c-486b356188a9} [17:51 04/06/2009]
{c45c406e-ab73-11d8-be73-000a95be3b12} [21:23 06/02/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [15:55 12/02/2010]
{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [03:42 11/02/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [12:22 15/08/2009]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext" [14:23 03/12/2009]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files\Siber Systems\AI RoboForm\Firefox" [17:15 19/02/2008]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [14:59 12/02/2010]

-=E.O.F=-

Thanks!

Colleen
snickerzmom
Active Member
 
Posts: 11
Joined: February 8th, 2010, 6:26 pm

Re: Google Redirect Virus

Unread postby shinybeast » February 20th, 2010, 11:26 am

Hi snickerzmom,

Thanks again!


You're welcome. :)

I wouldn't recommend purchasing SUPERAntispyware. Instead, I would recommend a setup that a lot of us run. This includes an anti-virus (which you have), a firewall, WinPatrol and a hosts file. The combination of these programs will keep out most malware or warn you if malware is trying to make changes to your computer. Once we are finished, I will have recommendations and provide links for the programs if you choose to go that route.

First, let's clean up a few things and do an online scan to ensure the computer is clean.


Download and run OTM

Click here to download OTM by Old Timer and save it to your Desktop.

  • Double-click OTM.exe to run it.
  • Copy the following code and paste it in the white space under Paste Instructions for Items to be Moved (below the yellow line at the bottom of the window).
    Code: Select all
    :files
    C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
    C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
    C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
    C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    C:\Program Files\Spybot - Search & Destroy
    C:\Documents and Settings\All Users\Application Data\Hitman Pro
    C:\Program Files\Hitman Pro 3.5
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    C:\Program Files\Iobit
    
    :reg
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
    
    :Commands
    [emptytemp]

  • Click the MoveIt! button
  • OTM will ask to reboot the machine. Please do so.
  • You can find the log as described below and paste the contents of the log in your next reply.
    • Start Notepad (Start > All Programs > Accessories > Notepad)
    • In Notepad, click File, then click Open
    • In the File Name: box, type *.log then press Enter
    • Navigate to C:\_OTM\MovedFiles and locate the newest log and open it (they are named as {date}_{time}.log)
    • Copy the contents of the log and paste it in your next reply.


Uninstall ComboFix

I see that you have run ComboFix.
ComboFix is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Copy the text in the code box below

Code: Select all
ComboFix /Uninstall

Click Start, click Run... and paste the text in the Open: field, then click OK.

Combofix will uninstall; click OK when it is finished.


ESET Online Scan

Before you begin:
  • Please use Internet Explorer for this scan.
  • Disable your anti-virus to avoid conflicts.
    NOTE: To disable Alwil Avast
    • Locate Avast Image icon in the system tray at the bottom right of the desktop.
    • Right-click the icon and select Stop On-Access Protection
    • The program will ask if you are sure; click Yes.
Click here to visit ESET Online Scanner then click Image
  • In the new tab/window that opens, check YES, I accept the Terms of Use then click the green Start button
  • When prompted, allow the Add-On/Active X to install.
  • Under Computer Scan Settings do the following:
    • Ensure that Remove found threats is NOT checked
    • Ensure that Scan archives is checked.
  • Then click Advanced settings and ensure the following are checked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Start button.
  • The signature database will then be downloaded and the scan will start.
    NOTE: Then scan will take quite some time; the more data to be scanned, the longer it will take. Please be patient.
  • When it is finished, ensure the Uninstall application on close box is NOT checked and click Finish button.
    If you wish, you may uninstall the scanner through Add/Remove Progams after we are finished.
  • Copy the whole line in the code box below.
    Code: Select all
    "%PROGRAMFILES%\ESET\ESET Online Scanner\log.txt"
  • Click Start, click Run... and paste the above line in the Open: field, then click OK
  • The log should open, if not, navigate to C:\Program Files\ESET\ESET Online Scanner\ and open the text file named log.
  • Copy and paste the log in your next reply.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Please include the OTM log and the ESET log in your next reply.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Google Redirect Virus

Unread postby shinybeast » February 22nd, 2010, 1:58 pm

Hello snickerzmom,

It has been 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or performing the instructions?
Please let me know how things are going otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Google Redirect Virus

Unread postby snickerzmom » February 23rd, 2010, 11:49 am

Something went wrong - posted a reply. I am digging out the logs to repost right now. Thanks for following up.

All processes killed
========== FILES ==========
C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job moved successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job moved successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job moved successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job moved successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\Program Files\Spybot - Search & Destroy folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Hitman Pro\Quarantine folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Hitman Pro folder moved successfully.
C:\Program Files\Hitman Pro 3.5 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Update\Skin\White folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Update\Skin\Black folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Update\Skin folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Update folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\tb\searchplugin folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\tb\META-INF folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\tb\lib folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\tb\defaults folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\tb\components folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\tb\chrome folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\tb folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Language folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Images folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\SoftV92 Data Fax Modem with SmartCP folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\Rio Karma folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek RTL8139810x Family Fast Ethernet NIC folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek AC'97 Audio folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce4 MX 440-SE (Microsoft Corporation) folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 9500 GT folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\HP LaserJet 1018 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\HP Deskjet F4200 series (DOT4USB) folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\HP Deskjet F4200 series (DOT4PRT) folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\HP Deskjet F4200 series (DOT4) folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\HP Deskjet F4200 series folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\HP DeskJet F4200 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\Deskjet F4200 (DOT4PRINT) folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\D-Link predator USB Bootloader Download folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\D-Link AirPlus Xtreme G DWL-G132 Wireless USB Adapter(rev.A) folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\BenQ FP731 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\ATI SMBus folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\ATI IDE Controller folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\Apple Recovery (iBoot) USB Driver folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\Apple Mobile Device USB Driver folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\Apple Mobile Device Ethernet folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Backup folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3 folder moved successfully.
C:\Program Files\IObit folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Colleen
->Temp folder emptied: 54795759 bytes
->Temporary Internet Files folder emptied: 8511056 bytes
->Java cache emptied: 135080 bytes
->FireFox cache emptied: 150158202 bytes
->Google Chrome cache emptied: 10396691 bytes
->Apple Safari cache emptied: 16354955 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 15041170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98132885 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 474104 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 157907540 bytes

Total Files Cleaned = 488.00 mb


OTM by OldTimer - Version 3.1.9.0 log created on 02202010_144135

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_584.dat moved successfully.

Registry entries deleted on Reboot...

Combofix has been uninstalled


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4901181468a81a49a4cf77f09243af56
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-20 08:26:11
# local_time=2010-02-20 03:26:11 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1905618 1905618 0 0
# compatibility_mode=769 16775141 100 98 0 202056899 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=1560
# found=0
# cleaned=0
# scan_time=229
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4901181468a81a49a4cf77f09243af56
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-02-20 11:30:58
# local_time=2010-02-20 06:30:58 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1905908 1905908 0 0
# compatibility_mode=769 16775141 100 98 0 202057189 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=112365
# found=1
# cleaned=0
# scan_time=11024
C:\UBCD4WIN\UBCD4WinBuilder.iso multiple threats 00000000000000000000000000000000 I
snickerzmom
Active Member
 
Posts: 11
Joined: February 8th, 2010, 6:26 pm

Re: Google Redirect Virus

Unread postby shinybeast » February 23rd, 2010, 3:19 pm

Hi snickerzmom,


MSConfig Advice

"The System Configuration utility helps you find problems with your Windows XP configuration. It does not manage the programs that run when Windows starts." -- http://support.microsoft.com/kb/310560

MSConfig is designed to be used for troubleshooting system problems. When you use it to disable something "permanently" using Selective Startup there may be one or more of the following consequences.

  • Malware can remain inactive in the system and be activated at a later date when Normal Startup is selected.
  • Uninstalling a program that has been disabled may not properly uninstall the program. Also, boot errors may occur as a result of selecting Normal Startup after uninstalling a program disabled using Selective Startup.
  • Using MSConfig to disable Services can cause the computer to be unbootable should you disable a critical one.

I suggest you run MSConfig and select Normal Startup.
Then use the following options to deal with startups.

  1. Uninstall the program if it is not being used.
  2. Look in the program's settings to see if there is a setting to stop it from starting when Windows starts.
  3. Use a Startup Manager such as Startup Manager, Autoruns or WinPatrol (WinPatrol also offers additional security).

Another option would be to properly disable the services you used MSConfig to keep from starting. This also keeps them around in case you want to use them later. This can also be accomplished with WinPatrol.

  • NOTE: only do this AFTER selecting Normal Startup in MSConfig and rebooting.
  • Click Start, click Run... type services.msc and press Enter.
  • Locate the following services in the list.
    Bonjour Service
    Canon Camera Access Library 8
    Indexing Service
  • For each service, right click it in the list and click Properties
  • Then click Stop button under Service status:
  • Then click the drop down menu next to Startup and select Disabled and click OK.
NOTE: Only disable the services listed above. It is easy to really mess up Windows by disabling a critical service.


Let's get a final check and we can finish up.

Scan with RSIT

  • Double-click RSIT.exe to run the tool
  • Click Continue at the disclaimer screen.
  • Once it finishes, one log will open.
  • Please post the contents of log.txt in your next post.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Google Redirect Virus

Unread postby snickerzmom » February 24th, 2010, 9:38 am

Here you go!

Logfile of random's system information tool 1.06 (written by random/random)
Run by Colleen at 2010-02-24 08:36:06
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (16%) free of 181 GB
Total RAM: 1022 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:48 AM, on 02/24/10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
C:\Documents and Settings\Colleen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Colleen\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Colleen.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Clear Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Identities Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Logoff - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?b47e549c26a34636ab43a2be5ca101c3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?b47e549c26a34636ab43a2be5ca101c3
O8 - Extra context menu item: Passcards Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Password Generator - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: Reset Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O8 - Extra context menu item: RoboForm Options - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Safenotes Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Set Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra 'Tools' menuitem: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O9 - Extra 'Tools' menuitem: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O9 - Extra button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra 'Tools' menuitem: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/dow ... ysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://colleenc63.spaces.live.com//Phot ... nPUpld.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/be ... eweled.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9556576454
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 16016 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-675555752-2672435813-4116015638-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-675555752-2672435813-4116015638-1005UA.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{B555077E-99E3-4F2A-A3C3-BAD4B3FD2804}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-02-18 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2010-01-23 6013768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-06-01 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-26 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2010-01-23 6013768]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-06-01 2554944]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
"SunKistEM"=C:\Program Files\eMachines Bay Reader\shwiconem.exe [2004-03-11 135168]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-28 30192]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 1468296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-02-18 198160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-02-18 2012912]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Colleen\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLogonScripts"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"HideShutdownScripts"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoWinKeys"=0
"NoChangeKeyboardNavigationIndicators"=0
"NoStartMenuMFUprogramsList"=0
"NoFavoritesMenu"=0
"NoUserNameInStartMenu"=0
"MaxRecentDocs"=10
"NoSimpleStartMenu"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\kdx\khost.exe"="C:\WINDOWS\kdx\khost.exe:*:Enabled:Delivery Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe"="C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe:*:Enabled:Itiva Media Accelerator"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Documents and Settings\Colleen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Colleen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Colleen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Colleen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"

======List of files/folders created in the last 1 months======

2010-02-20 15:19:10 ----D---- C:\Program Files\ESET
2010-02-20 14:41:35 ----D---- C:\_OTM
2010-02-19 20:27:38 ----D---- C:\rsit
2010-02-19 15:34:32 ----D---- C:\Program Files\ERUNT
2010-02-18 06:59:13 ----D---- C:\Program Files\Common Files\xing shared
2010-02-15 15:00:12 ----D---- C:\Program Files\iPod
2010-02-15 14:59:33 ----D---- C:\Program Files\iTunes
2010-02-15 14:50:06 ----D---- C:\Program Files\QuickTime
2010-02-12 09:59:41 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-12 09:59:40 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-12 09:59:40 ----A---- C:\WINDOWS\system32\java.exe
2010-02-10 07:43:05 ----SHD---- C:\RECYCLER
2010-02-09 22:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-09 22:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-09 22:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-09 22:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-09 22:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-09 22:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-09 21:58:30 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-09 21:58:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-09 21:58:03 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-09 09:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2010-02-08 16:50:23 ----A---- C:\ComboFix.txt
2010-02-08 16:23:59 ----D---- C:\WINDOWS\ERDNT
2010-02-08 09:45:22 ----D---- C:\Program Files\Windows Installer Clean Up
2010-02-08 07:48:07 ----D---- C:\Documents and Settings\Colleen\Application Data\Windows Search
2010-02-08 07:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2010-02-08 07:00:51 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-02-08 07:00:48 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-02-08 06:56:00 ----HDC---- C:\WINDOWS\$NtUninstallKB900325$
2010-02-08 06:54:48 ----HDC---- C:\WINDOWS\$NtUninstallKB903157$
2010-02-08 06:53:23 ----D---- C:\Documents and Settings\Colleen\Application Data\Windows Desktop Search
2010-02-08 06:52:40 ----D---- C:\WINDOWS\system32\GroupPolicy
2010-02-08 06:52:40 ----D---- C:\Program Files\Windows Desktop Search
2010-02-08 06:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2010-02-08 06:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2010-02-05 12:05:06 ----D---- C:\Documents and Settings\All Users\Application Data\GoodSync
2010-02-05 10:40:43 ----D---- C:\Documents and Settings\Colleen\Application Data\Malwarebytes
2010-02-05 10:40:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-04 00:20:04 ----D---- C:\Documents and Settings\Colleen\Application Data\Corel
2010-02-04 00:19:14 ----D---- C:\Program Files\Common Files\Protexis
2010-02-04 00:19:14 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
2010-02-04 00:15:23 ----D---- C:\Program Files\Corel
2010-02-03 20:58:23 ----D---- C:\Program Files\Common Files\Corel
2010-02-03 20:12:43 ----D---- C:\Program Files\LogoSmartz Trial
2010-02-03 15:06:08 ----A---- C:\WINDOWS\unvise32.exe
2010-02-01 07:58:39 ----D---- C:\Program Files\Microsoft IntelliPoint
2010-01-26 15:42:04 ----D---- C:\Program Files\Coupons

======List of files/folders modified in the last 1 months======

2010-02-24 08:19:35 ----D---- C:\WINDOWS\Temp
2010-02-24 08:15:09 ----D---- C:\Program Files\Mozilla Thunderbird
2010-02-24 08:12:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-24 08:12:46 ----D---- C:\WINDOWS\Registration
2010-02-24 08:10:49 ----SD---- C:\WINDOWS\Tasks
2010-02-24 08:10:39 ----D---- C:\WINDOWS
2010-02-24 08:09:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-24 08:04:09 ----RASH---- C:\boot.ini
2010-02-24 08:04:09 ----A---- C:\WINDOWS\win.ini
2010-02-24 08:04:09 ----A---- C:\WINDOWS\system.ini
2010-02-24 08:03:18 ----D---- C:\WINDOWS\Prefetch
2010-02-24 07:27:38 ----D---- C:\Documents and Settings\Colleen\Application Data\GoodSync
2010-02-24 06:50:28 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-02-23 12:34:36 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2010-02-22 19:47:50 ----SHD---- C:\WINDOWS\Installer
2010-02-22 19:47:49 ----D---- C:\Config.Msi
2010-02-22 19:46:49 ----D---- C:\WINDOWS\system32
2010-02-20 15:19:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-20 15:19:10 ----RD---- C:\Program Files
2010-02-19 20:34:05 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-19 20:33:58 ----D---- C:\Documents and Settings\Colleen\Application Data\SUPERAntiSpyware.com
2010-02-19 20:33:29 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-19 19:45:48 ----D---- C:\WINDOWS\system32\drivers
2010-02-19 15:26:48 ----D---- C:\Program Files\Uniblue
2010-02-19 15:26:37 ----D---- C:\Documents and Settings\Colleen\Application Data\Uniblue
2010-02-19 15:25:09 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2010-02-19 15:24:08 ----D---- C:\Program Files\TweakNow RegCleaner Std
2010-02-19 15:07:39 ----D---- C:\Program Files\Lavasoft
2010-02-19 15:07:21 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-18 21:43:37 ----D---- C:\Program Files\Mozilla Firefox
2010-02-18 17:09:10 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-02-18 07:01:02 ----D---- C:\Program Files\Common Files\Real
2010-02-18 07:00:49 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-02-18 06:59:34 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-02-18 06:59:34 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-02-18 06:59:13 ----D---- C:\Program Files\Common Files
2010-02-18 06:56:40 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-02-16 18:25:20 ----HD---- C:\WINDOWS\inf
2010-02-15 15:00:04 ----D---- C:\Program Files\Common Files\Apple
2010-02-14 15:57:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-02-13 14:12:53 ----D---- C:\Documents and Settings\Colleen\Application Data\Mozilla
2010-02-12 09:59:12 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-02-10 07:50:43 ----D---- C:\Program Files\CCleaner
2010-02-10 07:43:12 ----D---- C:\WINDOWS\Debug
2010-02-09 22:03:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-09 22:03:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-09 09:07:54 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-08 16:33:03 ----D---- C:\WINDOWS\system32\config
2010-02-08 16:30:26 ----D---- C:\WINDOWS\AppPatch
2010-02-08 16:21:54 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-02-08 10:32:12 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-02-08 10:15:00 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-08 10:14:07 ----D---- C:\Program Files\SpywareBlaster
2010-02-08 10:05:47 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-02-08 10:02:18 ----D---- C:\Program Files\Common Files\Adobe
2010-02-08 09:45:05 ----D---- C:\Program Files\MSECache
2010-02-08 09:39:56 ----D---- C:\Program Files\Adobe
2010-02-08 09:30:10 ----A---- C:\WINDOWS\WININIT.INI
2010-02-08 07:17:28 ----D---- C:\WINDOWS\ehome
2010-02-08 07:07:05 ----D---- C:\WINDOWS\security
2010-02-08 07:02:28 ----D---- C:\Program Files\Internet Explorer
2010-02-08 07:02:26 ----D---- C:\WINDOWS\ie8updates
2010-02-08 07:00:16 ----D---- C:\WINDOWS\RegisteredPackages
2010-02-08 06:57:40 ----RSD---- C:\WINDOWS\Fonts
2010-02-08 06:52:52 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-08 06:52:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-08 06:52:43 ----D---- C:\WINDOWS\system32\en-US
2010-02-08 06:52:40 ----D---- C:\WINDOWS\system32\wbem
2010-02-07 18:45:49 ----D---- C:\Documents and Settings
2010-02-05 13:54:35 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2010-02-05 12:04:56 ----D---- C:\Program Files\Siber Systems
2010-02-05 11:20:46 ----D---- C:\WINDOWS\pss
2010-02-05 10:58:55 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2010-02-03 19:40:11 ----D---- C:\Documents and Settings\Colleen\Application Data\gtk-2.0
2010-02-03 08:08:18 ----D---- C:\Documents and Settings\Colleen\Application Data\Serif
2010-02-03 06:45:30 ----D---- C:\Documents and Settings\Colleen\Application Data\CBS Interactive
2010-02-03 06:43:18 ----D---- C:\Program Files\Serif
2010-02-01 14:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-01 08:00:04 ----SD---- C:\Documents and Settings\Colleen\Application Data\Microsoft
2010-01-28 14:28:19 ----RSD---- C:\WINDOWS\assembly
2010-01-28 14:27:42 ----D---- C:\Program Files\Paint.NET
2010-01-28 14:27:40 ----D---- C:\WINDOWS\WinSxS
2010-01-26 17:42:00 ----D---- C:\Documents and Settings\Colleen\Application Data\Nero

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-24 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-18 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-18 2560]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-24 94160]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-08-29 13059]
R3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2005-03-15 283904]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-08-06 4122112]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-08-29 1033600]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2006-08-29 221440]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-06-01 14736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-16 7729568]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2009-05-08 27792]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-07-17 109952]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-08-29 705280]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ATHFMWDL;D-Link predator Bootloader driver; C:\WINDOWS\System32\Drivers\ATHFMWDL.sys [2005-03-15 43392]
S3 BRIDGE;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\WINDOWS\system32\DRIVERS\netaapl.sys [2009-07-09 17408]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys []
S3 RIOUNIV;Rio universal USB driver; C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2006-08-19 16128]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-01-30 513152]
S3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-08-05 235520]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-12 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
R4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R4 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-13 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
S3 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-28 30192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-04 163840]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
snickerzmom
Active Member
 
Posts: 11
Joined: February 8th, 2010, 6:26 pm

Re: Google Redirect Virus

Unread postby shinybeast » February 24th, 2010, 3:32 pm

Hi snickerzmom,

OTC

Click Here to download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


Create a new System Restore point and clear old ones

Please clear old restore points in order to avoid reintroducing malware from a restore point in the future.

Create a new restore point
  • Navigate to Start > All Programs > Accessories > System Tools and click System Restore
  • On the right side of the welcome window, select (tick) Create a restore point, then click Next
  • Under Restore point desciption, name the restore point (I suggest post-malware removal or something similar)
  • Click Create, then click Close

Delete old restore points
  • Click Start, click Run..., type cleanmgr and press Enter
  • Select the drive XP is installed on (usually C: ) and click OK
  • Once the Disk Cleanup dialog opens, click the More Options tab
  • Under System Restore click Clean up...
  • You will be asked if you are sure you want to clean all restore points but the most recent one, click Yes
  • Close the Disk Cleanup dialog to finish.
Note: Do the above once. Restore points should not be routinely deleted.


Your logs appear clean. :)

Implementing the following suggestions will greatly reduce your chances of malware problems in the future.

Update Windows

It is important to keep Windows and Microsoft programs updated to close vulnerabilities as they are discovered.

I suggest that you occasionally visit Microsoft Update and install all important updates. Please visit Microsoft Update as soon as possible as described below.

Close all windows and temporarily disable your anti-virus (usually through a tray icon)

Use Internet Explorer to visit this site: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-US

Once the page loads follow instructions to install all critical updates. You may need to repeat this process until fully updated.


Keep installed programs up to date

Anti-virus
Most important is keeping your anti-virus software up to date. An out of date anti-virus is not much better than no anti-virus. If your anti-virus is not set to update automatically (preferred), it is imperative that you occasionally update it manually. You usually can accomplish this through a tray icon.

Update Other Vulnerable Software
Malware writers are increasingly targeting vulnerabilities in commonly used applications. There are several online sites which will scan your computer for outdated software. I've listed two below. I recommend occasionally visiting and scanning your computer to detect vulnerable software that should be updated.
Secunia Online Software Inspector
F-Secure Health Check

Mozilla Firefox Plug-in Check
If using Firefox, Click here to visit Mozilla, check your plug-ins and update them as necessary.


Best Practices for Email and Downloaded Files.

  • Do not read emails from unknown sources.
  • Make it a habit to never open email attachments from anyone, including people you know, unless you absolutely have to. If you need to open an attachment, scan it with your anti-virus before you open it.
  • Do not use Peer to Peer software to "share" media and software. You will get more than you expected and the "bonus" will not be something you want and will bring you back seeking help.
  • Do not use keygens or hacked software. First, it is stealing. Second, it is almost always infected with something. If you cannot afford to buy something, there is likely a free alternative that will be a good substitute. Search around and seek out advice from a trusted forum. Most will be glad to tell you of their favorite free program that performs the job you want done.


Additional Protection Programs

The programs listed below are excellent for improving your computer's security.

WinPatrol by Bill Pytlovany - "WinPatrol is a multi-purpose utility designed to increase performance and protect against unwanted changes." Information on it's many features can be found here

MVPS Hosts file - A replacement HOSTS file that redirects known malicious and ad serving sites to the localhost, thus preventing connection to them.
Note: MVPS Hosts file can sometimes slow down the computer so read the information on the site to mitigate this effect.

I encourage you to check out Tony Klein's article "How did I get infected in the first place?"
and miekiemoes' article "How to prevent Malware:"


Firewall

It appears that you are not running a third party firewall. A firewall helps to prevent malware "phoning" home with your personal information or to get further instructions. Windows firewall does not provide this security.

A good introduction to Firewalls can be found at BleepingComputer: Understanding and Using Firewalls

One of the recommended free firewalls listed below would be a good choice:

The important thing to keep in mind is that you want only ONE anti-virus running and ONE firewall running at a time.

If you have any questions about these suggestions, I would be happy to answer them.

Regards,
shinybeast

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Google Redirect Virus

Unread postby snickerzmom » February 26th, 2010, 1:06 pm

Thank you for getting back to me again - I am working through your suggested steps and have hit a snag. We have broken something related to my HP printer - not a significant issue, but I am working through it and will report back in another day or two.l

Thank you again for your assistance. Please keep this open until my next reply.
snickerzmom
Active Member
 
Posts: 11
Joined: February 8th, 2010, 6:26 pm

Re: Google Redirect Virus

Unread postby shinybeast » March 1st, 2010, 11:15 am

Hi snickerzmom,

I am unsure of what we did that could have "broken something related to your HP printer." Were you able to fix it?

Do you still require help?

Please let me know how things are going otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Google Redirect Virus

Unread postby snickerzmom » March 2nd, 2010, 9:31 am

I doubt it was any of the direct instructions that caused the issue. It might have been when I installed winpatrol - it asked me about some items in start up and I may have denied something that I shouldn't have - also - for some reason, the printer was looking for a file in the temp folders that we had cleaned out. So I just did a reinstall of the printer software, and all is well.

Thank you again for all your time and effort on this. I appreciate the assistance!

Colleen
snickerzmom
Active Member
 
Posts: 11
Joined: February 8th, 2010, 6:26 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware