Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search Engine Browser Hijack/Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Search Engine Browser Hijack/Redirect

Unread postby MissLee » June 19th, 2010, 9:07 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:33 PM, on 6/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\IDrive\IDriveE Service.exe
C:\Program Files\IDrive\IDriveWebM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IDrive\IDriveETray.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IDrive\IDriveEBackground.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgtray.exe
F:\Program Files\SpywareGuard\sgmain.exe
F:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\IDrive\IDriveEClsClient.exe
C:\Program Files\IDrive\IDriveVSS_xp.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\Program Files\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centurylink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDrive\IDrvieEStartup.exe" Hide
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: BHODemon 2.0.lnk = F:\Program Files\BHO\BHODemon.exe
O4 - Startup: IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe
O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDrive\IDriveE Service.exe
O23 - Service: IDrive WebManager (IDriveWebM) - Pro-Softnet - C:\Program Files\IDrive\IDriveWebM.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 9010 bytes

----------------------

Uninstall

7-Zip 4.42
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Adobe Setup
Adobe Shockwave Player 11.5
AI RoboForm (All Users)
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
BHODemon 2.0.0.23
Bonjour
CoffeeCup Ad Producer
CoffeeCup Flash Form Builder - Registered
CoffeeCup Flash Password Wizard
CoffeeCup Flash Photo Gallery - Registered
CoffeeCup Visual Site Designer Software
CoffeeCup Web Form Builder - Registered
CoffeeCup Website Font
Conexant D850 56K V.9x DFVc Modem
CorelDRAW Graphics Suite 12
CorelDRAW Graphics Suite X3
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Data Access Objects (DAO) 3.5
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support 3.1
Digital Content Portal
DivX Web Player
Documentation & Support Launcher
DRAWings® Embroidery Effect
EducateU
ELIcon
EN
EPSON NX410 Series Printer Uninstall
EPSON Scan
Flash Slideshow Maker Pro 4.90
FontNav
GameHouse
Games, Music, & Photos Launcher
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Driver Diagnostics
IDrive version 3.3.3 May 27, 2010
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
iTunes
J2SE Runtime Environment 5.0 Update 12
Java(TM) 6 Update 20
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
MCU
Media Audio Capture
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
MobileMe Control Panel
Modem Helper
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NetWaiting
PC Inspector smart recovery
QuickTime
RealPlayer
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978262)
Sonic Activation Module
Sonic Update Manager
Sound Blaster Audigy
SpywareBlaster 4.3
SpywareGuard v2.2
Time Zone Data Update Tool for Microsoft Office Outlook
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981433)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB917425)
Update for Windows XP (KB920872)
Update for Windows XP (KB922120)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Manager
VBA
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Web Album Generator 1.8.2
WildTangent Web Driver
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Word Slinger


Issue/History:
Recently uninstalled AdAware and installed SpywareGuard & SpywareBlaster
Ran full scan with Malwarebytes AntiMal & scan found no issues.
Using latest version of FF & also IE (rarely used). Redirect/hijack occurs on every SE... Google, Yahoo, Bing, etc...
Prior redirects were going to DealParty.com but after recent clean & sweep of my system, all was well. For about half a day.
Now everything goes to seek2click.info.
Using FF plug-in RedirectRemover but not working 100%.

Please advise & thank you.
MissLee
Active Member
 
Posts: 12
Joined: June 19th, 2010, 8:48 pm
Advertisement
Register to Remove

Re: Search Engine Browser Hijack/Redirect

Unread postby Cypher » June 22nd, 2010, 11:14 am

Hi MissLee and welcome to Malware Removal Forums, Sorry for the delay in answering your request for help.
We have had more logs than we could handle in a timely manner.
My name is Cypher, and I will be helping you with your malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Back up your files

please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.

  • If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Platform: Windows XP SP2

Support for Windows XP with Service Pack 2 (SP2) ended on July 13, 2010. To continue support, make sure you've installed Windows XP Service Pack 3 (SP3) when you're PC is clean.


Msconfig Normal Startup

  • Click on Start > run.
  • Type msconfig >Then hit on enter.
  • A window will popup.
  • Click on General tab > Normal Startup > OK > Restart.


Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)


Next.

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.



Logs/Information to Post in your Next Reply

  • RSIT log.txt and info.txt contents.
  • Gmer.txt log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search Engine Browser Hijack/Redirect

Unread postby MissLee » June 22nd, 2010, 6:53 pm

Thank you for replying; I appreciate your time. I think I may have resolved the issue already but I may just have buried it; not sure. Please advise at your leisure; if there are others with more urgent issues please let them jump to the front. My system seems to be running ok for now and I am not getting the redirects anymore.


Logfile of random's system information tool 1.07 (written by random/random)
Run by MDF at 2010-06-22 18:50:20
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 8 GB (14%) free of 54 GB
Total RAM: 1022 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:50:34 PM, on 6/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\IDrive\IDriveE Service.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IDrive\IDriveWebM.exe
F:\Program Files\Acrobat\Acrobat_sl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
F:\Program Files\Acrobat\Acrotray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
F:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\IDrive\IDriveETray.exe
C:\Program Files\IDrive\IDriveEBackground.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IDrive\IDriveEClsClient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\MDF\Desktop\RSIT.exe
F:\Program Files\firefox.exe
C:\Program Files\trend micro\MDF.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centurylink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "F:\Program Files\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Program Files\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDrive\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: BHODemon 2.0.lnk = F:\Program Files\BHO\BHODemon.exe
O4 - Startup: IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe
O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\system32\brsvc01a.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDrive\IDriveE Service.exe
O23 - Service: IDrive WebManager (IDriveWebM) - Pro-Softnet - C:\Program Files\IDrive\IDriveWebM.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11325 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5CB672FB-2798-4FFB-83AA-4732322E6FA8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - F:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - F:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2010-01-09 6013768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-13 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2010-01-09 6013768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2003-05-15 114688]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2005-03-23 217088]
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-02-15 57344]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-03-16 47392]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe [2007-05-02 75520]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-03-26 142120]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"Adobe Acrobat Speed Launcher"=F:\Program Files\Acrobat\Acrobat_sl.exe [2009-02-27 38768]
"Acrobat Assistant 8.0"=F:\Program Files\Acrobat\Acrotray.exe [2009-02-27 640376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2010-01-09 160592]
"IDriveE Startup"=C:\Program Files\IDrive\IDrvieEStartup.exe [2010-04-22 177608]
"SpybotSD TeaTimer"=F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-15 68856]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^XSites Desktop.lnk]
F:\PROGRA~1\AL07F5~1.EXE [2009-08-07 374088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MDF^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~4\OFFICE12\ONENOTEM.EXE /tsr []

C:\Documents and Settings\MDF\Start Menu\Programs\Startup
BHODemon 2.0.lnk - F:\Program Files\BHO\BHODemon.exe
IDrive Tray.lnk - C:\Program Files\IDrive\IDriveEReg2ini.exe
SpywareGuard.lnk - F:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-03-30 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=F:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McciCMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE"="C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE:*:Enabled:Microsoft Office FrontPage"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Corel\Corel Graphics 12\Programs\CorelDRW.exe"="C:\Program Files\Corel\Corel Graphics 12\Programs\CorelDRW.exe:*:Enabled:CorelDRAW(R)"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
"C:\Program Files\Microsoft Office\OFFICE12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\OFFICE12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-06-22 18:50:20 ----D---- C:\rsit
2010-06-20 23:10:11 ----SHD---- C:\RECYCLER
2010-06-20 23:04:00 ----A---- C:\ComboFix.txt
2010-06-20 22:38:26 ----A---- C:\WINDOWS\zip.exe
2010-06-20 22:38:26 ----A---- C:\WINDOWS\SWSC.exe
2010-06-20 22:38:26 ----A---- C:\WINDOWS\SWREG.exe
2010-06-20 22:38:26 ----A---- C:\WINDOWS\sed.exe
2010-06-20 22:38:26 ----A---- C:\WINDOWS\PEV.exe
2010-06-20 22:38:26 ----A---- C:\WINDOWS\NIRCMD.exe
2010-06-20 22:38:26 ----A---- C:\WINDOWS\MBR.exe
2010-06-20 22:38:26 ----A---- C:\WINDOWS\grep.exe
2010-06-20 22:38:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-06-20 22:38:17 ----D---- C:\ComboFix
2010-06-20 13:16:45 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-14 19:28:39 ----D---- C:\Documents and Settings\MDF\Application Data\Facebook
2010-05-30 12:29:47 ----A---- C:\WINDOWS\system32\idrivee.txt
2010-05-30 12:29:27 ----A---- C:\WINDOWS\system32\IDrLocale.dll
2010-05-30 12:29:22 ----A---- C:\WINDOWS\system32\RegisterIDriveEDll.bat
2010-05-30 12:29:22 ----A---- C:\WINDOWS\system32\IDriveEXceedCryReg.exe
2010-05-30 12:29:22 ----A---- C:\WINDOWS\system32\IDriveEService.dll
2010-05-30 12:29:21 ----A---- C:\WINDOWS\system32\zlib1.dll
2010-05-30 12:29:21 ----A---- C:\WINDOWS\system32\LogMail.dll
2010-05-30 12:29:20 ----D---- C:\Program Files\IDrive

======List of files/folders modified in the last 1 months======

2010-06-22 18:50:34 ----D---- C:\Program Files\Trend Micro
2010-06-22 18:48:43 ----D---- C:\WINDOWS\Prefetch
2010-06-22 18:47:10 ----D---- C:\WINDOWS\temp
2010-06-22 18:44:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-22 18:43:08 ----RASH---- C:\boot.ini
2010-06-22 18:43:08 ----A---- C:\WINDOWS\win.ini
2010-06-22 18:43:08 ----A---- C:\WINDOWS\system.ini
2010-06-20 23:10:28 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-20 23:03:40 ----D---- C:\Qoobox
2010-06-20 23:02:14 ----SD---- C:\WINDOWS\Tasks
2010-06-20 22:54:29 ----D---- C:\WINDOWS
2010-06-20 22:50:38 ----D---- C:\WINDOWS\system32\drivers
2010-06-20 22:50:38 ----D---- C:\WINDOWS\system32
2010-06-20 22:50:38 ----D---- C:\WINDOWS\AppPatch
2010-06-20 22:50:35 ----D---- C:\Program Files\Common Files
2010-06-20 14:22:01 ----A---- C:\WINDOWS\wininit.ini
2010-06-20 13:05:30 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-06-20 11:25:34 ----D---- C:\WINDOWS\pss
2010-06-19 17:40:57 ----D---- C:\Documents and Settings\MDF\Application Data\uTorrent
2010-06-19 02:45:14 ----D---- C:\WINDOWS\system32\NtmsData
2010-06-19 02:43:55 ----D---- C:\WINDOWS\Registration
2010-06-18 12:32:13 ----D---- C:\Config.Msi
2010-06-18 12:30:21 ----SHD---- C:\WINDOWS\Installer
2010-06-18 12:29:11 ----RSD---- C:\WINDOWS\assembly
2010-06-18 12:28:48 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-06-18 12:26:59 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-06-18 12:23:24 ----D---- C:\Program Files\Lavasoft
2010-06-18 12:23:22 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-06-18 12:23:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-18 11:56:40 ----D---- C:\Program Files
2010-06-18 11:56:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-06-18 11:53:31 ----D---- C:\Program Files\CoffeeCup Software
2010-06-18 11:48:25 ----D---- C:\Downloads
2010-06-18 11:37:56 ----D---- C:\WINDOWS\addins
2010-06-18 10:05:46 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-06-13 20:03:23 ----D---- C:\Program Files\uTorrent
2010-06-09 13:17:52 ----D---- C:\Program Files\Common Files\Adobe
2010-06-09 12:58:08 ----D---- C:\Program Files\Adobe
2010-06-09 12:52:41 ----D---- C:\Documents and Settings\MDF\Application Data\Adobe
2010-06-06 19:59:34 ----HD---- C:\WINDOWS\inf
2010-05-28 19:57:12 ----D---- C:\WINDOWS\repair

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-17 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-03 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-03 242896]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-09 138752]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-09 106496]
R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-06 1389056]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\MDF\LOCALS~1\Temp\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-03-15 20352]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbdpfp;Fingerprint Reader Class Driver; C:\WINDOWS\system32\DRIVERS\usbdpfp.sys [2006-09-16 47360]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-17 308064]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]
R2 IDriveE Service;IDriveE Service; C:\Program Files\IDrive\IDriveE Service.exe [2010-05-27 148936]
R2 IDriveWebM;IDrive WebManager; C:\Program Files\IDrive\IDriveWebM.exe [2010-04-22 267720]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-13 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-12-16 319488]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576]
S2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-06 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
MissLee
Active Member
 
Posts: 12
Joined: June 19th, 2010, 8:48 pm

Re: Search Engine Browser Hijack/Redirect

Unread postby MissLee » June 22nd, 2010, 6:54 pm

info.txt logfile of random's system information tool 1.06 2010-06-22 18:50:38

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy\Program\Setup.exe" /S /U /W
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{B5C3B892-0849-476C-9F46-B12F84819D57}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /X{76BC2442-0002-47FA-9617-43BAD82BEF4C}
CoffeeCup Ad Producer-->C:\PROGRA~1\COFFEE~1\COFFEE~2\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~2\INSTALL.LOG
CoffeeCup Flash Form Builder - Registered-->C:\PROGRA~1\COFFEE~1\COFFEE~3\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~3\INSTALL.LOG
CoffeeCup Flash Password Wizard-->C:\PROGRA~1\COFFEE~1\COE402~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COE402~1\INSTALL.LOG
CoffeeCup Flash Photo Gallery - Registered-->C:\PROGRA~1\COFFEE~1\COFFEE~4\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~4\INSTALL.LOG
CoffeeCup Visual Site Designer Software-->C:\Program Files\CoffeeCup Software\CoffeeCup Visual Site Designer\uninstall.exe
CoffeeCup Web Form Builder - Registered-->C:\PROGRA~1\COFFEE~1\CO4208~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO4208~1\INSTALL.LOG
CoffeeCup Website Font-->C:\Program Files\CoffeeCup Software\CoffeeCup Website Font\uninstall.exe
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
CorelDRAW Graphics Suite 12-->MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
CorelDRAW Graphics Suite X3-->MsiExec.exe /I{63218538-4A69-497F-8455-904261B0E9E4}
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Data Access Objects (DAO) 3.5-->C:\Program Files\Common Files\Microsoft Shared\DAO\Remove.EXE C:\WINDOWS\UNINST.EXE -fC:\PROGRA~1\COMMON~1\MICROS~1\DAO\DeIsL1.isu
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 3.1-->MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
DRAWings® Embroidery Effect-->MsiExec.exe /X{A8BD6A41-6283-4002-8B86-78263793E8B7}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
EN-->MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
EPSON NX410 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSFCA.EXE /R /APD /P:"EPSON NX410 Series"
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Flash Slideshow Maker Pro 4.90-->C:\Program Files\Flash Slideshow Maker Professional\uninst.exe
FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
GameHouse-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\GameHouse.rguninst" "AddRemove"
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\WINDOWS\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)-->C:\WINDOWS\SQLTools9_KB970892_ENU\Hotfix.exe /Uninstall
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Driver Diagnostics-->MsiExec.exe /X{4CCC7F68-A437-4559-A840-F5E010934951}
IDrive version 3.3.3 May 27, 2010-->"C:\Program Files\IDrive\unins000.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
iTunes-->MsiExec.exe /I{996A2FAA-7514-4628-9D12-A8FC34A0016E}
J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Media Audio Capture-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Media Audio Capture\ST6UNST.LOG"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
MobileMe Control Panel-->MsiExec.exe /I{51F96AEC-D902-4434-A0DC-B9692A21AE7C}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.6.3)-->F:\Program Files\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
PC Inspector smart recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x9
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB980470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {34573F17-DADE-4D0D-835F-A54A1DE8AC1F}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sound Blaster Audigy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove
Spybot - Search & Destroy-->"F:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.3-->"F:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"F:\Program Files\SpywareGuard\unins000.exe"
Time Zone Data Update Tool for Microsoft Office Outlook-->MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Outlook 2007 Junk Email Filter (kb981433)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A6859A6-042D-4DF7-84E2-79F8DEFB5D48}
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB917425)-->"C:\WINDOWS\$NtUninstallKB917425$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922120)-->"C:\WINDOWS\$NtUninstallKB922120$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA-->MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Web Album Generator 1.8.2-->"C:\Program Files\Web Album Generator\unins000.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Word Slinger-->C:\PROGRA~1\GAMEHO~1\WORDSL~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\WORDSL~1\INSTALL.LOG

======Security center information======

AV: AVG Anti-Virus Free
AV: (disabled)
FW: (disabled)

======System event log======

Computer Name: MDF
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Record Number: 10536
Source Name: Service Control Manager
Time Written: 20100413132946.000000-240
Event Type: error
User:

Computer Name: MDF
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 10535
Source Name: Tcpip
Time Written: 20100410135741.000000-240
Event Type: warning
User:

Computer Name: MDF
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 10528
Source Name: W32Time
Time Written: 20100409171637.000000-240
Event Type: warning
User:

Computer Name: MDF
Event Code: 7000
Message: The Upload Manager service failed to start due to the following error:
The account specified for this service is different from the account specified for other services running in the same process.


Record Number: 10503
Source Name: Service Control Manager
Time Written: 20100409033727.000000-240
Event Type: error
User:

Computer Name: MDF
Event Code: 7000
Message: The BrSplService service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 10502
Source Name: Service Control Manager
Time Written: 20100409033727.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: MDF
Event Code: 100
Message: 400: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Record Number: 3759
Source Name: Bonjour Service
Time Written: 20100512203403.000000-240
Event Type: error
User:

Computer Name: MDF
Event Code: 100
Message: 232: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Record Number: 3758
Source Name: Bonjour Service
Time Written: 20100512203403.000000-240
Event Type: error
User:

Computer Name: MDF
Event Code: 100
Message: 240: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Record Number: 3757
Source Name: Bonjour Service
Time Written: 20100512203402.000000-240
Event Type: error
User:

Computer Name: MDF
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Record Number: 3717
Source Name: SQLBrowser
Time Written: 20100510120435.000000-240
Event Type: warning
User:

Computer Name: MDF
Event Code: 100
Message: 216: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Record Number: 3686
Source Name: Bonjour Service
Time Written: 20100510104244.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_12\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_12\lib\ext\QTJava.zip

-----------------EOF-----------------
MissLee
Active Member
 
Posts: 12
Joined: June 19th, 2010, 8:48 pm

Re: Search Engine Browser Hijack/Redirect

Unread postby MissLee » June 22nd, 2010, 8:11 pm

Tried running GMER twice, system hard froze both times.
Don't think I want to try it again. Is it crucial?
MissLee
Active Member
 
Posts: 12
Joined: June 19th, 2010, 8:48 pm

Re: Search Engine Browser Hijack/Redirect

Unread postby Cypher » June 23rd, 2010, 7:05 am

Hi MissLee.
Thank you for replying; I appreciate your time. I think I may have resolved the issue already but I may just have buried it

You're welcome.
Lets check you're PC out to make sure it's clean, don't worry about gmer for now.
I see ComboFix has been run on you're system did you use it yourself or did you receive help at another forum?
Please post the ComboFix log it can be found at C:\ComboFix.txt


Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following.
Adobe Reader 7.1.0
J2SE Runtime Environment 5.0 Update 12
Spybot - Search & Destroy

Spybot - Search & Destroy

Note: "If asked whether you want to remove all settings, answer YES"
(This will remove the immunization and Teatimer settings.)


Next.

Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^XSites Desktop.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MDF^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\uTorrent\uTorrent.exe"=-
    
    :Files
    C:\Program Files\uTorrent
    C:\Documents and Settings\MDF\Application Data\uTorrent
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)



Logs/Information to Post in your Next Reply

  • Did you run ComboFix yourself?
  • ComboFix log.
  • OTM log.
  • RSIT log.txt log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search Engine Browser Hijack/Redirect

Unread postby MissLee » June 23rd, 2010, 10:08 am

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^XSites Desktop.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MDF^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
========== FILES ==========
C:\Program Files\uTorrent folder moved successfully.
C:\Documents and Settings\MDF\Application Data\uTorrent folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128210 bytes

User: MDF
->Temp folder emptied: 1289371 bytes
->Temporary Internet Files folder emptied: 275214534 bytes
->Java cache emptied: 201688066 bytes
->FireFox cache emptied: 59583312 bytes
->Flash cache emptied: 2095361 bytes

User: NetworkService
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 65670 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 136983 bytes
%systemroot%\System32 .tmp files removed: 2891281 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33023 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 518.00 mb


OTM by OldTimer - Version 3.1.12.2 log created on 06232010_095224

Files moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_b8.dat moved successfully.

Registry entries deleted on Reboot...
MissLee
Active Member
 
Posts: 12
Joined: June 19th, 2010, 8:48 pm

Re: Search Engine Browser Hijack/Redirect

Unread postby MissLee » June 23rd, 2010, 10:12 am

Logfile of random's system information tool 1.07 (written by random/random)
Run by MDF at 2010-06-23 10:10:11
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 8 GB (15%) free of 54 GB
Total RAM: 1022 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:10:51 AM, on 6/23/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\IDrive\IDriveE Service.exe
C:\Program Files\IDrive\IDriveWebM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
F:\Program Files\Acrobat\Acrotray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
F:\Program Files\SpywareGuard\sgmain.exe
F:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wscntfy.exe
F:\Program Files\firefox.exe
C:\Program Files\IDrive\IDriveETray.exe
C:\Program Files\IDrive\IDriveEBackground.exe
C:\Program Files\IDrive\IDriveEClsClient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\MDF\Desktop\RSIT.exe
C:\Program Files\trend micro\MDF.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centurylink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "F:\Program Files\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Program Files\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDrive\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: BHODemon 2.0.lnk = F:\Program Files\BHO\BHODemon.exe
O4 - Startup: IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe
O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\system32\brsvc01a.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDrive\IDriveE Service.exe
O23 - Service: IDrive WebManager (IDriveWebM) - Pro-Softnet - C:\Program Files\IDrive\IDriveWebM.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10731 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5CB672FB-2798-4FFB-83AA-4732322E6FA8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - F:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2010-01-09 6013768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-13 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2010-01-09 6013768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2003-05-15 114688]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2005-03-23 217088]
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-02-15 57344]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-03-16 47392]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-03-26 142120]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"Adobe Acrobat Speed Launcher"=F:\Program Files\Acrobat\Acrobat_sl.exe [2009-02-27 38768]
"Acrobat Assistant 8.0"=F:\Program Files\Acrobat\Acrotray.exe [2009-02-27 640376]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2010-01-09 160592]
"IDriveE Startup"=C:\Program Files\IDrive\IDrvieEStartup.exe [2010-04-22 177608]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 -reboot 1 []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-15 68856]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]

C:\Documents and Settings\MDF\Start Menu\Programs\Startup
BHODemon 2.0.lnk - F:\Program Files\BHO\BHODemon.exe
IDrive Tray.lnk - C:\Program Files\IDrive\IDriveEReg2ini.exe
SpywareGuard.lnk - F:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-03-30 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=F:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McciCMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE"="C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE:*:Enabled:Microsoft Office FrontPage"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Corel\Corel Graphics 12\Programs\CorelDRW.exe"="C:\Program Files\Corel\Corel Graphics 12\Programs\CorelDRW.exe:*:Enabled:CorelDRAW(R)"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
"C:\Program Files\Microsoft Office\OFFICE12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\OFFICE12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-06-23 09:52:24 ----D---- C:\_OTM
2010-06-23 09:49:56 ----D---- C:\Program Files\ERUNT
2010-06-22 18:50:20 ----D---- C:\rsit
2010-06-20 23:10:11 ----SHD---- C:\RECYCLER
2010-06-20 23:04:00 ----A---- C:\ComboFix.txt
2010-06-20 22:38:26 ----A---- C:\WINDOWS\zip.exe
2010-06-20 22:38:26 ----A---- C:\WINDOWS\SWSC.exe
2010-06-20 22:38:26 ----A---- C:\WINDOWS\SWREG.exe
2010-06-20 22:38:26 ----A---- C:\WINDOWS\sed.exe
2010-06-20 22:38:26 ----A---- C:\WINDOWS\PEV.exe
2010-06-20 22:38:26 ----A---- C:\WINDOWS\NIRCMD.exe
2010-06-20 22:38:26 ----A---- C:\WINDOWS\MBR.exe
2010-06-20 22:38:26 ----A---- C:\WINDOWS\grep.exe
2010-06-20 22:38:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-06-20 22:38:17 ----D---- C:\ComboFix
2010-06-20 13:16:45 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-14 19:28:39 ----D---- C:\Documents and Settings\MDF\Application Data\Facebook
2010-05-30 12:29:47 ----A---- C:\WINDOWS\system32\idrivee.txt
2010-05-30 12:29:27 ----A---- C:\WINDOWS\system32\IDrLocale.dll
2010-05-30 12:29:22 ----A---- C:\WINDOWS\system32\RegisterIDriveEDll.bat
2010-05-30 12:29:22 ----A---- C:\WINDOWS\system32\IDriveEXceedCryReg.exe
2010-05-30 12:29:22 ----A---- C:\WINDOWS\system32\IDriveEService.dll
2010-05-30 12:29:21 ----A---- C:\WINDOWS\system32\zlib1.dll
2010-05-30 12:29:21 ----A---- C:\WINDOWS\system32\LogMail.dll
2010-05-30 12:29:20 ----D---- C:\Program Files\IDrive

======List of files/folders modified in the last 1 months======

2010-06-23 10:10:31 ----D---- C:\Program Files\Trend Micro
2010-06-23 10:03:39 ----D---- C:\WINDOWS\temp
2010-06-23 10:01:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-23 10:00:28 ----D---- C:\WINDOWS\system32
2010-06-23 10:00:28 ----D---- C:\WINDOWS
2010-06-23 09:52:55 ----D---- C:\Program Files
2010-06-23 09:50:33 ----D---- C:\WINDOWS\ERDNT
2010-06-23 09:46:17 ----SHD---- C:\WINDOWS\Installer
2010-06-23 09:46:17 ----D---- C:\Config.Msi
2010-06-23 09:46:09 ----D---- C:\Program Files\Common Files\Java
2010-06-22 20:25:13 ----D---- C:\WINDOWS\Prefetch
2010-06-22 18:43:08 ----RASH---- C:\boot.ini
2010-06-22 18:43:08 ----A---- C:\WINDOWS\win.ini
2010-06-22 18:43:08 ----A---- C:\WINDOWS\system.ini
2010-06-20 23:10:28 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-20 23:03:40 ----D---- C:\Qoobox
2010-06-20 23:02:14 ----SD---- C:\WINDOWS\Tasks
2010-06-20 22:50:38 ----D---- C:\WINDOWS\system32\drivers
2010-06-20 22:50:38 ----D---- C:\WINDOWS\AppPatch
2010-06-20 22:50:35 ----D---- C:\Program Files\Common Files
2010-06-20 14:22:01 ----A---- C:\WINDOWS\wininit.ini
2010-06-20 13:05:30 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-06-20 11:25:34 ----D---- C:\WINDOWS\pss
2010-06-19 02:45:14 ----D---- C:\WINDOWS\system32\NtmsData
2010-06-19 02:43:55 ----D---- C:\WINDOWS\Registration
2010-06-18 12:29:11 ----RSD---- C:\WINDOWS\assembly
2010-06-18 12:28:48 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-06-18 12:26:59 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-06-18 12:23:24 ----D---- C:\Program Files\Lavasoft
2010-06-18 12:23:22 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-06-18 12:23:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-18 11:56:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-06-18 11:53:31 ----D---- C:\Program Files\CoffeeCup Software
2010-06-18 11:48:25 ----D---- C:\Downloads
2010-06-18 11:37:56 ----D---- C:\WINDOWS\addins
2010-06-18 10:05:46 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-06-09 13:17:52 ----D---- C:\Program Files\Common Files\Adobe
2010-06-09 12:58:08 ----D---- C:\Program Files\Adobe
2010-06-09 12:52:41 ----D---- C:\Documents and Settings\MDF\Application Data\Adobe
2010-06-06 19:59:34 ----HD---- C:\WINDOWS\inf
2010-05-28 19:57:12 ----D---- C:\WINDOWS\repair

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-17 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-03 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-03 242896]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-09 138752]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-09 106496]
R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-06 1389056]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\MDF\LOCALS~1\Temp\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-03-15 20352]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbdpfp;Fingerprint Reader Class Driver; C:\WINDOWS\system32\DRIVERS\usbdpfp.sys [2006-09-16 47360]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-17 308064]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]
R2 IDriveE Service;IDriveE Service; C:\Program Files\IDrive\IDriveE Service.exe [2010-05-27 148936]
R2 IDriveWebM;IDrive WebManager; C:\Program Files\IDrive\IDriveWebM.exe [2010-04-22 267720]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-13 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-12-16 319488]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576]
S2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-06 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
MissLee
Active Member
 
Posts: 12
Joined: June 19th, 2010, 8:48 pm

Re: Search Engine Browser Hijack/Redirect

Unread postby MissLee » June 23rd, 2010, 10:14 am

ComboFix 10-06-20.03 - MDF 06/20/2010 22:41:53.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.543 [GMT -4:00]
Running from: c:\documents and settings\MDF\Desktop\ComboFix.exe
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 )))))))))))))))))))))))))))))))
.

2010-06-20 17:16 . 2010-06-20 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-14 23:28 . 2010-06-14 23:28 -------- d-----w- c:\documents and settings\MDF\Application Data\Facebook
2010-05-30 16:29 . 2010-01-28 20:51 229376 ----a-w- c:\windows\system32\IDrLocale.dll
2010-05-30 16:29 . 2010-05-27 19:40 1277952 ----a-w- c:\windows\system32\IDriveEService.dll
2010-05-30 16:29 . 2010-02-01 23:36 26032 ----a-w- c:\windows\system32\IDriveEXceedCryReg.exe
2010-05-30 16:29 . 2009-03-10 20:41 95 ----a-w- c:\windows\system32\RegisterIDriveEDll.bat
2010-05-30 16:29 . 2005-05-04 13:02 55808 ----a-w- c:\windows\system32\zlib1.dll
2010-05-30 16:29 . 2004-11-01 16:26 135168 ----a-w- c:\windows\system32\LogMail.dll
2010-05-30 16:29 . 2010-06-21 02:13 -------- d-----w- c:\program files\IDrive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 01:50 . 2009-11-17 23:38 0 ----a-w- c:\documents and settings\MDF\Local Settings\Application Data\prvlcl.dat
2010-06-20 17:05 . 2008-11-08 03:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-19 21:40 . 2009-12-09 16:56 -------- d-----w- c:\documents and settings\MDF\Application Data\uTorrent
2010-06-18 16:28 . 2006-09-01 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-18 16:26 . 2008-01-26 21:52 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-06-18 16:23 . 2006-09-16 20:42 -------- d-----w- c:\program files\Lavasoft
2010-06-18 16:23 . 2007-07-05 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-18 15:53 . 2007-10-25 03:09 -------- d-----w- c:\program files\CoffeeCup Software
2010-06-14 00:03 . 2009-12-09 16:56 -------- d-----w- c:\program files\uTorrent
2010-06-09 17:17 . 2006-05-08 19:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-03 12:03 . 2009-11-17 00:35 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 12:03 . 2007-01-03 11:05 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-13 21:39 . 2006-05-03 17:42 -------- d-----w- c:\program files\Common Files\Java
2010-05-13 21:38 . 2010-05-13 21:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-13 21:38 . 2006-05-03 17:42 -------- d-----w- c:\program files\Java
2010-05-13 01:03 . 2010-05-13 01:03 -------- d-----w- c:\documents and settings\MDF\Application Data\AVG9
2010-05-07 04:08 . 2006-05-06 03:17 -------- d-----w- c:\program files\RealDRAW
2010-04-25 23:54 . 2010-04-25 23:54 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-25 23:19 . 2010-01-08 16:05 -------- d-----w- c:\program files\CenturyLink
2010-04-25 16:49 . 2010-01-31 20:44 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2008-10-14 11:53 . 2008-06-24 19:19 5632 --sha-w- c:\program files\Thumbs.db
2006-07-25 21:54 . 2006-07-25 21:54 103872 ----a-w- c:\program files\Default.mfp
1998-10-01 22:00 . 2006-07-25 21:53 29724 ------w- c:\program files\Unib.ttr
2002-08-01 00:55 . 2008-06-24 19:06 324 --sh--w- c:\windows\WSYS049.SYS
2006-10-10 05:52 . 2006-05-05 23:44 200 --sh--r- c:\windows\system32\E888153C87.sys
2006-10-10 05:52 . 2006-05-05 23:44 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-05-07_21.16.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-21 02:18 . 2010-06-21 02:18 16384 c:\windows\temp\Perflib_Perfdata_5ac.dat
- 2007-03-26 13:46 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2007-03-26 13:46 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2004-08-10 17:51 . 2010-05-07 21:35 90098 c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2010-03-16 06:36 90098 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2009-11-27 16:37 28672 c:\windows\system32\msvidc32.dll
- 2006-11-08 02:03 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 17:51 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
- 2004-08-10 17:51 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
- 2009-07-24 11:11 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-07-24 11:11 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2007-05-09 10:26 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-09 10:26 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-05-10 05:25 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:25 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 84992 c:\windows\system32\dllcache\avifil32.dll
- 2006-05-05 21:15 . 2010-01-31 20:16 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-05-05 21:15 . 2010-05-07 21:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-05-05 21:15 . 2010-05-07 21:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-05-05 21:15 . 2010-01-31 20:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-05-07 21:22 . 2010-05-07 21:22 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-05-05 21:15 . 2010-01-31 20:16 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-09-14 16:58 . 2008-09-14 16:58 38240 c:\windows\Installer\{95120000-0038-0409-0000-0000000FF1CE}\TZMoveIcon.exe
+ 2010-05-10 14:54 . 2010-05-10 14:54 38240 c:\windows\Installer\{95120000-0038-0409-0000-0000000FF1CE}\TZMoveIcon.exe
- 2006-05-05 23:34 . 2009-11-28 16:39 27136 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-05-05 23:34 . 2010-05-10 14:49 27136 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-05-05 23:34 . 2009-11-28 16:39 12288 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-05-05 23:34 . 2010-05-10 14:49 12288 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-01-26 22:04 . 2009-11-28 16:40 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-01-26 22:04 . 2010-05-10 14:55 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-01-26 22:04 . 2009-11-28 16:40 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-01-26 22:04 . 2010-05-10 14:55 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-01-26 22:04 . 2009-11-28 16:40 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-01-26 22:04 . 2010-05-10 14:55 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-10-25 12:18 . 2008-10-25 12:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONFILTER.DLL
+ 2008-10-25 12:18 . 2008-10-25 12:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
+ 2010-05-10 14:37 . 2009-08-29 08:08 12800 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-05-10 14:37 . 2009-08-29 08:08 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-05-10 14:37 . 2009-08-29 08:08 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-05-10 14:34 . 2009-10-28 15:07 46080 c:\windows\$NtUninstallKB979306$\tzchange.exe
+ 2010-05-10 14:34 . 2010-01-23 10:40 16896 c:\windows\$NtUninstallKB979306$\spuninst\tzchange.dll
+ 2010-05-10 14:38 . 2004-08-04 10:00 25600 c:\windows\$NtUninstallKB977914$\msvidc32.dll
+ 2010-05-10 14:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981332-IE8\update\spcustom.dll
+ 2010-05-10 14:42 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981332-IE8\spmsg.dll
+ 2010-05-10 14:37 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980182-IE8\update\spcustom.dll
+ 2010-05-10 14:37 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980182-IE8\spmsg.dll
+ 2010-05-10 03:34 . 2010-02-25 06:19 12800 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\xpshims.dll
+ 2010-05-10 03:34 . 2010-02-25 06:19 55296 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\msfeedsbs.dll
+ 2010-05-10 03:34 . 2010-02-25 06:19 25600 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\jsproxy.dll
+ 2010-05-10 14:55 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978262\update\spcustom.dll
+ 2010-05-10 14:55 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978262\spmsg.dll
+ 2010-05-10 14:38 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977914\update\spcustom.dll
+ 2010-05-10 14:38 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977914\spmsg.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 28672 c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 11264 c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 48128 c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 84992 c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 28672 c:\windows\$hf_mig$\KB977914\SP3GDR\msvidc32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\$hf_mig$\KB977914\SP3GDR\msrle32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\$hf_mig$\KB977914\SP3GDR\iyuv_32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 84992 c:\windows\$hf_mig$\KB977914\SP3GDR\avifil32.dll
+ 2009-11-27 16:18 . 2009-11-27 16:18 28672 c:\windows\$hf_mig$\KB977914\SP2QFE\msvidc32.dll
+ 2009-11-27 16:18 . 2009-11-27 16:18 11264 c:\windows\$hf_mig$\KB977914\SP2QFE\msrle32.dll
+ 2009-11-27 16:18 . 2009-11-27 16:18 48128 c:\windows\$hf_mig$\KB977914\SP2QFE\iyuv_32.dll
+ 2009-11-27 16:18 . 2009-11-27 16:18 84992 c:\windows\$hf_mig$\KB977914\SP2QFE\avifil32.dll
+ 2010-05-10 14:48 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll
+ 2010-05-10 14:48 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977816\spmsg.dll
+ 2010-05-10 14:54 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB976662-IE8\update\spcustom.dll
+ 2010-05-10 14:54 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB976662-IE8\spmsg.dll
+ 2010-05-10 14:47 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973904\update\spcustom.dll
+ 2010-05-10 14:47 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973904\spmsg.dll
+ 2010-05-10 14:53 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB955759\update\spcustom.dll
+ 2010-05-10 14:53 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB955759\spmsg.dll
+ 2010-05-10 03:38 . 2009-03-25 05:54 39424 c:\windows\$hf_mig$\KB955759\SP2QFE\acadproc.dll
+ 2001-08-18 03:36 . 2009-11-27 16:37 8704 c:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2006-05-05 23:34 . 2010-05-10 14:49 4096 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-05-05 23:34 . 2009-11-28 16:39 4096 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-05-10 14:38 . 2004-08-04 10:00 8192 c:\windows\$NtUninstallKB977914$\tsbyuv.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 8704 c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\$hf_mig$\KB977914\SP3GDR\tsbyuv.dll
+ 2009-11-27 16:18 . 2009-11-27 16:18 8704 c:\windows\$hf_mig$\KB977914\SP2QFE\tsbyuv.dll
+ 2004-08-10 17:51 . 2010-02-25 06:24 916480 c:\windows\system32\wininet.dll
- 2004-08-10 17:51 . 2009-08-29 08:08 916480 c:\windows\system32\wininet.dll
- 2004-08-10 17:51 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll
+ 2004-08-10 17:51 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
+ 2004-08-10 17:51 . 2010-05-07 21:35 492078 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2010-03-16 06:36 492078 c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
- 2004-08-10 17:51 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
+ 2004-08-10 17:51 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
- 2004-08-10 17:51 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
- 2006-11-08 02:03 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
+ 2006-11-08 02:03 . 2010-02-25 06:24 594432 c:\windows\system32\msfeeds.dll
+ 2010-06-13 13:31 . 2010-06-13 13:31 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
+ 2004-08-10 17:51 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
- 2004-08-10 17:51 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2010-05-13 21:38 . 2010-05-13 21:38 153376 c:\windows\system32\javaws.exe
+ 2010-05-13 21:38 . 2010-05-13 21:38 145184 c:\windows\system32\javaw.exe
+ 2010-05-13 21:38 . 2010-05-13 21:38 145184 c:\windows\system32\java.exe
- 2004-08-10 17:51 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 17:51 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 17:51 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-10 17:51 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-10 17:51 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 17:51 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
- 2006-05-10 05:25 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-05-10 05:25 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 08:33 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
- 2009-03-08 08:33 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
- 2006-10-17 17:04 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 17:04 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-05-10 05:25 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:25 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-05-09 10:26 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-09 10:26 . 2010-02-25 06:24 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-03-08 08:33 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 08:33 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-07-24 11:11 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2006-05-10 05:25 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-05-10 05:25 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-11-07 08:27 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 08:27 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 08:26 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-11-07 08:26 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-05-10 03:38 . 2009-11-21 16:36 470528 c:\windows\system32\dllcache\aclayers.dll
+ 2009-09-09 19:40 . 2009-09-09 19:40 632320 c:\windows\Installer\df3e6c2.msp
+ 2010-05-13 21:39 . 2010-05-13 21:39 180224 c:\windows\Installer\209e845.msi
+ 2010-05-13 21:38 . 2010-05-13 21:38 576000 c:\windows\Installer\209e83e.msi
+ 2006-05-05 23:34 . 2010-05-10 14:49 135168 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-05-05 23:34 . 2009-11-28 16:39 135168 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-05-05 23:34 . 2010-05-10 14:49 282624 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\fpicon.exe
- 2006-05-05 23:34 . 2009-11-28 16:39 282624 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\fpicon.exe
+ 2008-01-26 22:04 . 2010-05-10 14:55 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-01-26 22:04 . 2009-11-28 16:40 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-01-26 22:04 . 2009-11-28 16:40 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-01-26 22:04 . 2010-05-10 14:55 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-01-26 22:04 . 2009-11-28 16:40 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-01-26 22:04 . 2010-05-10 14:55 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-01-26 22:03 . 2010-05-10 14:55 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-01-26 22:03 . 2009-11-28 16:40 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-01-26 22:04 . 2010-05-10 14:55 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-01-26 22:04 . 2009-11-28 16:40 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-01-26 22:03 . 2010-05-10 14:55 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-01-26 22:03 . 2009-11-28 16:40 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-01-26 22:03 . 2010-05-10 14:55 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-01-26 22:03 . 2009-11-28 16:40 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-10-25 11:52 . 2008-10-25 11:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
+ 2008-10-25 11:52 . 2008-10-25 11:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
+ 2010-05-10 14:42 . 2009-03-08 08:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-05-10 14:42 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-05-10 14:42 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-05-10 14:37 . 2009-08-29 08:08 916480 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-05-10 14:37 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-05-10 14:37 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-05-10 14:37 . 2009-08-29 08:08 206848 c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-05-10 14:37 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-05-10 14:37 . 2009-08-29 08:08 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-05-10 14:37 . 2009-08-29 08:08 246272 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-05-10 14:37 . 2009-08-29 08:08 184320 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-05-10 14:37 . 2009-08-29 08:08 387584 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-05-10 14:37 . 2009-08-28 10:35 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2010-05-10 14:54 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-05-10 14:54 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-05-10 14:54 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-05-10 14:34 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979306$\spuninst\updspapi.dll
+ 2010-05-10 14:34 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe
+ 2010-05-10 14:55 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978262$\spuninst\updspapi.dll
+ 2010-05-10 14:55 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978262$\spuninst\spuninst.exe
+ 2010-05-10 14:38 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977914$\spuninst\updspapi.dll
+ 2010-05-10 14:38 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977914$\spuninst\spuninst.exe
+ 2010-05-10 14:48 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll
+ 2010-05-10 14:48 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe
+ 2010-05-10 14:47 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973904$\spuninst\updspapi.dll
+ 2010-05-10 14:47 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973904$\spuninst\spuninst.exe
+ 2010-05-10 14:53 . 2009-05-26 21:10 382840 c:\windows\$NtUninstallKB955759$\spuninst\updspapi.dll
+ 2010-05-10 14:53 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB955759$\spuninst\spuninst.exe
+ 2010-05-10 14:42 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981332-IE8\update\updspapi.dll
+ 2010-05-10 14:42 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981332-IE8\update\update.exe
+ 2010-05-10 14:42 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981332-IE8\spuninst.exe
+ 2010-05-10 03:38 . 2010-03-10 06:18 420352 c:\windows\$hf_mig$\KB981332-IE8\SP3QFE\vbscript.dll
+ 2010-05-10 14:37 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980182-IE8\update\updspapi.dll
+ 2010-05-10 14:37 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980182-IE8\update\update.exe
+ 2010-05-10 14:37 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980182-IE8\spuninst.exe
+ 2010-05-10 03:34 . 2010-02-25 06:19 919040 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
+ 2010-05-10 03:34 . 2010-02-25 06:19 206848 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\occache.dll
+ 2010-05-10 03:34 . 2010-02-25 06:19 611840 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mstime.dll
+ 2010-05-10 03:34 . 2010-02-25 06:19 594432 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\msfeeds.dll
+ 2010-05-10 03:34 . 2010-02-25 06:19 247808 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\ieproxy.dll
+ 2010-05-10 03:34 . 2010-02-25 06:19 184320 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\iepeers.dll
+ 2010-05-10 03:34 . 2010-02-25 06:19 387584 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\iedkcs32.dll
+ 2010-05-10 03:34 . 2010-02-24 09:34 173056 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\ie4uinit.exe
+ 2010-05-10 14:55 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978262\update\updspapi.dll
+ 2010-05-10 14:55 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978262\update\update.exe
+ 2010-05-10 14:55 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978262\spuninst.exe
+ 2010-05-10 14:38 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977914\update\updspapi.dll
+ 2010-05-10 14:38 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977914\update\update.exe
+ 2010-05-10 14:38 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977914\spuninst.exe
+ 2010-05-10 14:48 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977816\update\updspapi.dll
+ 2010-05-10 14:48 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977816\update\update.exe
+ 2010-05-10 14:48 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977816\spuninst.exe
+ 2010-05-10 14:54 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB976662-IE8\update\updspapi.dll
+ 2010-05-10 14:54 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB976662-IE8\update\update.exe
+ 2010-05-10 14:54 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB976662-IE8\spuninst.exe
+ 2010-05-10 03:38 . 2009-12-09 05:51 726528 c:\windows\$hf_mig$\KB976662-IE8\SP3QFE\jscript.dll
+ 2010-05-10 14:47 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973904\update\updspapi.dll
+ 2010-05-10 14:47 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973904\update\update.exe
+ 2010-05-10 14:47 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973904\spuninst.exe
+ 2010-05-10 03:37 . 2009-07-29 14:01 119648 c:\windows\$hf_mig$\KB973904\SP3QFE\msconv97.dll
+ 2010-05-10 14:53 . 2009-05-26 21:10 382840 c:\windows\$hf_mig$\KB955759\update\updspapi.dll
+ 2010-05-10 14:53 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB955759\update\update.exe
+ 2010-05-10 14:53 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB955759\spuninst.exe
+ 2010-05-10 03:38 . 2009-11-21 15:40 471552 c:\windows\$hf_mig$\KB955759\SP3QFE\aclayers.dll
+ 2010-05-10 03:38 . 2009-11-21 15:51 471552 c:\windows\$hf_mig$\KB955759\SP3GDR\aclayers.dll
+ 2010-05-10 03:38 . 2009-11-21 16:24 470528 c:\windows\$hf_mig$\KB955759\SP2QFE\aclayers.dll
+ 2004-08-10 17:51 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
+ 2004-08-10 17:51 . 2010-02-25 06:24 5944832 c:\windows\system32\mshtml.dll
+ 2010-01-27 01:07 . 2010-06-13 13:31 5612496 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2006-10-17 16:57 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
+ 2006-10-17 16:57 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2006-05-10 05:25 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-19 15:06 . 2010-02-25 06:24 5944832 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 10:26 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2007-05-09 10:26 . 2009-08-29 08:08 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-02-21 05:03 . 2010-02-21 05:03 4472832 c:\windows\Installer\df3e6b5.msp
+ 2010-02-04 21:24 . 2010-02-04 21:24 9122304 c:\windows\Installer\df3e696.msp
+ 2009-10-16 11:09 . 2009-10-16 11:09 2518016 c:\windows\Installer\df3e67e.msp
+ 2010-02-21 05:00 . 2010-02-21 05:00 8480768 c:\windows\Installer\df3e666.msp
+ 2010-02-21 05:02 . 2010-02-21 05:02 4195840 c:\windows\Installer\df3e64e.msp
+ 2010-03-12 03:59 . 2010-03-12 03:59 5031424 c:\windows\Installer\df3e636.msp
+ 2008-01-26 22:03 . 2010-05-10 14:55 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-01-26 22:03 . 2009-11-28 16:40 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-01-26 22:03 . 2009-11-28 16:40 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-01-26 22:03 . 2010-05-10 14:55 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-06 08:00 . 2009-03-06 08:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONMAIN.DLL
+ 2008-11-10 14:49 . 2008-11-10 14:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONLIBS.DLL
+ 2008-11-25 02:16 . 2008-11-25 02:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTE.EXE
+ 2009-03-06 08:26 . 2009-03-06 08:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPEDITOR.DLL
+ 2010-05-10 14:37 . 2009-08-29 08:08 1208832 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-05-10 14:37 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-05-10 14:37 . 2009-08-29 08:08 1985536 c:\windows\ie8updates\KB980182-IE8\iertutil.dll
+ 2010-05-10 03:34 . 2010-02-25 06:19 1209856 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\urlmon.dll
+ 2010-05-10 03:34 . 2010-02-25 06:19 5946880 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
+ 2010-05-10 03:34 . 2010-02-25 06:19 1986048 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\iertutil.dll
+ 2006-05-07 07:00 . 2010-04-06 14:52 31971272 c:\windows\system32\MRT.exe
+ 2006-11-08 02:03 . 2010-02-25 15:54 11070976 c:\windows\system32\ieframe.dll
+ 2007-05-09 10:26 . 2010-02-25 15:54 11070976 c:\windows\system32\dllcache\ieframe.dll
+ 2010-03-22 20:03 . 2010-03-22 20:03 11732992 c:\windows\Installer\df3e6d1.msp
+ 2010-05-10 14:37 . 2009-08-29 08:08 11069440 c:\windows\ie8updates\KB980182-IE8\ieframe.dll
+ 2010-05-10 03:34 . 2010-02-25 06:19 11073024 c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-01-09 160592]
"IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2010-04-22 177608]
"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-01-09 160592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]

c:\documents and settings\MDF\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2010-5-30 292296]
SpywareGuard.lnk - f:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
backup=c:\windows\pss\officejet 6100.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^XSites Desktop.lnk]
backup=c:\windows\pss\XSites Desktop.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MDF^Start Menu^Programs^Startup^BHODemon 2.0.lnk]
path=c:\documents and settings\MDF\Start Menu\Programs\Startup\BHODemon 2.0.lnk
backup=c:\windows\pss\BHODemon 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MDF^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-02-27 16:14 640376 ----a-w- f:\program files\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-02-27 20:54 38768 ----a-w- f:\program files\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 23:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-04-06 00:19 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-04-06 00:22 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 20:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 20:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-03 03:38 64512 ----a-r- c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-04-06 00:23 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-05-02 08:15 75520 ----a-w- c:\program files\Java\jre1.5.0_12\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-15 14:36 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=3 (0x3)
"Brother XP spl Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Corel\\Corel Graphics 12\\Programs\\CorelDRW.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/11/2008 8:54 AM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/16/2009 8:35 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/17/2010 9:32 AM 308064]
R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [5/30/2010 12:29 PM 148936]
R2 IDriveWebM;IDrive WebManager;c:\program files\IDrive\IDriveWebM.exe [5/30/2010 12:29 PM 267720]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [9/16/2006 6:23 PM 47360]
.
Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-06-21 c:\windows\Tasks\User_Feed_Synchronization-{5CB672FB-2798-4FFB-83AA-4732322E6FA8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://centurylink.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\MDF\Application Data\Mozilla\Firefox\Profiles\fbo7giq6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\MDF\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\MDF\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\MDF\Application Data\Mozilla\Firefox\Profiles\fbo7giq6.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: f:\program files\plugins\npsnapfish.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {A902BA6D-57EB-43E8-9D6F-6C5CDB151B31} - c:\documents and settings\MDF\Local Settings\Application Data\{A902BA6D-57EB-43E8-9D6F-6C5CDB151B31}

---- FIREFOX POLICIES ----
f:\program files\greprefs\all.js - pref("ui.use_native_colors", true);
f:\program files\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
f:\program files\greprefs\all.js - pref("svg.smil.enabled", false);
f:\program files\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
f:\program files\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
f:\program files\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
f:\program files\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
f:\program files\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
f:\program files\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
f:\program files\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
AddRemove-BHODemon_is1 - f:\program files\BHO\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 22:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-20 23:03:59
ComboFix-quarantined-files.txt 2010-06-21 03:03

Pre-Run: 7,700,598,784 bytes free
Post-Run: 7,735,234,560 bytes free

- - End Of File - - 54AEF5DB39948DD409BB2B6E6CCD3A49
MissLee
Active Member
 
Posts: 12
Joined: June 19th, 2010, 8:48 pm

Re: Search Engine Browser Hijack/Redirect

Unread postby MissLee » June 23rd, 2010, 10:17 am

System is still running well with no major issues.
Yes, I ran ComboFix myself. I had used it in the past, got frustrated and decided to give it a go unsupervised. Bad monkey, I know.

Thanks again for your ongoing assistance.
MissLee
Active Member
 
Posts: 12
Joined: June 19th, 2010, 8:48 pm

Re: Search Engine Browser Hijack/Redirect

Unread postby Cypher » June 23rd, 2010, 12:03 pm

Hi MissLee.
Thanks again for your ongoing assistance.

You're most welcome.
Yes, I ran ComboFix myself.

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper.



Ok lets tidy a few things up then check for any leftovers with one more scan.


Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 20.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
  • Download Adobe Reader 930 from Here

Next.

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

Disable AVG9

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the below scan.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search Engine Browser Hijack/Redirect

Unread postby MissLee » June 23rd, 2010, 8:04 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=39fb80feab6d174195471c862dcaf37b
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-06-23 07:02:18
# local_time=2010-06-23 03:02:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777191 100 0 18818469 18818469 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=3705
# found=0
# cleaned=0
# scan_time=407
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=39fb80feab6d174195471c862dcaf37b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-06-23 10:14:00
# local_time=2010-06-23 06:14:00 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777191 100 0 18819064 18819064 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=214119
# found=1
# cleaned=0
# scan_time=11314
C:\Documents and Settings\All Users\Documents\Reflexive.GameHouse.Patchers\01.Reflexorator\Reflexorator.exe a variant of Win32/HackTool.Patcher.A application 00000000000000000000000000000000 I
MissLee
Active Member
 
Posts: 12
Joined: June 19th, 2010, 8:48 pm

Re: Search Engine Browser Hijack/Redirect

Unread postby MissLee » June 23rd, 2010, 8:05 pm

Computer is still running smoothly. No new issues.
MissLee
Active Member
 
Posts: 12
Joined: June 19th, 2010, 8:48 pm

Re: Search Engine Browser Hijack/Redirect

Unread postby Cypher » June 24th, 2010, 5:56 am

Hi MissLee.
As you can see from the ESET log there is just one thing of concern to deal with.
C:\Documents and Settings\All Users\Documents\Reflexive.GameHouse.Patchers << Delete this folder

When you have done that you're good to go :)
This is my general post for when your logs show no more signs of malware.


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:


Clean up with OTM

  • Double-click OTM.exe to start the program, This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


You can now delete any tools we used if they remain on your Desktop.


Create a new, clean System Restore point

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm


Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.


Now we needed to deal with security vulnerabilities

As i mentioned earlier Support for Windows XP with Service Pack 2 (SP2) ended on July 13, 2010.
It's vital that you install Windows XP Service Pack 3 (SP3) now.
To do so see how to get the latest updates for your computer at the bottom of this post




Here are some free programs I recommend that could help you improve your computer's security.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

Is your pc running slow?
Read What to do if your Computer is running slowly

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search Engine Browser Hijack/Redirect

Unread postby MissLee » June 24th, 2010, 2:09 pm

I deleted the specified file (and a few other similar), ran OTM, deleted the other programs we used, created the new restore point and cleaned the rest of the issues and reset my AV.

I've tried in the past to install SP3 many times and each time I encountered an 'access denied' error and SP3 uninstalls what it had installed to that point in the process. I was hoping after having gone through all this that it would install properly this time but I'm afraid that wasn't the case. Got the same access error & watched as all pending changes were reversed. "Windows XP Service Pack 3 was not installed and may not work properly." (Or something to that effect.)

Any suggestions?

Also, as you know I am currently running SpyWareBlaster and SpyWare Guard. Are these effective or should I ditch them in favor of those you've listed above?

I also have PC Inspector Smart Recovery on my system. Should I hang onto this or remove it?
Last edited by MissLee on June 24th, 2010, 2:28 pm, edited 1 time in total.
MissLee
Active Member
 
Posts: 12
Joined: June 19th, 2010, 8:48 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware