Solved Yahoo Searches Redirected to Unwanted Pages

[Resolved] Yahoo Searches Redirected to Unwanted Pages

In the last few days Yahoo search result sends me to pages that are not the pages I'm seeking. Usually they are pages that appear to be another kind of search engine. Google doesn't seemed to be affected. All my virus scans show nothing. I had McAffe until yesterday. Without warning I could no longer update for viruses nor perform a scan. I uninstalled McAffe and installed Avast today. But it too does not find a problem.

Here are the logs requested. Thank you for any help offered.

Run by Michael at 2008-11-10 16:36:52
Microsoft® Windows Vistaâ„¢ Home Premium
System drive C: has 61 GB (57%) free of 108 GB
Total RAM: 1982 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:10 PM, on 11/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael\Downloads\RSIT.exe
C:\Program Files\trend micro\Michael.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.sitesell.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10284 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{5D3B7B9B-0435-4ED9-B145-40CC3DDF141A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-06 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2006-12-18 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-08-11 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-05 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-08-11 2554944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-14 815104]
"QPService "=C:\Program Files\HP\QuickPlay\QPService.exe [2006-11-24 167936]
"HP Software Update "=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"QlbCtrl "=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-06 159744]
"WAWifiMessage "=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2006-10-18 317152]
"hpWirelessAssistant "=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2006-10-18 472800]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2006-12-18 77824]
"TkBellExe "=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-11-14 185896]
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NvSvc "=C:\Windows\system32\nvsvc.dll [2007-02-28 90191]
"NvCplDaemon "=C:\Windows\system32\NvCpl.dll [2007-02-28 7770112]
"NvMediaCenter "=C:\Windows\system32\NvMcTray.dll [2007-02-28 81920]
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Malwarebytes Anti-Malware (reboot) "=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 1261200]
"avast! "=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher "=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-09 1232896]
"ehTray.exe "=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"Skype "=C:\Program Files\Skype\Phone\Skype.exe [2008-02-06 21898024]
"WMPNSCFG "=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe

C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe "= "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{801e04e5-3be8-11dd-8891-001b242395b2}]
shell\AutoRun\command - F:\WD_Windows_Tools\setup.exe


======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 3 months======

2008-11-10 16:36:53 ----D---- C:\Program Files\trend micro
2008-11-10 16:36:52 ----D---- C:\rsit
2008-11-10 09:04:25 ----A---- C:\Windows\system32\aswBoot.exe
2008-11-10 09:04:20 ----D---- C:\Program Files\Alwil Software
2008-11-09 15:32:12 ----D---- C:\Users\Michael\AppData\Roaming\Mozilla
2008-11-09 15:31:50 ----D---- C:\Program Files\Mozilla Firefox
2008-11-06 22:32:25 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-11-06 22:32:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-06 22:04:12 ----A---- C:\ComboFix.txt
2008-11-06 21:54:20 ----A---- C:\Windows\NIRCMD.exe
2008-11-06 21:54:19 ----A---- C:\Windows\zip.exe
2008-11-06 21:54:19 ----A---- C:\Windows\VFIND.exe
2008-11-06 21:54:19 ----A---- C:\Windows\SWXCACLS.exe
2008-11-06 21:54:19 ----A---- C:\Windows\SWSC.exe
2008-11-06 21:54:19 ----A---- C:\Windows\SWREG.exe
2008-11-06 21:54:19 ----A---- C:\Windows\sed.exe
2008-11-06 21:54:19 ----A---- C:\Windows\grep.exe
2008-11-06 21:54:19 ----A---- C:\Windows\fdsv.exe
2008-11-06 21:54:08 ----D---- C:\Windows\ERDNT
2008-11-06 21:54:08 ----D---- C:\Qoobox
2008-11-06 21:30:19 ----A---- C:\avenger.txt
2008-11-06 21:19:09 ----D---- C:\Users\Michael\AppData\Roaming\Malwarebytes
2008-11-06 21:18:59 ----D---- C:\ProgramData\Malwarebytes
2008-11-06 21:18:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-04 09:18:28 ----D---- C:\PerfLogs
2008-10-31 23:07:50 ----A---- C:\Windows\system32\EncDec.dll
2008-10-31 23:07:48 ----A---- C:\Windows\system32\mcmde.dll
2008-10-31 23:07:47 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-30 05:38:56 ----A---- C:\Windows\system32\win32spl.dll
2008-10-30 05:38:55 ----A---- C:\Windows\system32\printcom.dll
2008-10-28 07:04:30 ----A---- C:\Windows\system32\NPSWF32_FlashUtil.exe
2008-10-28 07:04:30 ----A---- C:\Windows\system32\NPSWF32.dll
2008-10-16 18:28:32 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-16 18:28:32 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-16 18:28:21 ----A---- C:\Windows\system32\mshtml.dll
2008-10-16 18:28:19 ----A---- C:\Windows\system32\ieframe.dll
2008-10-16 18:28:18 ----A---- C:\Windows\system32\urlmon.dll
2008-10-16 18:28:17 ----A---- C:\Windows\system32\wininet.dll
2008-10-16 18:28:17 ----A---- C:\Windows\system32\mshtmled.dll
2008-10-16 18:28:17 ----A---- C:\Windows\system32\iertutil.dll
2008-10-16 18:28:17 ----A---- C:\Windows\system32\dxtmsft.dll
2008-10-16 18:28:16 ----A---- C:\Windows\system32\dxtrans.dll
2008-10-16 18:28:15 ----A---- C:\Windows\system32\mstime.dll
2008-10-16 18:28:15 ----A---- C:\Windows\system32\ieapfltr.dll
2008-10-16 18:28:14 ----A---- C:\Windows\system32\ieui.dll
2008-10-16 18:28:14 ----A---- C:\Windows\system32\ie4uinit.exe
2008-10-16 18:28:14 ----A---- C:\Windows\system32\advpack.dll
2008-10-16 18:28:13 ----A---- C:\Windows\system32\ieUnatt.exe
2008-10-16 18:28:13 ----A---- C:\Windows\system32\iesetup.dll
2008-10-16 18:28:13 ----A---- C:\Windows\system32\iernonce.dll
2008-10-16 18:28:13 ----A---- C:\Windows\system32\icardie.dll
2008-10-16 18:28:12 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-16 18:28:11 ----A---- C:\Windows\system32\pngfilt.dll
2008-10-10 16:33:12 ----D---- C:\Program Files\CD Wave
2008-10-09 17:21:51 ----D---- C:\Program Files\iPod
2008-10-09 17:21:49 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 17:21:49 ----D---- C:\Program Files\iTunes
2008-09-23 18:11:16 ----A---- C:\Windows\system32\wups2.dll
2008-09-23 18:11:16 ----A---- C:\Windows\system32\wucltux.dll
2008-09-23 18:11:16 ----A---- C:\Windows\system32\wuaueng.dll
2008-09-23 18:11:16 ----A---- C:\Windows\system32\wuauclt.exe
2008-09-23 18:10:32 ----A---- C:\Windows\system32\wups.dll
2008-09-23 18:10:32 ----A---- C:\Windows\system32\wudriver.dll
2008-09-23 18:10:32 ----A---- C:\Windows\system32\wuapi.dll
2008-09-23 18:10:02 ----A---- C:\Windows\system32\wuwebv.dll
2008-09-23 18:10:02 ----A---- C:\Windows\system32\wuapp.exe
2008-09-13 12:50:54 ----D---- C:\Program Files\Apple Software Update
2008-09-13 12:49:48 ----A---- C:\Windows\system32\GEARAspi.dll
2008-09-13 12:45:47 ----D---- C:\Program Files\QuickTime
2008-09-09 18:46:55 ----A---- C:\Windows\system32\gameux.dll
2008-09-09 18:46:54 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-09 18:46:51 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-09 18:20:42 ----A---- C:\Windows\system32\wmpeffects.dll
2008-08-29 09:18:58 ----A---- C:\Windows\system32\dns-sd.exe
2008-08-29 08:53:50 ----A---- C:\Windows\system32\dnssd.dll
2008-08-20 06:52:53 ----A---- C:\Windows\system32\tzres.dll
2008-08-19 16:24:42 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-19 16:24:41 ----A---- C:\Windows\system32\winipsec.dll
2008-08-19 16:24:41 ----A---- C:\Windows\system32\polstore.dll
2008-08-19 16:24:41 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-08-19 16:20:02 ----A---- C:\Windows\system32\es.dll
2008-08-19 16:00:47 ----A---- C:\Windows\system32\INETRES.dll
2008-08-19 16:00:47 ----A---- C:\Windows\system32\inetcomm.dll

======List of files/folders modified in the last 3 months======

2008-11-10 16:37:02 ----D---- C:\Windows\Temp
2008-11-10 16:36:53 ----RD---- C:\Program Files
2008-11-10 16:05:08 ----D---- C:\Users\Michael\AppData\Roaming\skypePM
2008-11-10 11:41:18 ----D---- C:\Windows\system32\LogFiles
2008-11-10 09:59:16 ----D---- C:\Windows\System32
2008-11-10 09:59:16 ----D---- C:\Windows\inf
2008-11-10 09:59:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-10 09:54:30 ----D---- C:\Users\Michael\AppData\Roaming\Skype
2008-11-10 09:04:45 ----D---- C:\Windows\system32\drivers
2008-11-10 08:48:37 ----D---- C:\Windows\system32\WDI
2008-11-10 08:47:06 ----D---- C:\ProgramData\McAfee
2008-11-10 08:47:04 ----D---- C:\Program Files\Common Files
2008-11-10 08:44:08 ----D---- C:\Windows\Tasks
2008-11-10 08:24:46 ----D---- C:\ProgramData\Google Updater
2008-11-09 20:23:19 ----D---- C:\Windows\Prefetch
2008-11-09 20:22:15 ----D---- C:\Windows\system32\Tasks
2008-11-09 16:11:12 ----SHD---- C:\System Volume Information
2008-11-08 08:21:31 ----D---- C:\Program Files\Bible
2008-11-06 22:32:25 ----HD---- C:\ProgramData
2008-11-06 22:01:52 ----D---- C:\Windows
2008-11-06 22:01:52 ----A---- C:\Windows\system.ini
2008-11-06 21:59:49 ----D---- C:\Windows\AppPatch
2008-11-06 21:58:12 ----SD---- C:\Windows\Downloaded Program Files
2008-11-06 21:54:06 ----D---- C:\Windows\system32\en-US
2008-11-04 13:33:05 ----D---- C:\Users\Michael\AppData\Roaming\Adobe
2008-11-04 12:05:08 ----D---- C:\Windows\system32\catroot2
2008-11-04 11:56:32 ----D---- C:\Windows\servicing
2008-11-04 11:56:32 ----D---- C:\Program Files\Windows Media Player
2008-11-04 11:56:31 ----D---- C:\Windows\winsxs
2008-11-04 11:56:31 ----D---- C:\Windows\system32\wbem
2008-11-04 11:56:21 ----D---- C:\Windows\system32\Msdtc
2008-11-04 11:55:19 ----D---- C:\Windows\system32\config
2008-11-04 11:52:53 ----D---- C:\Program Files\MSN
2008-11-04 11:52:18 ----D---- C:\Windows\tapi
2008-11-04 11:52:18 ----D---- C:\Windows\system32\spool
2008-11-04 11:52:18 ----D---- C:\Windows\system32\CodeIntegrity
2008-11-04 11:52:09 ----D---- C:\Windows\rescache
2008-11-04 11:52:07 ----RD---- C:\Users
2008-11-04 11:52:07 ----D---- C:\ProgramData\FLEXnet
2008-11-04 11:52:07 ----D---- C:\Program Files\Yahoo!
2008-11-04 11:50:14 ----D---- C:\Windows\registration
2008-11-04 11:50:04 ----D---- C:\Windows\system32\oobe
2008-11-04 11:50:04 ----D---- C:\Windows\system32\migwiz
2008-11-04 11:50:03 ----D---- C:\Windows\system32\Boot
2008-11-04 11:50:03 ----D---- C:\Windows\IME
2008-11-04 11:50:03 ----D---- C:\Windows\ehome
2008-11-04 11:50:02 ----D---- C:\Program Files\Windows Sidebar
2008-11-04 11:50:02 ----D---- C:\Program Files\Windows Photo Gallery
2008-11-04 11:50:02 ----D---- C:\Program Files\Windows Mail
2008-11-04 11:50:02 ----D---- C:\Program Files\Common Files\System
2008-11-04 10:13:24 ----D---- C:\Windows\Logs
2008-11-04 09:45:07 ----D---- C:\Windows\Microsoft.NET
2008-11-04 09:45:00 ----RSD---- C:\Windows\assembly
2008-11-04 09:35:08 ----D---- C:\Windows\system32\catroot
2008-11-04 09:34:45 ----SHD---- C:\boot
2008-11-04 09:18:36 ----D---- C:\Windows\Boot
2008-10-28 14:25:22 ----SHD---- C:\Windows\Installer
2008-10-28 07:07:53 ----D---- C:\ProgramData\Adobe
2008-10-28 07:06:04 ----D---- C:\Program Files\Adobe
2008-10-25 11:05:06 ----D---- C:\Windows\HPCPCUninstall-6811507
2008-10-25 09:06:30 ----D---- C:\Program Files\Common Files\Adobe
2008-10-17 19:03:35 ----D---- C:\Windows\system32\migration
2008-10-17 19:03:35 ----D---- C:\Program Files\Internet Explorer
2008-10-17 18:01:52 ----D---- C:\ProgramData\Microsoft Help
2008-10-14 19:08:28 ----D---- C:\ProgramData\NCH Swift Sound
2008-10-14 19:08:23 ----D---- C:\Program Files\NCH Swift Sound
2008-10-12 07:22:45 ----D---- C:\ProgramData\Roxio
2008-10-10 16:42:46 ----D---- C:\Users\Michael\AppData\Roaming\Roxio
2008-10-07 13:19:40 ----A---- C:\Windows\system32\mrt.exe
2008-10-05 15:20:58 ----D---- C:\Users\Michael\AppData\Roaming\Google
2008-09-13 12:49:47 ----DC---- C:\Windows\system32\DRVSTORE
2008-09-13 12:47:31 ----D---- C:\Program Files\Bonjour
2008-09-13 12:45:56 ----D---- C:\Program Files\Common Files\Apple
2008-09-12 05:00:24 ----D---- C:\Program Files\Microsoft Works

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-20 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-15 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 8192]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-10-25 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2006-11-18 145920]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-02-28 4465184]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 11520]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-07-12 82432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-14 179256]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-10-25 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-18 1380864]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2008-10-22 38496]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2006-11-24 270431]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2006-11-24 118877]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 168432]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-05 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-26 126976]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-08-16 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-10 16:37:13

======Uninstall list======

--> "C:\Program Files\HP Games\Ancient Sudoku\Uninstall.exe "
--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Big Kahuna Reef\Uninstall.exe "
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe "
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe "
--> "C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe "
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe "
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe "
--> "C:\Program Files\HP Games\FATE\Uninstall.exe "
--> "C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe "
--> "C:\Program Files\HP Games\Flip Words\Uninstall.exe "
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe "
--> "C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe "
--> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe "
--> "C:\Program Files\HP Games\Otto\Uninstall.exe "
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe "
--> "C:\Program Files\HP Games\Poker Superstars 2\Uninstall.exe "
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe "
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe "
--> "C:\Program Files\HP Games\Polar Tubing\Uninstall.exe "
--> "C:\Program Files\HP Games\Puzzle Express\Uninstall.exe "
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe "
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe "
--> "C:\Program Files\HP Games\The Apprentice\Uninstall.exe "
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe "
--> "C:\Program Files\HP Games\Word Symphony\Uninstall.exe "
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe "
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites--> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash CS3 Professional-->C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{2274624C-5B38-41AD-AD27-CEC0924EB628}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos CS3-->C:\Program Files\Common Files\Adobe\Installers\cbb2ea61da9c780bd7e47a5230a9ed7\Setup.exe
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASL_HS_Installer32-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll ",RunSetup
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom 802.11 Wireless LAN Adapter--> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey= "Software\Broadcom\802.11\UninstallInfo" /rootdir= "C:\Program Files\Broadcom\Broadcom 802.11\Driver "
CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
CD Wave Editor version 1.97--> "C:\Program Files\CD Wave\unins000.exe "
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HUFSetup.EXE -U -IwisR30B7.inf
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll "
Google Updater--> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{11BB336F-0E58-4977-B866-F24FA334616B}\setup.exe -runfromtemp -l0x0409
HP Connections (remove only)-->C:\Windows\HPCPCUninstall-6811507\HPBWSetup.exe -appid 6811507 -uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{584B0895-8EF3-4175-8E80-1B68BFA04636}
HP Pavilion Webcam Driver for Vista v061.001.00005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}\setup.exe" -l0x9 -removeonly
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Quick Launch Buttons 6.10 B9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 uninst
HP QuickPlay 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Total Care Advisor-->MsiExec.exe /X{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guide 0041-->MsiExec.exe /I{ABFBC596-7EB3-4E4D-A1A3-D2B6806EF1FE}
HP Wireless Assistant-->MsiExec.exe /I{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 3.8.0 Full--> "C:\Program Files\K-Lite Codec Pack\unins000.exe "
Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99C5770C-1C90-42E7-9B74-D47CFAF14621}\setup.exe" -l0x9
My HP Games--> "C:\Program Files\HP Games\Uninstall.exe "
NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Skypeâ„¢ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7\HXFSETUP.EXE -U -Iwis30B7z.inf
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
Switch-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll ",standAloneUninstall
TSP_CODEC-->C:\Program Files\Bytescribe\TSP_CODEC\Uninst.exe /pid:{A90C03D6-08E1-4C59-B93B-6919A6C0AC19} /asd
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Easy Transfer Companion (Beta)-->MsiExec.exe /I{B139DD51-C3F1-4583-98B4-D35F64EA847F}
WORDsearch 7 Tozer Edition--> "C:\ProgramData\{0EB526CD-341C-4A0A-A665-EF7BD140AC37}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081110-1]
AS: AVG Anti-Spyware (outdated)
AS: Windows Defender
AS: SpywareBot (disabled)
AS: avast! antivirus 4.8.1229 [VPS 081110-1]

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"Path "=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE "=x86
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"USERNAME "=SYSTEM
"windir "=%SystemRoot%
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION "=4802
"NUMBER_OF_PROCESSORS "=2
"PLATFORM "=MCD
"PCBRAND "=Pavilion
"OnlineServices "=Online Services
"RoxioCentral "=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH "=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------

 

Welcome to WindowsBBS Hondo

Please post the contents of the C:\ComboFix.txt file.
Open MBAM and select the Logs tab, then select your most recent scan and click View report. Post that log as well.

 

Yahoo Searches Redirected to Unwanted Pages

Thanks noahdfear for the welcome and the help.

Before posting to WindowsBBS I had uninstalled Combo Fix. So after installing here is ComboFix log. I will put the MABM log in the next post.

ComboFix 08-11-11.01 - Michael 2008-11-12 21:34:01.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.1270 [GMT -6:00]
Running from: c:\users\Michael\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.

2008-11-10 16:36 . 2008-11-10 16:37 <DIR> d-------- C:\rsit
2008-11-10 16:36 . 2008-11-10 16:37 <DIR> d-------- c:\program files\trend micro
2008-11-10 09:04 . 2008-11-10 09:04 <DIR> d-------- c:\program files\Alwil Software
2008-11-10 09:04 . 2008-07-19 09:36 51,280 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2008-11-06 22:32 . 2008-11-06 22:58 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-11-06 22:32 . 2008-11-06 22:58 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-11-06 22:32 . 2008-11-10 08:09 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-06 21:19 . 2008-11-06 21:19 <DIR> d-------- c:\users\Michael\AppData\Roaming\Malwarebytes
2008-11-06 21:18 . 2008-11-06 21:18 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-06 21:18 . 2008-11-06 21:18 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-04 09:18 . 2008-11-04 09:18 <DIR> d-------- C:\PerfLogs
2008-10-31 23:07 . 2008-08-05 21:27 1,244,672 --a------ c:\windows\System32\mcmde.dll
2008-10-31 23:07 . 2008-08-05 21:27 428,032 --a------ c:\windows\System32\EncDec.dll
2008-10-31 23:07 . 2008-08-05 21:27 292,352 --a------ c:\windows\System32\psisdecd.dll
2008-10-31 23:07 . 2008-08-05 21:26 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-31 23:07 . 2008-08-05 21:26 177,152 --a------ c:\windows\System32\mpg2splt.ax
2008-10-31 23:07 . 2008-08-05 21:26 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-31 23:07 . 2008-08-05 21:26 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2008-10-31 23:07 . 2008-08-05 21:26 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-10-30 05:38 . 2008-08-11 21:29 441,856 --a------ c:\windows\System32\win32spl.dll
2008-10-30 05:38 . 2008-08-11 21:29 37,376 --a------ c:\windows\System32\printcom.dll
2008-10-28 07:04 . 2007-02-20 15:04 2,463,976 --a------ c:\windows\System32\NPSWF32.dll
2008-10-28 07:04 . 2007-02-20 15:04 190,696 --a------ c:\windows\System32\NPSWF32_FlashUtil.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 03:26 --------- d-----w c:\programdata\Google Updater
2008-11-13 03:18 --------- d-----w c:\users\Michael\AppData\Roaming\skypePM
2008-11-10 15:54 --------- d-----w c:\users\Michael\AppData\Roaming\Skype
2008-11-10 14:47 --------- d-----w c:\programdata\McAfee
2008-11-08 14:21 --------- d-----w c:\program files\Bible
2008-11-04 17:52 --------- d-----w c:\programdata\FLEXnet
2008-11-04 17:52 --------- d-----w c:\program files\Yahoo!
2008-11-04 17:50 --------- d-----w c:\program files\Windows Sidebar
2008-11-04 17:50 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-04 17:50 --------- d-----w c:\program files\Windows Mail
2008-10-25 15:06 --------- d-----w c:\program files\Common Files\Adobe
2008-10-18 00:01 --------- d-----w c:\programdata\Microsoft Help
2008-10-15 01:08 --------- d-----w c:\programdata\NCH Swift Sound
2008-10-15 01:08 --------- d-----w c:\program files\NCH Swift Sound
2008-10-12 13:22 --------- d-----w c:\programdata\Roxio
2008-10-10 22:42 --------- d-----w c:\users\Michael\AppData\Roaming\Roxio
2008-10-10 22:33 --------- d-----w c:\program files\CD Wave
2008-10-09 23:22 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 23:22 --------- d-----w c:\program files\iTunes
2008-10-09 23:21 --------- d-----w c:\program files\iPod
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-10-01 18:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-09-13 18:50 --------- d-----w c:\program files\Apple Software Update
2008-09-13 18:47 --------- d-----w c:\program files\Bonjour
2008-09-13 18:46 --------- d-----w c:\program files\QuickTime
2008-09-13 18:45 --------- d-----w c:\program files\Common Files\Apple
2008-09-13 14:38 35,541 ----a-w c:\users\Michael\AppData\Roaming\nvModes.dat
2008-08-29 15:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 14:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-07-10 10:56 174 --sha-w c:\program files\desktop.ini
2008-03-08 20:48 32 ----a-w c:\users\All Users\ezsid.dat
2008-03-08 20:48 32 ----a-w c:\programdata\ezsid.dat
2007-07-12 13:52 0 ----a-w c:\users\Michael\AppData\Roaming\wklnhst.dat
2008-01-17 03:05 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-17 03:05 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-17 03:05 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-06_22.02.51.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-07 03:30:39 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-13 03:17:08 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-07 03:30:39 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-13 03:17:08 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-07 03:33:16 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-13 03:19:25 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-11-07 02:02:34 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-12 01:59:48 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-07 02:02:34 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-12 01:59:48 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-07 02:02:34 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-12 01:59:48 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-07 04:01:19 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-13 03:37:28 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-13 03:37:28 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-07-19 15:43:08 1,163,960 ----a-w c:\windows\System32\aswBoot.exe
+ 2008-07-19 15:30:53 94,392 ----a-w c:\windows\System32\AvastSS.scr
- 2008-11-07 03:40:41 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-13 03:26:17 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-07 03:40:41 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-13 03:26:17 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-07 03:40:41 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-13 03:26:17 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-07 03:56:22 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-13 03:33:53 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-07-19 15:37:42 20,560 ----a-w c:\windows\System32\drivers\aswFsBlk.sys
+ 2008-07-19 15:33:42 23,152 ----a-w c:\windows\System32\drivers\aswRdr.sys
+ 2008-07-19 15:35:18 78,416 ----a-w c:\windows\System32\drivers\aswSP.sys
+ 2008-07-19 15:32:36 42,912 ----a-w c:\windows\System32\drivers\aswTdi.sys
- 2007-02-20 21:04:02 2,463,976 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32.dll
- 2007-02-20 21:04:04 190,696 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-11-10 23:39:14 84,661 ----a-w c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
- 2008-11-07 03:36:33 104,024 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-13 03:22:35 104,024 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-07 03:36:33 618,648 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-13 03:22:35 618,648 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-01 13:22:29 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2008-11-10 17:50:38 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-11-07 03:33:15 8,594 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2924603548-2176741242-2523670655-1000_UserData.bin
+ 2008-11-13 03:19:39 9,342 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2924603548-2176741242-2523670655-1000_UserData.bin
- 2008-11-07 03:33:15 59,600 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-13 03:19:39 60,876 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-10 15:05:07 2,594 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-11-07 03:33:06 51,564 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-13 03:19:37 54,264 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-02-06 21898024]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"WAWifiMessage "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 77824]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-14 185896]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc "= "c:\windows\system32\nvsvc.dll" [2007-02-28 90191]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-02-28 7770112]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-02-28 81920]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher "= "c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{95ECDD01-AB84-4195-A36C-29147C571235} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9E02C4F2-DF48-4ADA-B6DF-757714F01315} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{847B4D9A-56A3-49A5-9521-2D7585715908} "= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{90528E1E-A1FE-4A81-B793-12DCFBBD3662} "= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{090CF6CF-EE2B-41E5-8C78-4E27BDD9A0C7} "= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6B57F522-FAAD-41A8-B1C1-953062BF9446} "= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{AB06BDE8-59B8-48EC-BE3A-F47C57907ABE} "= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{81A65DC1-77E6-4167-8E14-4B7FCA87FA72} "= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{EC58DC15-F7C5-434D-85D3-CDAD99FD9AC4} "= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{60DEC888-F219-4253-B879-9DCB9F49D1E6} "= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{69766FF7-C030-44B6-941A-342BD87A0965} "= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6B858232-CDA8-4787-BC69-95686C88817A} "= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{964A17A2-B864-49C4-AE05-C970AF48F245} "= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D0E33B3D-1A5D-4264-A998-9D761F9F2B0E} "= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E4F8C58C-172C-4E9F-87BD-9C7CCBAA8251} "= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0CA0798A-3E2C-4FD7-BEAB-7513E7519FE5} "= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6724816D-6E60-46F7-BA77-75BFF33C85DB} "= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2529FC12-EA14-4A4B-B558-983C1B403294} "= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{65C306BB-04C2-45E0-9998-70C6460C0AA7} "= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{23EEC350-C618-4C9C-B99F-F5D236F20E09} "= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{0D7EB09F-0C84-45E3-8579-2BB3965E9768} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8B460893-27ED-4215-BB59-6EE3ECB9EF00} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4D3ACF84-F6CD-4ACE-9123-464D6A4F6134} "= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{82BC31AC-8F46-4C2C-BDF1-F5BAAD1685F0} "= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{5C70583E-D439-4EF1-B589-71AAFE87BA22} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{08BB1248-D213-4E53-81B0-9FDF354E3D4F} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C0D19756-779C-455A-86E2-5C8E2FFD0D1D} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{49C2C01B-3F4C-423E-8E8A-B0761A316356} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1 "= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe "= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{801e04e5-3be8-11dd-8891-001b242395b2}]
\shell\AutoRun\command - f:\wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-13 c:\windows\Tasks\User_Feed_Synchronization-{5D3B7B9B-0435-4ED9-B145-40CC3DDF141A}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 03:45]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\sj6e9cd7.default\
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 21:37:38
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-12 21:39:24
ComboFix-quarantined-files.txt 2008-11-13 03:39:12
ComboFix2.txt 2008-11-07 04:04:12

Pre-Run: 63,943,462,912 bytes free
Post-Run: 63,975,960,576 bytes free

259 --- E O F --- 2008-11-04 03:46:24

 

Yahoo Searches Redirected to Unwanted Pages

Noahdfear,

Here is the MABM log. Again thank you for your help.

Malwarebytes' Anti-Malware 1.30
Database version: 1370
Windows 6.0.6000

11/6/2008 9:28:11 PM
mbam-log-2008-11-06 (21-28-11).txt

Scan type: Quick Scan
Objects scanned: 48937
Time elapsed: 7 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 11
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4cc222a1-5724-4797-822d-44e9c4b45c06}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4cc222a1-5724-4797-822d-44e9c4b45c06}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{4cc222a1-5724-4797-822d-44e9c4b45c06}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\VirusProtectPro 3.7 (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
C:\Program Files\VirusProtectPro 3.7\Logs (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
C:\Program Files\VirusProtectPro 3.7\Quarantine (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\SpywareBot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\SpywareBot\Quarantine (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\SpywareBot\Registry Backups (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\SpywareBot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusProtectPro (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\SpywareBot\Log\2007 Sep 04 - 03_25_55 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\VirusProtectPro 3.7\blacklist.txt (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
C:\Program Files\VirusProtectPro 3.7\VirusProtectPro 3.7.url (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
C:\Program Files\VirusProtectPro 3.7\vpp.dat (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\SpywareBot\rs.dat (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\SpywareBot\Log\2007 Sep 04 - 03_25_45 PM_874.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\SpywareBot\Log\2007 Sep 04 - 03_25_52 PM_801.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\SpywareBot\Settings\CustomScan.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\SpywareBot\Settings\IgnoreList.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\SpywareBot\Settings\ScanInfo.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\SpywareBot\Settings\ScanResults.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\SpywareBot\Settings\SelectedFolders.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\SpywareBot\Settings\Settings.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.

 

Hi Hond,

I've been studying your logs and do not see any active infections. Some of what MBAM removed suggests that your router's dns setting (if you have a router) might be hijacked though. Do you know how to reset the router? Not just toggle the power, but reset it to factory default, which will require you to reconfigure it if accessed by wireless connection.

 

Yahoo Searches Redirected to Unwanted Pages

Hey Noahdfear,

Hate to tell you, but I have no idea about resetting the router other than what you told me not to do. If you could spare that piece of know-how, I would appreciate it. I have a Netgear MaxRange 802.11g that is n compatible.

Thanks,
Hondo

 

First, how many computers are using the router? Next, what type of connection do they have; wired or wireless?

 

Yahoo Searches Redirected to Unwanted Pages

6 computers: 1 wired, 5 wireless

 

OK, lets check a couple of those computers too.
Click Start>Run and type cmd then hit Enter to open a command window.
In the command window, type the folloing command then hit Enter.

ipconfig /all

Note - there is a space between ipconfig and /all
Look at the dhcp entry and see if it's set to a number similar to below.

85.255.112.*** < the asterisks * could be any number

Do this on each machine (2 or 3 should be sufficient)

 

Yahoo Searches Redirected to Unwanted Pages

No similar number with asterisks. There are full ip addresses in the category of DHCP server

 

Do they all have the same number, and does it start with 68.53.81 ?

 

Yahoo Searches Redirected to Unwanted Pages

Noah, by the number of different posts you are working it looks like you have several plates spinning. If you need to get back with me later--I'll understand.

The answer to your last question is yes they are all the same number but they do not start with 68.53.81. They start with 192

 

192 is fine as well. So long as you see no IPs that begin with 85.255.112 that's good. Router will not need reset.

Lets get a log from another couple of tools.

Download mbr.exe and save it to your desktop.
Double click mbr.exe to run it.
It will open and close very quickly and produce the file mbr.log on the desktop.
Double click mbr.log to open it and post it's contents.


Download GMER

Right click and extract it to it's own folder on the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for "˜Show All’.
Click on Scan.
When the scan has completed, click Copy and paste the results (if any) into this topic.


Yeah, I've got a couple plates spinning. That's just what you can see ...

 

Yahoo Searches Redirected to Unwanted Pages

Noahdfear,

Here are the requested reports:

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK



GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-14 05:58:51
Windows 6.0.6000


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x8C00D0AC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x8C00CFEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x8C00D050]

---- Kernel code sections - GMER 1.0.14 ----

? C:\Users\Michael\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Users\Michael\Desktop\gmer\gmer.exe[5380] ntdll.dll!NtCreateFile + 3 772DF417 2 Bytes [ D7, FA ]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\system32\services.exe[532] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00070002
IAT C:\Windows\system32\services.exe[532] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00070000

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016417e6b47
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016417e6b47
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\00-00-00-00-00-00
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\00-00-00-00-00-00@UDN uuid:1b44f5fc-2fac-48dd-b53b-83b3683df487
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\00-00-00-00-00-00@SerialNumber {E4807034-BB5D-42AC-85D0-BB440F987680}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\00-00-00-00-00-00@FriendlyName michael-pc
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\00-00-00-00-00-00@ModelName Windows Media Player
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\00-00-00-00-00-00@ModelNumber 11
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\00-00-00-00-00-00@Description Windows Media Player Renderer
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\00-00-00-00-00-00@ModelURL http://www.microsoft.com/windows/windowsmedia
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\00-00-00-00-00-00@ManufacturerURL http://www.microsoft.com/
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\00-00-00-00-00-00@Manufacturer Microsoft
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\00-00-00-00-00-00@NetworkInterface {3A539854-6A70-11DB-887C-806E6F6E6963}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\00-00-00-00-00-00@IconFileName C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files\00-00-00-00-00-00.png
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\MAC Access Control\S-1-5-21-2924603548-2176741242-2523670655-1000@00-00-00-00-00-00 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures@User_Feed_Synchronization-{5D3B7B9B-0435-4ED9-B145-40CC3DDF141A}.job.fp 1622082920

---- EOF - GMER 1.0.14 ----

 

Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Please close all open browser windows
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

Let me know if the redirection continues. If it does, please provide details of where the redirection takes you.

 

Yahoo Searches Redirected to Unwanted Pages

Noahdfear,

I'm sorry to report that it has not worked. I'm still being redirected.

My search was the following:

• Prediction - MLB: NL MVP 2008 - ZiiTrend.com
Handicapping the National League Most Valuable Player field ... Who will win the NL MVP Award 2008? source: http://mlb.mlb.com/news/a... Prediction Guideline ...
www.ziitrend.com/predict/on/mlb_nl_mvp_2008_2008-11-10 - 112k - Cached

But I was redirected to a search engine called Info. Here is the link:
hxxp://search20.info.com/2008 mlb mvp?cmp=2887&affiliate=45333

When I hit the back button on my browser trying to get back to Yahoo I was then redirected to this site:
hxxp://ylwbook.areaconnect.addresse...KY&PHPSESSID=a487a1aa8eb0e5d98fb384ea31104ae4

Each time I hit the back button I was redirected to other pages looking like search pages with the results of my search.

Hondo

 

Open a command window and type the following command then hit Enter.

ipconfig /flushdns


Try deleting your cookies too. Clear temporary internet files again while there.

 

Yahoo Searches Redirected to Unwanted Pages

Following your instruction I received the message:

The requested operation requires elevation.

Hondo

 

Navigate to C:\Windows\System32, right click on cmd.exe and select Run as Administartor, then repeat the command.

Check your Search Providers in IE options too.


I've got some errands, but will be back later.

 

Yahoo Searches Redirected to Unwanted Pages

Noahdfear,

Did all you have suggested but still having the same problem. I am being redirected to more search engine like pages.