[Resolved] Browser search redirect

[JHotch]

My browser is being redirected to various advertising sites whenever I do a search from a search engine (Google.com, Yahoo.com, etc.) or from the browser's embedded search box.

Below is my HijackThis log file from earlier today. Malwarebytes comes up empty. Thanks in advance for your help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:46:25 AM, on 9/5/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Temp\MalwareHelp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25415
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110513073236.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10s_Plugin.exe -update plugin
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://firepass.hunter.com/vdesk/terminal/InstallerControl.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn.rehabcare.com/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://www.instantpublisher.com/downloads/ImageUploader5.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120453608171
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://firepass.hunter.com/vdesk/terminal/urTermProxy.cab#version=6010,2007,0223,0314
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158710485168
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://firepass.hunter.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0
O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} (Net6Launcher Class) - https://vpn.aerofil.com/net6helper.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://firepass.hunter.com/vdesk/terminal/urxhost.cab#version=6010,2007,0223,0312
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O18 - Filter hijack: text/html - {4b9cdc14-4958-4b48-b349-9b96733413bd} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: 3E8DEB26 - Unknown owner - C:\WINDOWS\system32\3E8DEB26.exe (file missing)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 11242 bytes

[Bear]

Error posting

[JHotch]

Thanks for responding. Are you saying that I posted my log file incorrectly?

[kevinf80]

You`ve done nothing wrong my friend, be patient you`ll get instructions shortly...

Kevin

[Bear]

Hi J

Now that you've got to meet all of us    I'll handle your problem.
So first some general information:

Hello, welcome to SpywareHammer.

I go by Bear, and I will be helping you with your problem. I understand that having malware on your system is disruptive, annoying and can even be frightening.  I also understand the urgency of getting your computer functioning again.  Working as a team, you and I will be able to confront this problem and hopefully bring it to a successful conclusion.  But you need to do a few things to help me understand your situation.

First, tell me everything and anything that you have already tried to fix this problem. 

Second, tell me the symptoms that of infection that you are seeing in your computer and when you first notice them.  If the symptoms were progressive, let me know that.

Third, please only use one forum to help resolve your problem. Posting on more than one forum or trying other things in between our procedures will confuse and lengthen the process and may even make a positive solution impossible.

Fourth, please follow my instructions exactly.   If you cannot follow them or don't understand something, let me know immediately and do NOTHING until you hear from me.  If for any reason you have deviated from my instructions, PLEASE let me know at once.

Fifth, Understand that malware gets into your computer system very easily but can be very, very difficult to remove.  It could take a while and we may have to try several processes to fix the problem.  So please "keep the faith".   I will do all I can to get your computer operating properly, and if I can't fix it we have many very bright individuals here at SpywareHammer who will help us.

Sixth, do not send anything to me as an attachment unless I specifically ask for it.  Please copy and paste all of your responses to me by replying to my post on this forum.  If the response is too long (the forum has size limits), please send it in portions, sequentially.

Seventh let me know of any software you have running that encrypts your hard drive, such as Windows BitLocker or any others.

Eighth If your PC is set to automatically update, DISABLE, this function and do not update until we have disinfected your PC.

And lastly, before we do anything else, please back up you data, if possible on an external media such as DVD's, CD's, memory sticks or external hard drives.

I will analyze your data and post instructions back to you. 

[JHotch]

The issue first began earlier this summer. I found bleepingcomputer.com and followed some of their recommendations to another poster. I was able to resolve the issue temporarily by updating my registry to remove Google as my default browser search engine and then remove Google entirely as one of the engine options. I could see in the registry that it was set to redirect to Gala Search. The problem returned within a few days. Since then, I have used Malwarebytes (which I do frequently in an attempt to keep a clean system), RKUnhooker (but didn't really know what to unhook), and SUPERAntiSpyware. When I had the issue earlier, I ran those same tools plus a Kaspersky tool and ComboFix (along with its removal tool). I also have ATF-Cleaner installed which I use occasionally.

Symptoms -- whenever I use the embedded search engine (set to Bing currently), I receive a search page in which all the links are redirected to a page with IP 63.209.69.107. The links all appear to have click.scour.com in the link. From www.google.com, all searches redirect to a page titled "starFeedsMixer" and the links all point to star.feedsmixer.org. This behavior is similar for all searches and search engines.

This is the only site I am posting to for help and the only site I will follow instructions from for now.

No encryption software is running that I am aware of. I have disabled automatic updates. I'm backed up and ready.

Thanks.

[Bear]

Hi J

Before we proceed any further, I need to ask if this is a business computer.  Is it a work computer for Aerofil Technology in Sullivan MO?  Or another company?  Is this computer personally owned by you?

[JHotch]

It's my personal computer. I am a consultant and I occasionally have to connect to customer sites (Aerofil, etc.) and my own parent company for business, but this computer is unfortunatly used a lot more by my teenage kids than by me for work.

[Bear]

Hi J

Fine then we will proceed.  The site has rules about working on computers owned by someone other than the poster.

One more question are you familiar with firepass.hunter.com.  Is this a site you use or know of.  It is heavily represented on your PC and I could find no info on it.

[JHotch]

Another customer.

[Bear]

Hi J

There is definitely some malware on your PC.  And as you found out earlier, if you don't get it all, it just comes back.  So let's begin.

There is one other questionable entry but I suspect it is a client, but please let me know:
rehabcare.com


1.  Rerun HJT

Click on Scan.

Place a check mark next to all of the following entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25415

O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe

O18 - Filter hijack: text/html - {4b9cdc14-4958-4b48-b349-9b96733413bd} - (no file)


Then click Fix Checked.

Now reboot your computer.

2.  Open Notepad.  Copy the code in the code box below into the Notepad Window.  Now save the Notepad file to your desktop.  Name it StopService.bat.  Double click on the StopService.bat icon.

Code: [Select]


sc stop "3E8DEB26"
sc delete "3E8DEB26"


3.  Please download Malwarebytes Anti-Malware and save it to your desktop.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes. Make sure you are connected to the Internet.   Double-click on mbam-setup.exe to install the application.
•   When the installation begins, follow the prompts and do not make any changes to default settings.
•   When installation has finished, make sure you leave both of these checked:
o   Update Malwarebytes' Anti-Malware
o   Launch Malwarebytes' Anti-Malware
•   Then click Finish.
•   MBAM will automatically start and you will be asked to update the program before performing a scan.
•   If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
•   If you encounter any problems while downloading the definition updates, manually download them from updates  and just double-click on mbam-rules.exe to install.

4.  On the Scanner tab:
•   Make sure the "Perform Full Scan" option is selected.
•   Then click on the Scan button.
•   If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
•   The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
•   When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
•   Click OK to close the message box and continue with the removal process.

5.  Back at the main Scanner screen:
•   Click on the Show Results button to see a list of any malware that was found.
•   Make sure that everything is checked, and click Remove Selected.
•   When removal is completed, a log report will open in Notepad.
•   The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
•   Exit MBAM when done.
•   
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

6.  Download DDS by sUBs here DDS and save it to your desktop. If for any reason your PC will not allow you to save the file as DDS, rename it to Stop.scr.

7.  Disable all of your Anti-Virus, Anti-Spyware programs.  If you need help to disable them go to Disable Anti Malware, be sure to re-enable them before reconnecting to the internet and posting your reply.

8.  Double click on the DDS icon, allow it to run.  A small box will open, with an explanation about the tool.  No input is needed, the scan is running.

Notepad will open with the results of two files, be patient.

Please always check to be sure Word Wrap is NOT turned on in any Notepad files you post.  This is done by opening the Notepad file and clicking on Format to be sure Word Wrap is not checked.

Note:  This site has size limits on posts.  Please be sure to check that all the data you entered was posted.  If not, use multiple posts.

Now please post the following to me as a reply to this post:
rehabcare.com
mbam-log-(date)
DDS.txt
Attach.txt
Let me know if the symptoms of infection your computer is exhibiting have changed
If you have any questions or problems, let me know that as well

[JHotch]

Running the MBAM scan. Probably won't post until tomorrow.

Rehabcare is a client.

One more note...although it's likely that someone in my family (including me) visited an odd website that caused this problem, I do remember downloading and installing SyncToy 2.1 from Microsoft at roughly the same time period that we began noticing the problem. Not sure if it matters, but thought I would throw it out there.

Thanks again.

[Bear]

Hi J

Would be interested in what you sync'd with.  It may have brought you the malware and may still have it.

[JHotch]

Bear,

I use the SyncToy to sync files from the C drive (My Documents) to the F drive (backup storage drive).

Results of MBAM:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7660

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/5/2011 11:53:36 PM
mbam-log-2011-09-05 (23-53-36).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 495526
Time elapsed: 3 hour(s), 43 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Results of DDS scan (DDS.txt):
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_21
Run by Admin at 6:57:44 on 2011-09-06
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.353 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\vVX3000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110513073236.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
uPolicies-explorer: DisallowRun = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
Trusted Zone: rehabcare.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://firepass.hunter.com/vdesk/terminal/InstallerControl.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.rehabcare.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxps://www.instantpublisher.com/downloads/ImageUploader5.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120453608171
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://firepass.hunter.com/vdesk/terminal/urTermProxy.cab#version=6010,2007,0223,0314
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158710485168
DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} - hxxps://firepass.hunter.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0
DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} - hxxps://vpn.aerofil.com/net6helper.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://firepass.hunter.com/vdesk/terminal/urxhost.cab#version=6010,2007,0223,0312
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3C9475AE-C187-4129-B765-9DD33C340290} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B53D4006-DEA8-43C4-9513-3C0FCA92361F} : DhcpNameServer = 192.168.64.1 192.168.64.19
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\4wzp6mko.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\documents and settings\admin\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\admin\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\4wzp6mko.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\4wzp6mko.default\extensions\runtime@panda3d.org\platform\winnt_x86-msvc\plugins\nppanda3d.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\robloxversions\version-b0b74ccbad4f4893\NPRobloxProxy.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Panda3D Game Engine Plug-In: runtime@panda3d.org - %profile%\extensions\runtime@panda3d.org
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: XUL Cache: {768c860c-5b70-478c-91e1-a7d72936cd2c} - %profile%\extensions\{768c860c-5b70-478c-91e1-a7d72936cd2c}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-17 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-2-27 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-9-3 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-11-27 116608]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-31 233472]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-27 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-27 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-27 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-27 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-27 141792]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-8-20 370872]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-31 36608]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-17 153280]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-27 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-2-27 88736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-27 56064]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-17 52320]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-2-27 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-27 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-17 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-17 40552]
S3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys --> c:\windows\system32\drivers\net6im51.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 12872]
S3 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-3-11 1373480]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-16 19:35:58   --------   d-----w-   c:\documents and settings\admin\application data\Need for Speed World
2011-08-16 18:14:41   --------   d-----w-   c:\documents and settings\admin\local settings\application data\Electronic_Arts_Inc
2011-08-16 18:12:59   1420824   ----a-w-   c:\windows\system32\D3DCompiler_37.dll
2011-08-16 18:09:41   --------   d-----w-   c:\windows\Logs
2011-08-16 18:08:35   --------   d-----w-   c:\documents and settings\all users\application data\Electronic Arts
.
==================== Find3M  ====================
.
2011-09-05 17:09:01   214520   ----a-w-   c:\windows\system32\PnkBstrB.xtr
2011-09-05 17:07:56   137464   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2011-09-05 17:06:42   214520   ----a-w-   c:\windows\system32\PnkBstrB.exe
2011-07-28 01:17:41   0   ---ha-w-   c:\documents and settings\admin\gsigsyxztf.tmp
2011-07-07 00:52:42   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52:42   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-06-23 15:56:52   126976   ----a-w-   c:\windows\system32\UAService7.exe
2011-06-10 17:05:03   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH:  6:59:09.62 ===============


Results of DDS scan (Attach.txt)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/18/2005 8:52:32 PM
System Uptime: 9/5/2011 7:57:39 PM (11 hours ago)
.
Motherboard: Dell Inc.           |  | 0M3918
Processor:               Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 72 GiB total, 1.266 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 328.319 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel GS Wavetable Synthesizer
Device ID: SW\{6C1B9F60-C0A9-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer: Microsoft
Name: Microsoft Kernel GS Wavetable Synthesizer
PNP Device ID: SW\{6C1B9F60-C0A9-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service: swmidi
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel DLS Synthesizer
Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Manufacturer: Microsoft
Name: Microsoft Kernel DLS Synthesizer
PNP Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Service: DMusic
.
==== System Restore Points ===================
.
RP1037: 8/15/2011 12:59:29 AM - System Checkpoint
RP1038: 8/16/2011 1:59:36 AM - System Checkpoint
RP1039: 8/16/2011 1:12:32 PM - Installed DirectX
RP1040: 8/17/2011 3:52:10 PM - System Checkpoint
RP1041: 8/18/2011 5:19:02 PM - System Checkpoint
RP1042: 8/19/2011 5:50:28 PM - System Checkpoint
RP1043: 8/20/2011 7:29:04 PM - System Checkpoint
RP1044: 8/21/2011 8:19:06 PM - System Checkpoint
RP1045: 8/22/2011 8:34:45 PM - System Checkpoint
RP1046: 8/23/2011 10:54:53 PM - System Checkpoint
RP1047: 8/24/2011 11:15:30 PM - System Checkpoint
RP1048: 8/25/2011 11:38:35 PM - System Checkpoint
RP1049: 8/27/2011 12:18:37 AM - System Checkpoint
RP1050: 8/28/2011 2:13:27 AM - System Checkpoint
RP1051: 8/29/2011 3:01:27 AM - System Checkpoint
RP1052: 8/30/2011 7:48:15 AM - System Checkpoint
RP1053: 8/31/2011 9:14:57 AM - System Checkpoint
RP1054: 8/31/2011 1:01:31 PM - Installed Call of Duty(R) 2 Mod Tools
RP1055: 9/1/2011 2:08:21 PM - System Checkpoint
RP1056: 9/2/2011 3:04:45 PM - System Checkpoint
RP1057: 9/3/2011 3:51:58 PM - System Checkpoint
RP1058: 9/4/2011 4:18:24 PM - System Checkpoint
RP1059: 9/5/2011 4:37:27 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements
Adobe Photoshop Elements 5.0
Adobe Reader 7.0.5
Adobe SVG Viewer
Age of Empires III
AiO_Scan_CDA
AiOSoftwareNPI
Anark Client 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Backyard Skateboarding
Bonjour
BufferChm
Call of Duty(R) 2
Call of Duty(R) 2 Mod Tools
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
Cisco AnyConnect VPN Client
Civilization III
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Dell Driver Reset Tool
Dell Support 5.0.0 (630)
Dell System Restore
Destinations
DeviceManagementQFolder
DocProc
eSupportQFolder
F300
F300_Help
F300Trb
Fax_CDA
Finale NotePad 2005a
Finale NotePad 2007
Finale PrintMusic 2008
FMSLogo
Futuremark Measurement Services Client
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Google Earth
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP PSC & OfficeJet 6.1.A
HP Solution Center and Imaging Support Tools 6.1
HP Update
HPProductAssistant
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Jeopardy! 2nd Edition
LEGO Star Wars
LEGO Star Wars 2 DEMO
LEGO Star Wars II
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Visual Web Developer 2005 Express Edition - ENU Service Pack 1 (KB926751)
MovieEdit Task
Mozilla Firefox (3.6.21)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Need for Speed™ Most Wanted
Need For Speed™ World
NewCopy_CDA
nik Color Efex Pro 2.0 GE
PC Connectivity Solution
Pen Tablet
PhotoStitch
ProductContextNPI
Qualxserve Service Agreement
QuickTime
RAW Image Task 1.2
Reading Blaster Ages 9-12
Readme
RemoteCapture Task 1.1
Roblox for Admin
RollerCoaster Tycoon 2: Wacky Worlds
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Sansa Media Converter
SBC Yahoo! Applications
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sid Meier's Civilization 4
Skype™ 5.1
Skype™ 5.5
SolutionCenter
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
Status
SUPERAntiSpyware Free Edition
SyncToy 2.1 (x86)
TextPad 4.7
The Battle for Middle-earth (tm)
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Driver Package - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Zoo Tycoon 2
.
==== Event Viewer Messages From Past Week ========
.
8/30/2011 4:14:07 PM, error: Service Control Manager [7023]  - The Automatic Updates service terminated with the following error:  The specified module could not be found.
.
==== End Of File ===========================

Thanks. I'll test my computer for changes after this posting and let you know what differences I see.
JHotch

[JHotch]

Bear, my browser searches are still being hijacked. The embedded browser search engine (Bing in my case) will display the results in a Bing search page but all links on the page direct the browser to an ad site ("Brighthome" now, but this changes occasionally). When I try a search from a web search page (Yahoo, Google), I get the same results as above. I know this is a process, so we'll keep at it. Thanks for your help. JHotch