Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Wrong website opens after a google search & click link

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Wrong website opens after a google search & click link

Unread postby billt » December 10th, 2009, 5:04 pm

When I do a Google search I am directed to the wrong website when I click on a link. It happens about 75% of the time. I might click on amazon.com, for example, and get sent to a website for something completely different. After going back to the search results, I can usually get the right site to open on the 2nd or 3rd try. I've run so many different programs to try and get rid of this, but to no eval. Can someone help me? Below is my hijackthis info:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:43 PM, on 12/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\DllHost.exe
C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lisa\Desktop\spybotsd162.exe
C:\Users\Lisa\AppData\Local\Temp\is-67F90.tmp\spybotsd162.tmp
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Lisa\Desktop\spybotsd162.exe
C:\Users\Lisa\AppData\Local\Temp\is-QL28C.tmp\spybotsd162.tmp

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [PrintDisp] C:\Windows\system32\PrintDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [userinit] C:\Users\Lisa\AppData\Roaming\sdra64.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - C:\Windows\system32\PrintCtrl.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12521 bytes


2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader 8.1.5
Adobe Setup
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
AVG 8.5
BlueVoda Website Builder 9.22
Bonjour
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Crystal Reports for .NET Framework 2.0 (x86)
CyberLink DVD Suite
ESU for Microsoft Vista
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 D3
HP Smart Web Printing
HP Update
HP User Guides 0118
HP Wireless Assistant
HPNetworkAssistant
HPTCSSetup
ImgBurn
Infix 4.06
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 5
Junk Mail filter update
LabelPrint
Malwarebytes' Anti-Malware
MAPILab Toolbox
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (MSPOSInstance)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NetWaiting
NVIDIA Drivers
Panda ActiveScan 2.0
PCDrafter 2009
PDF Settings
Power2Go
PowerDirector
PVSonyDll
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek USB 2.0 Card Reader
Registry Easy v5.6
Regit POS
Retail Man POS 1.70
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Serif WebPlus X2
Serif WebPlus X2 Resources
Snapfish Picture Mover
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
The KMPlayer (remove only)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb976884)
Web Page Maker V3.12
Windows Live Call
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Yahoo! Toolbar
billt
Regular Member
 
Posts: 15
Joined: December 10th, 2009, 4:38 pm
Advertisement
Register to Remove

Re: Wrong website opens after a google search & click link

Unread postby Cypher » December 17th, 2009, 1:26 pm

Hi, Welcome to the forum.
My name is Cypher, and I will be helping you with your malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.
  • I am currently reviewing your log, and will return as soon as possible with your next set of instructions.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Wrong website opens after a google search & click link

Unread postby billt » December 17th, 2009, 4:28 pm

Thank You!
billt
Regular Member
 
Posts: 15
Joined: December 10th, 2009, 4:38 pm

Re: Wrong website opens after a google search & click link

Unread postby Cypher » December 18th, 2009, 8:39 am

Hi billt.
Is this a business computer or is it for personal use?

Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.



Please download GMER Rootkit Scanner from Here.
  • Right click the .exe file. And select " Run as administrator " If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)


Next.

Run CKScanner

  • Please download CKScanner by askey127 from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

In your next reply.

  • GMER log.
  • RSIT log.txt file contents and info.txt file contents.
  • CKFiles.txt log.
  • Is this a business computer?
  • Please let me know how your computer is performing now.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Wrong website opens after a google search & click link

Unread postby billt » December 18th, 2009, 1:14 pm

This is my wifes personal laptop that we bring to our family business (children's consignment store that we just opened 10/24/09), so we have something to do while working there. It has some web page stuff, some Point of Sale programs that we were looking to get and some flyers on it.

It is still acting the same. Every time you do a search in google, if you don't right click the result and open it in another tab or window, it will bring to a random page and when you hit the back button, you need to hit it about 4 or 5 times before you can get back to your search results.

Here is the gmer.txt:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-18 11:28:59
Windows 6.0.6002 Service Pack 2
Running: 5luwxd8l.exe; Driver: C:\Users\Lisa\AppData\Local\Temp\kxldapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8597B618

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----





Here is the CKFiles.txt:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----





Here is the info.txt:

info.txt logfile of random's system information tool 1.06 2009-12-18 11:53:13

======Uninstall list======

-->"C:\Program Files\HP Games\7 Wonders II\Uninstall.exe"
-->"C:\Program Files\HP Games\Amazing Adventures The Lost Tomb\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Belle's Beauty Boutique\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Luxor 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery P.I. - The Lottery Ticket\Uninstall.exe"
-->"C:\Program Files\HP Games\Paradise Pet Salon\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Pirateville\Uninstall.exe"
-->"C:\Program Files\HP Games\Plant Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Supercow\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Wedding Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash CS3 Professional-->C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 8.1.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0009
AVG 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
BlueVoda Website Builder 9.22-->C:\Windows\iun6002.exe "C:\Program Files\BlueVoda Website Builder\irunin.ini"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IWAHerza.INF
Crystal Reports for .NET Framework 2.0 (x86)-->MsiExec.exe /I{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
Free Download Manager 3.0 Bittorrent plugin-->"C:\Program Files\Free Download Manager\unins000.exe"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP DVD Play 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Help and Support-->MsiExec.exe /X{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.40 D3-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP Smart Web Printing-->msiexec /i{380357CA-29F4-4B3C-B401-32C057E6B59B}
HP Total Care Advisor-->MsiExec.exe /X{f32502b5-5b64-4882-bf61-77f23edcac4f}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0118-->MsiExec.exe /I{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}
HP Wireless Assistant-->MsiExec.exe /I{340F521E-3576-4E1A-B75C-EB0ACF751379}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
HPTCSSetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}\setup.exe" -l0x9 -removeonly
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Infix 4.06-->"C:\Program Files\Iceni\Infix4\unins000.exe"
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MAPILab Toolbox-->MsiExec.exe /I{25B384BF-C6ED-496C-BD97-FB2FE16F6208}
Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Desktop Engine (MSPOSInstance)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
PCDrafter 2009-->MsiExec.exe /I{8DE49A9A-CE23-417B-90D2-9A3D2B4221CD}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
QuickPlay SlingPlayer 0.4.6-->"C:\Program Files\HP\QuickPlay\unins000.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0009 -removeonly
Regit POS-->C:\RegitPOS\UNWISE.EXE C:\RegitPOS\INSTALL.LOG
Retail Man POS 1.70-->"C:\RMan\uninstall.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Serif WebPlus X2 Resources-->MsiExec.exe /I{05BC428A-F2A5-4E11-8130-10C3237FD67B}
Serif WebPlus X2-->MsiExec.exe /I{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}
Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
Web Page Maker V3.12-->"C:\Program Files\Web Page Maker\unins000.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety-->MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Lisa-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948609(Update) into Install Requested(Install Requested) state
Record Number: 12728
Source Name: Microsoft-Windows-Servicing
Time Written: 20090412144407.000000-000
Event Type: Warning
User: Lisa-PC\Lisa

Computer Name: Lisa-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948609(Update) into Install Requested(Install Requested) state
Record Number: 12628
Source Name: Microsoft-Windows-Servicing
Time Written: 20090412144407.000000-000
Event Type: Warning
User: Lisa-PC\Lisa

Computer Name: Lisa-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948609(Update) into Install Requested(Install Requested) state
Record Number: 12623
Source Name: Microsoft-Windows-Servicing
Time Written: 20090412144407.000000-000
Event Type: Warning
User: Lisa-PC\Lisa

Computer Name: Lisa-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948609(Update) into Install Requested(Install Requested) state
Record Number: 12620
Source Name: Microsoft-Windows-Servicing
Time Written: 20090412144407.000000-000
Event Type: Warning
User: Lisa-PC\Lisa

Computer Name: Lisa-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948609(Update) into Install Requested(Install Requested) state
Record Number: 12616
Source Name: Microsoft-Windows-Servicing
Time Written: 20090412144407.000000-000
Event Type: Warning
User: Lisa-PC\Lisa

=====Application event log=====

Computer Name: Lisa-PC
Event Code: 1002
Message: The program iexplore.exe version 7.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: e30 Start Time: 01c988e079d89250 Termination Time: 375
Record Number: 173
Source Name: Application Hang
Time Written: 20090207050153.000000-000
Event Type: Error
User:

Computer Name: Lisa-PC
Event Code: 1002
Message: The program iexplore.exe version 7.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 8a0 Start Time: 01c988ce68161540 Termination Time: 219
Record Number: 171
Source Name: Application Hang
Time Written: 20090207045341.000000-000
Event Type: Error
User:

Computer Name: Lisa-PC
Event Code: 1002
Message: The program iexplore.exe version 7.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: b78 Start Time: 01c988cd199b5fc0 Termination Time: 0
Record Number: 159
Source Name: Application Hang
Time Written: 20090207024724.000000-000
Event Type: Error
User:

Computer Name: Lisa-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 144
Source Name: Microsoft-Windows-WMI
Time Written: 20090207023620.000000-000
Event Type: Error
User:

Computer Name: Lisa-PC
Event Code: 1002
Message: The program iexplore.exe version 7.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1780 Start Time: 01c989096e159930 Termination Time: 195
Record Number: 109
Source Name: Application Hang
Time Written: 20090207022537.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Lisa-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: WIN-XDGRH7QDIWM$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x208
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 107
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090207094343.343000-000
Event Type: Audit Success
User:

Computer Name: Lisa-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: WIN-XDGRH7QDIWM$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x208
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 106
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090207094343.343000-000
Event Type: Audit Success
User:

Computer Name: Lisa-PC
Event Code: 4905
Message: An attempt was made to unregister a security event source.

Subject
Security ID: S-1-5-18
Account Name: WIN-XDGRH7QDIWM$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID: 0xff8
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0xc83f4
Record Number: 105
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090202042635.073403-000
Event Type: Audit Success
User:

Computer Name: Lisa-PC
Event Code: 4904
Message: An attempt was made to register a security event source.

Subject :
Security ID: S-1-5-18
Account Name: WIN-XDGRH7QDIWM$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID: 0xff8
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0xc83f4
Record Number: 104
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090202042635.073403-000
Event Type: Audit Success
User:

Computer Name: Lisa-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-2347099956-282104287-4172513318-1000
Account Name: Lisa
Domain Name: Lisa-PC
Logon ID: 0x5be7d
Record Number: 103
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090202042626.758603-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
billt
Regular Member
 
Posts: 15
Joined: December 10th, 2009, 4:38 pm

Re: Wrong website opens after a google search & click link

Unread postby billt » December 18th, 2009, 1:17 pm

And here is the info.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Lisa at 2009-12-18 11:52:49
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 63 GB (44%) free of 143 GB
Total RAM: 2814 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:11 AM, on 12/18/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lisa\Desktop\RSIT.exe
C:\Program Files\trend micro\Lisa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [PrintDisp] C:\Windows\system32\PrintDisp.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - C:\Windows\system32\PrintCtrl.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10759 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2347099956-282104287-4172513318-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2347099956-282104287-4172513318-1000UA.job
C:\Windows\tasks\HPCeeScheduleForLisa.job
C:\Windows\tasks\Malwarebytes' Scheduled Scan for Lisa.job
C:\Windows\tasks\Malwarebytes' Scheduled Update for Lisa.job
C:\Windows\tasks\ParetoLogic Registration.job
C:\Windows\tasks\User_Feed_Synchronization-{CFD427E5-B189-4A99-975B-B995A481C0DE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-11 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-11 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2009-06-29 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-14 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-17 1049896]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-06-12 468264]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-23 13797920]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-11 2033432]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 429392]
"PrintDisp"=C:\Windows\system32\PrintDisp.exe [2009-08-21 878080]
"SNM"=C:\Program Files\SpyNoMore\SNM.exe /startup []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df130a80-feea-11dd-ac53-001f164ab93e}]
shell\AutoRun\command - F:\setupSNK.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-18 11:52:49 ----D---- C:\rsit
2009-12-18 11:40:08 ----D---- C:\Windows\Minidump
2009-12-12 14:45:08 ----D---- C:\Users\Lisa\AppData\Roaming\AVG9
2009-12-12 03:21:50 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-12 03:21:47 ----A---- C:\Windows\system32\httpapi.dll
2009-12-12 03:18:42 ----SHD---- C:\Windows\system32\%APPDATA%
2009-12-11 21:02:22 ----A---- C:\rollback.ini
2009-12-11 19:45:47 ----D---- C:\ProgramData\XoftSpySE
2009-12-11 19:06:19 ----D---- C:\ProgramData\ParetoLogic
2009-12-11 19:06:19 ----D---- C:\Program Files\Common Files\ParetoLogic
2009-12-11 17:59:45 ----A---- C:\Windows\system32\SaveTo.dll
2009-12-11 17:59:45 ----A---- C:\Windows\system32\ActPDF.dll
2009-12-11 17:59:44 ----A---- C:\Windows\system32\CPDF.dll
2009-12-11 17:58:49 ----A---- C:\Windows\system32\PrintDisp.exe
2009-12-11 17:58:49 ----A---- C:\Windows\system32\PrintCtrl.exe
2009-12-11 17:58:28 ----A---- C:\Windows\system32\SetPrinter.exe
2009-12-11 17:58:28 ----A---- C:\Windows\system32\PrtTools.exe
2009-12-11 17:58:28 ----A---- C:\Windows\system32\PrtPass.exe
2009-12-11 17:58:28 ----A---- C:\Windows\system32\PrintLog.exe
2009-12-11 17:58:27 ----D---- C:\Windows\Infix PDF
2009-12-11 17:58:27 ----A---- C:\Windows\system32\SetupDrv.exe
2009-12-11 17:58:27 ----A---- C:\Windows\system32\PrtClient.exe
2009-12-11 17:57:44 ----D---- C:\Users\Lisa\AppData\Roaming\Iceni
2009-12-11 17:51:45 ----SHD---- C:\Config.Msi
2009-12-11 15:37:44 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-12-11 15:37:44 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-12-11 15:37:44 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-11 15:37:44 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-12-11 15:32:35 ----A---- C:\Windows\ntbtlog.txt
2009-12-11 15:28:05 ----D---- C:\SpybotSDPortable
2009-12-11 15:17:08 ----HD---- C:\$AVG
2009-12-11 15:17:00 ----A---- C:\Windows\system32\avgrsstx.dll
2009-12-11 14:49:39 ----A---- C:\Windows\system32\winhttp.dll
2009-12-11 14:49:27 ----A---- C:\Windows\system32\mshtml.dll
2009-12-11 14:49:25 ----A---- C:\Windows\system32\ieframe.dll
2009-12-11 14:49:22 ----A---- C:\Windows\system32\urlmon.dll
2009-12-11 14:49:22 ----A---- C:\Windows\system32\iertutil.dll
2009-12-11 14:49:21 ----A---- C:\Windows\system32\wininet.dll
2009-12-11 14:49:21 ----A---- C:\Windows\system32\occache.dll
2009-12-11 14:49:21 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-11 14:49:21 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-11 14:49:20 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-11 14:49:20 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-11 14:49:20 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-11 14:49:20 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-11 14:49:20 ----A---- C:\Windows\system32\ieui.dll
2009-12-11 14:49:20 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-11 14:49:20 ----A---- C:\Windows\system32\iesetup.dll
2009-12-11 14:49:20 ----A---- C:\Windows\system32\iernonce.dll
2009-12-11 14:49:20 ----A---- C:\Windows\system32\iepeers.dll
2009-12-11 14:49:20 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-11 14:44:16 ----A---- C:\Windows\system32\rastls.dll
2009-12-11 13:14:28 ----D---- C:\VundoFix Backups
2009-12-11 13:14:28 ----A---- C:\VundoFix.txt
2009-12-10 15:44:21 ----D---- C:\Program Files\Trend Micro
2009-12-10 14:00:45 ----D---- C:\Program Files\AVG
2009-12-10 13:23:34 ----D---- C:\ProgramData\Iceni
2009-12-10 13:23:34 ----D---- C:\ProgramData\Aspell
2009-12-10 13:23:30 ----D---- C:\Users\Lisa\AppData\Roaming\Aspell
2009-12-10 13:23:30 ----D---- C:\Program Files\Iceni
2009-12-10 10:26:13 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-12-10 10:26:03 ----D---- C:\Users\Lisa\AppData\Roaming\SUPERAntiSpyware.com
2009-12-10 10:26:03 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-09 12:26:33 ----D---- C:\Program Files\Registry Easy
2009-12-07 11:33:15 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-05 15:16:44 ----D---- C:\ProgramData\avg9
2009-12-05 13:10:00 ----HDC---- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-05 13:06:11 ----D---- C:\ProgramData\Lavasoft
2009-12-03 17:13:38 ----A---- C:\logs.txt
2009-12-03 16:46:04 ----D---- C:\ProgramData\Kaspersky Lab
2009-12-03 12:49:49 ----D---- C:\Program Files\Common Files\PC Tools
2009-12-03 12:49:48 ----D---- C:\Users\Lisa\AppData\Roaming\PC Tools
2009-12-02 16:51:46 ----D---- C:\ProgramData\PC Tools
2009-12-02 16:51:30 ----RASHD---- C:\ProgramData\TEMP
2009-12-02 15:39:26 ----D---- C:\Users\Lisa\AppData\Roaming\Malwarebytes
2009-12-02 15:38:52 ----D---- C:\ProgramData\Malwarebytes
2009-12-02 15:38:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-02 11:59:38 ----D---- C:\Users\Lisa\AppData\Roaming\Megaupload
2009-12-02 11:56:42 ----D---- C:\Program Files\Megaupload
2009-12-02 11:54:52 ----D---- C:\Users\Lisa\AppData\Roaming\InstallShield
2009-12-02 11:01:33 ----D---- C:\Users\Lisa\AppData\Roaming\Mozilla
2009-11-30 12:24:51 ----A---- C:\bassmod.dll
2009-11-30 11:04:56 ----A---- C:\Windows\system32\BBPdfPortMon.DLL
2009-11-30 10:59:09 ----D---- C:\ProgramData\Bluebeam Software
2009-11-30 10:59:09 ----D---- C:\Program Files\Bluebeam Software
2009-11-28 16:06:14 ----D---- C:\ProgramData\FLEXnet
2009-11-28 15:55:53 ----A---- C:\Windows\system32\NPSWF32_FlashUtil.exe
2009-11-28 15:55:53 ----A---- C:\Windows\system32\NPSWF32.dll
2009-11-28 15:44:13 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-11-28 15:14:04 ----N---- C:\Windows\Setup1.exe
2009-11-28 15:14:01 ----A---- C:\Windows\ST6UNST.EXE
2009-11-28 14:59:24 ----D---- C:\Windows\system32\Adobe
2009-11-28 14:15:17 ----D---- C:\Users\Lisa\AppData\Roaming\FlashGet
2009-11-28 14:15:00 ----D---- C:\Program Files\FlashGet
2009-11-28 12:23:30 ----A---- C:\Windows\iun6002.exe
2009-11-28 12:22:34 ----D---- C:\Program Files\BlueVoda Website Builder
2009-11-28 12:21:31 ----A---- C:\Windows\BlueVoda Website Builder Setup Log.txt
2009-11-27 13:13:27 ----D---- C:\Program Files\WebSite X5 v8 - Evolution
2009-11-27 12:54:34 ----A---- C:\Windows\system32\VB5STKIT.DLL
2009-11-27 12:54:33 ----A---- C:\Windows\system32\MSVBVM50.dll
2009-11-27 12:54:33 ----A---- C:\Windows\system32\iwpsetup.exe
2009-11-27 12:04:24 ----D---- C:\Users\Lisa\AppData\Roaming\Serif
2009-11-27 11:55:33 ----D---- C:\Program Files\Common Files\MSSoap
2009-11-27 11:49:56 ----D---- C:\Program Files\Serif
2009-11-26 03:02:12 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 14:26:20 ----D---- C:\Program Files\Web Page Maker
2009-11-25 10:17:57 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 10:17:56 ----A---- C:\Windows\system32\msxml3.dll
2009-11-23 13:34:48 ----D---- C:\Program Files\Common Files\Outlook Security Manager
2009-11-23 13:34:47 ----D---- C:\Program Files\MAPILab Ltd
2009-11-23 13:34:47 ----D---- C:\Program Files\Common Files\MAPILab Ltd
2009-11-23 12:36:09 ----D---- C:\Users\Lisa\AppData\Roaming\MAPILab Ltd
2009-11-23 11:24:52 ----D---- C:\Users\Lisa\AppData\Roaming\Rules Manager
2009-11-21 17:11:42 ----D---- C:\Users\Lisa\AppData\Roaming\Web Page Maker
2009-11-21 17:11:03 ----D---- C:\Windows\system32\TVUAx
2009-11-21 16:44:13 ----D---- C:\Users\Lisa\AppData\Roaming\IBP
2009-11-19 13:50:22 ----D---- C:\Users\Lisa\AppData\Roaming\Thinstall
2009-11-19 10:48:38 ----A---- C:\Windows\system32\GEARAspi.dll
2009-11-19 10:47:09 ----D---- C:\Program Files\iPod
2009-11-19 10:46:41 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-19 10:46:41 ----D---- C:\Program Files\iTunes
2009-11-19 10:40:19 ----D---- C:\Program Files\QuickTime

======List of files/folders modified in the last 1 months======

2009-12-18 11:53:10 ----D---- C:\Windows\Prefetch
2009-12-18 11:52:51 ----D---- C:\Windows\Temp
2009-12-18 11:40:08 ----D---- C:\Windows
2009-12-12 14:59:09 ----D---- C:\Downloads
2009-12-12 14:51:04 ----D---- C:\Windows\system32\catroot2
2009-12-12 13:15:08 ----HD---- C:\Windows\system32\GroupPolicyUsers
2009-12-12 12:39:52 ----D---- C:\Windows\Tasks
2009-12-12 12:39:48 ----D---- C:\Windows\system32\Tasks
2009-12-12 10:16:56 ----SHD---- C:\Windows\Installer
2009-12-12 10:16:47 ----RD---- C:\Program Files
2009-12-12 10:16:15 ----HD---- C:\ProgramData
2009-12-12 10:16:01 ----D---- C:\Windows\System32
2009-12-12 10:13:48 ----D---- C:\Windows\system32\catroot
2009-12-12 10:13:44 ----D---- C:\Windows\system32\drivers
2009-12-12 10:12:50 ----D---- C:\Program Files\Common Files
2009-12-12 03:58:46 ----D---- C:\Windows\rescache
2009-12-12 03:54:32 ----D---- C:\Windows\winsxs
2009-12-12 03:41:44 ----D---- C:\Program Files\Google
2009-12-12 03:40:15 ----D---- C:\Windows\system32\migration
2009-12-12 03:40:12 ----D---- C:\Windows\system32\en-US
2009-12-12 03:40:12 ----D---- C:\Program Files\Windows Mail
2009-12-12 03:40:12 ----D---- C:\Program Files\Internet Explorer
2009-12-12 03:24:35 ----D---- C:\ProgramData\Microsoft Help
2009-12-12 03:21:11 ----RSD---- C:\Windows\assembly
2009-12-11 17:53:13 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-11 17:40:01 ----D---- C:\ProgramData\McAfee
2009-12-11 17:38:42 ----D---- C:\Windows\Sun
2009-12-11 17:27:30 ----D---- C:\Windows\system32\config
2009-12-11 17:25:15 ----D---- C:\Program Files\Common Files\Services
2009-12-11 17:25:10 ----D---- C:\Windows\system32\spool
2009-12-11 17:25:10 ----D---- C:\Windows\system32\Msdtc
2009-12-11 17:25:10 ----D---- C:\Windows\system32\CodeIntegrity
2009-12-11 17:25:09 ----D---- C:\Windows\SMINST
2009-12-11 17:24:56 ----D---- C:\Program Files\WinRAR
2009-12-11 17:24:45 ----D---- C:\Program Files\Bonjour
2009-12-11 17:24:25 ----D---- C:\Windows\registration
2009-12-11 17:24:18 ----D---- C:\ProgramData\Adobe
2009-12-11 17:24:17 ----D---- C:\Program Files\Common Files\Adobe
2009-12-11 17:24:17 ----D---- C:\Program Files\Adobe
2009-12-11 17:24:13 ----SD---- C:\Users\Lisa\AppData\Roaming\Microsoft
2009-12-11 17:24:13 ----DC---- C:\Windows\system32\DRVSTORE
2009-12-11 17:24:13 ----D---- C:\Windows\Downloaded Installations
2009-12-11 17:24:12 ----D---- C:\Program Files\Windows Live
2009-12-11 17:24:10 ----D---- C:\Program Files\Microsoft Sync Framework
2009-12-11 17:24:09 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-12-11 17:24:09 ----D---- C:\Program Files\Microsoft Silverlight
2009-12-11 17:24:09 ----D---- C:\Program Files\Microsoft
2009-12-11 17:24:09 ----D---- C:\Program Files\Common Files\Windows Live
2009-12-11 17:24:00 ----D---- C:\Windows\system32\EventProviders
2009-12-11 17:23:57 ----D---- C:\RegitPOS
2009-12-11 17:23:57 ----D---- C:\Program Files\Microsoft Visual Studio
2009-12-11 17:23:56 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-12-11 17:23:56 ----D---- C:\Program Files\Business Objects
2009-12-11 17:23:49 ----D---- C:\ProgramData\Hewlett-Packard
2009-12-11 17:23:44 ----HD---- C:\HP
2009-12-11 17:23:43 ----RD---- C:\Program Files\Online Services
2009-12-11 17:23:43 ----D---- C:\SWSetup
2009-12-11 17:23:43 ----D---- C:\Program Files\Yahoo!
2009-12-11 17:23:43 ----D---- C:\Program Files\HP
2009-12-11 17:23:43 ----D---- C:\Program Files\Hewlett-Packard
2009-12-11 17:23:43 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-11 17:23:43 ----D---- C:\Program Files\AWS
2009-12-11 17:23:41 ----HD---- C:\Windows\system32\GroupPolicy
2009-12-11 17:23:41 ----D---- C:\Program Files\CyberLink
2009-12-11 17:23:41 ----D---- C:\Program Files\Apple Software Update
2009-12-11 17:23:39 ----D---- C:\ProgramData\Yahoo! Companion
2009-12-11 17:23:36 ----D---- C:\Users\Lisa\AppData\Roaming\Macromedia
2009-12-11 17:23:36 ----D---- C:\ProgramData\HP
2009-12-11 17:23:36 ----D---- C:\Program Files\Free Download Manager
2009-12-11 17:23:36 ----D---- C:\Program Files\Common Files\HP
2009-12-11 17:23:34 ----SD---- C:\ProgramData\Microsoft
2009-12-11 17:23:34 ----D---- C:\Windows\system32\Macromed
2009-12-11 17:23:34 ----D---- C:\Program Files\Microsoft.NET
2009-12-11 17:23:33 ----D---- C:\Program Files\muvee Technologies
2009-12-11 17:23:33 ----D---- C:\Program Files\Microsoft Office
2009-12-11 17:23:33 ----D---- C:\Program Files\Common Files\muvee Technologies
2009-12-11 17:23:32 ----D---- C:\Program Files\Microsoft Works
2009-12-11 17:23:31 ----D---- C:\Program Files\HP Games
2009-12-11 17:23:29 ----D---- C:\ProgramData\WildTangent
2009-12-11 17:23:27 ----SHD---- C:\$RECYCLE.BIN
2009-12-11 17:23:27 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-12-11 17:23:26 ----D---- C:\Windows\Users
2009-12-11 17:23:26 ----D---- C:\Windows\system32\sysprep
2009-12-11 17:23:23 ----D---- C:\Windows\system32\DriverStore
2009-12-11 17:22:56 ----D---- C:\Windows\WindowsMobile
2009-12-11 17:22:56 ----D---- C:\Windows\Web
2009-12-11 17:22:56 ----D---- C:\Windows\system32\XPSViewer
2009-12-11 17:22:56 ----D---- C:\Windows\system32\winrm
2009-12-11 17:22:56 ----D---- C:\Windows\system32\WCN
2009-12-11 17:22:56 ----D---- C:\Windows\system32\wbem
2009-12-11 17:22:56 ----D---- C:\Windows\system32\Speech
2009-12-11 17:22:56 ----D---- C:\Windows\system32\SMI
2009-12-11 17:22:56 ----D---- C:\Windows\system32\slmgr
2009-12-11 17:22:56 ----D---- C:\Windows\system32\RemInst
2009-12-11 17:22:56 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2009-12-11 17:22:56 ----D---- C:\Windows\system32\oobe
2009-12-11 17:22:56 ----D---- C:\Windows\system32\networklist
2009-12-11 17:22:56 ----D---- C:\Windows\system32\MUI
2009-12-11 17:22:55 ----D---- C:\Windows\system32\migwiz
2009-12-11 17:22:55 ----D---- C:\Windows\system32\licensing
2009-12-11 17:22:55 ----D---- C:\Windows\system32\IME
2009-12-11 17:22:52 ----D---- C:\Windows\system32\com
2009-12-11 17:22:51 ----D---- C:\Windows\system32\Boot
2009-12-11 17:22:51 ----D---- C:\Windows\Speech
2009-12-11 17:22:51 ----D---- C:\Windows\Setup
2009-12-11 17:22:51 ----D---- C:\Windows\servicing
2009-12-11 17:22:51 ----D---- C:\Windows\ServiceProfiles
2009-12-11 17:22:51 ----D---- C:\Windows\security
2009-12-11 17:22:51 ----D---- C:\Windows\schemas
2009-12-11 17:22:51 ----D---- C:\Windows\Resources
2009-12-11 17:22:51 ----D---- C:\Windows\Provisioning
2009-12-11 17:22:51 ----D---- C:\Windows\PolicyDefinitions
2009-12-11 17:22:51 ----D---- C:\Windows\PLA
2009-12-11 17:22:51 ----D---- C:\Windows\Performance
2009-12-11 17:22:51 ----D---- C:\Windows\MSAgent
2009-12-11 17:22:50 ----D---- C:\Windows\IME
2009-12-11 17:22:50 ----D---- C:\Windows\Help
2009-12-11 17:22:50 ----D---- C:\Windows\ehome
2009-12-11 17:22:50 ----D---- C:\Windows\DigitalLocker
2009-12-11 17:22:50 ----D---- C:\Windows\Branding
2009-12-11 17:22:50 ----D---- C:\Windows\Boot
2009-12-11 17:22:49 ----D---- C:\Windows\AppPatch
2009-12-11 17:22:48 ----D---- C:\Program Files\Windows Sidebar
2009-12-11 17:22:48 ----D---- C:\Program Files\Windows Photo Gallery
2009-12-11 17:22:48 ----D---- C:\Program Files\Windows NT
2009-12-11 17:22:48 ----D---- C:\Program Files\Windows Media Player
2009-12-11 17:22:48 ----D---- C:\Program Files\Windows Journal
2009-12-11 17:22:48 ----D---- C:\Program Files\Windows Defender
2009-12-11 17:22:48 ----D---- C:\Program Files\Windows Collaboration
2009-12-11 17:22:48 ----D---- C:\Program Files\Windows Calendar
2009-12-11 17:22:48 ----D---- C:\Program Files\Movie Maker
2009-12-11 17:22:48 ----D---- C:\Program Files\Microsoft Games
2009-12-11 17:22:48 ----D---- C:\Program Files\Common Files\System
2009-12-11 17:22:47 ----HD---- C:\System.sav
2009-12-11 17:22:47 ----D---- C:\Program Files\NetWaiting
2009-12-11 17:22:47 ----D---- C:\Program Files\CONEXANT
2009-12-11 17:22:47 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-12-11 17:22:46 ----D---- C:\Program Files\The KMPlayer
2009-12-11 17:22:46 ----D---- C:\Program Files\Common Files\Business Objects
2009-12-11 17:22:42 ----D---- C:\ProgramData\CyberLink
2009-12-11 17:22:42 ----D---- C:\Program Files\Atheros
2009-12-11 17:22:41 ----D---- C:\Program Files\Snapfish Picture Mover
2009-12-11 17:22:41 ----D---- C:\Program Files\Cisco
2009-12-11 16:18:58 ----SD---- C:\Windows\Downloaded Program Files
2009-12-11 15:15:04 ----D---- C:\Windows\inf
2009-12-11 15:13:23 ----D---- C:\Program Files\Common Files\microsoft shared
2009-12-11 14:49:21 ----D---- C:\Program Files\Java
2009-12-11 14:38:07 ----D---- C:\ProgramData\Viewpoint
2009-12-11 11:21:36 ----D---- C:\Windows\LiveKernelReports
2009-12-09 21:38:17 ----SHD---- C:\System Volume Information
2009-12-04 15:44:49 ----D---- C:\Users\Lisa\AppData\Roaming\Free Download Manager
2009-12-01 15:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-28 16:06:59 ----D---- C:\Users\Lisa\AppData\Roaming\Adobe
2009-11-27 12:00:25 ----RSD---- C:\Windows\Fonts
2009-11-25 15:17:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-19 10:47:08 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-12-11 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-12-11 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-12-11 28424]
R1 AvgTdiX;AVG Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-12-11 360584]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-10-03 222208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-10-31 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-10-31 208896]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2009-12-03 19160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-01-29 1042464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-23 9791072]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-04-24 14848]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-17 199344]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-10-31 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-11 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2009-12-11 2303680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-12-03 276816]
R2 MSSQL$MSPOSINSTANCE;MSSQL$MSPOSINSTANCE; C:\Program Files\Microsoft SQL Server\MSSQL$MSPOSINSTANCE\Binn\sqlservr.exe [2005-05-04 9150464]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-23 211488]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Printer Control;Printer Control; C:\Windows\system32\PrintCtrl.exe [2009-06-16 77824]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-04-26 361808]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2008-01-09 148832]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-29 31048]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-28 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-12-04 181784]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$MSPOSINSTANCE;SQLAgent$MSPOSINSTANCE; C:\Program Files\Microsoft SQL Server\MSSQL$MSPOSINSTANCE\Binn\sqlagent.EXE [2005-05-03 323584]
S4 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]

-----------------EOF-----------------
billt
Regular Member
 
Posts: 15
Joined: December 10th, 2009, 4:38 pm

Re: Wrong website opens after a google search & click link

Unread postby Cypher » December 19th, 2009, 4:43 pm

Hi billt.

I have examined your log & I believe this to be a computer used for business.


If I could point you in the direction of the rules, which state under IF YOU NEED HELP:
We do not help in cleaning business or corporate computers. There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware. There may also be legal issues regarding any loss of business data that we do not wish to deal with.
If you ask for help and, unknown to us, it involves a business computer, you need to understand that any damages resulting from our advice are YOUR RESPONSIBILITY.
http://www.malwareremoval.com/rules.php

If this is indeed a business computer:

  • If this is a personal computer used for business it is suggested that you take this issue to your local PC repair store.

Please let me know you have read this so that the topic can be closed. I am sorry I could not have been of further assistance.

Thank you for your understanding.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Wrong website opens after a google search & click link

Unread postby billt » December 20th, 2009, 4:15 pm

We do not use this computer for our business. We just opened the stor on October 24th and we do not have enough money to buy a computer for the business. That is why we bring this to the store, so we have something to do. I use it to research software that we will be purchasing in the near future, once we buy a Business Computer. So, I need your help , please.
billt
Regular Member
 
Posts: 15
Joined: December 10th, 2009, 4:38 pm

Re: Wrong website opens after a google search & click link

Unread postby Cypher » December 21st, 2009, 7:49 am

Hi billt.
I have spoken with one of the site teaching staff and they have decided to go ahead and clean your PC.
Please continue with the instructions below.

Back Up registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it on to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next

Disable AVG

  • Open AVG8 Control Center, by right clicking on AVG icon on task bar.
  • Click on Tools.
  • Select Advanced.
  • In the left hand pane, scroll down to Resident Shield.
  • In the main pane, deselect the option to Enable Resident Shield.
  • Note: Don't forget to re-enable it after the fix.

Next

Download and Run ComboFix

  • Please download ComboFix from from the following link.

    Link .

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply.

  • ComboFix log.
  • Please let me know how your computer is performing now.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Wrong website opens after a google search & click link

Unread postby billt » December 21st, 2009, 12:20 pm

Thank you for your help.
The computer seems to not be doing it now.


ComboFix 09-12-20.08 - Lisa 12/21/2009 10:42:11.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1851 [GMT -5:00]
Running from: c:\users\Lisa\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2347099956-282104287-4172513318-500
c:\$recycle.bin\S-1-5-21-2759280842-944992480-3630274183-500

.
((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-21 15:55 . 2009-12-21 15:56 -------- d-----w- c:\users\Lisa\AppData\Local\temp
2009-12-21 15:55 . 2009-12-21 15:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-21 15:12 . 2009-12-11 20:16 4043032 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2009-12-21 15:12 . 2009-12-11 20:16 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2009-12-21 15:12 . 2009-12-11 20:16 2352920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2009-12-21 15:12 . 2009-12-11 20:16 916248 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2009-12-21 15:12 . 2009-12-11 20:16 3967256 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-12-21 15:10 . 2009-12-21 15:15 -------- d-----w- c:\program files\ERUNT
2009-12-18 16:52 . 2009-12-18 16:53 -------- d-----w- C:\rsit
2009-12-12 19:45 . 2009-12-12 19:45 -------- d-----w- c:\users\Lisa\AppData\Roaming\AVG9
2009-12-12 08:21 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 08:21 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 08:21 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-12 08:18 . 2009-12-12 08:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-12-12 02:05 . 2009-12-12 02:05 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2009-12-12 02:03 . 2009-12-12 15:26 1170208 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-12 00:53 . 2009-12-12 00:53 1152 ----a-w- c:\windows\system32\windrv.sys
2009-12-12 00:45 . 2009-12-12 00:45 -------- d-----w- c:\programdata\XoftSpySE
2009-12-12 00:06 . 2009-12-12 15:16 -------- d-----w- c:\programdata\ParetoLogic
2009-12-12 00:06 . 2009-12-12 15:16 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-11 22:59 . 2009-12-11 22:59 -------- d-----w- c:\users\Lisa\AppData\Local\Iceni
2009-12-11 22:59 . 2009-03-23 12:05 888832 ----a-w- c:\windows\system32\SaveTo.dll
2009-12-11 22:59 . 2008-01-19 05:36 1391616 ----a-w- c:\windows\system32\ActPDF.dll
2009-12-11 22:59 . 2009-06-17 04:19 2519040 ----a-w- c:\windows\system32\CPDF.dll
2009-12-11 22:58 . 2009-05-01 16:47 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ActPrint.dll
2009-12-11 22:58 . 2009-08-21 16:36 878080 ----a-w- c:\windows\system32\PrintDisp.exe
2009-12-11 22:58 . 2009-06-16 12:38 77824 ----a-w- c:\windows\system32\PrintCtrl.exe
2009-12-11 22:58 . 2009-07-24 14:26 702976 ----a-w- c:\windows\system32\PrtTools.exe
2009-12-11 22:58 . 2009-05-19 09:55 375296 ----a-w- c:\windows\system32\SetPrinter.exe
2009-12-11 22:58 . 2009-02-03 04:43 691200 ----a-w- c:\windows\system32\PrintLog.exe
2009-12-11 22:58 . 2007-09-10 16:32 524288 ----a-w- c:\windows\system32\PrtPass.exe
2009-12-11 22:58 . 2009-12-11 22:59 -------- d-----w- c:\windows\Infix PDF
2009-12-11 22:58 . 2009-09-11 06:04 822784 ----a-w- c:\windows\system32\SetupDrv.exe
2009-12-11 22:58 . 2009-09-06 05:02 1165824 ----a-w- c:\windows\system32\PrtClient.exe
2009-12-11 22:57 . 2009-05-11 21:33 56000 ----a-w- c:\programdata\Aspell\Dictionaries\Uninstall-AspellDict-en.exe
2009-12-11 22:57 . 2009-05-11 21:33 55755 ----a-w- c:\programdata\Aspell\Dictionaries\Uninstall-AspellDict-uk.exe
2009-12-11 22:57 . 2009-12-11 22:57 -------- d-----w- c:\users\Lisa\AppData\Roaming\Iceni
2009-12-11 20:37 . 2009-12-11 20:37 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-12-11 20:37 . 2009-12-11 20:37 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-11 20:37 . 2009-12-11 20:37 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-11 20:37 . 2009-12-11 20:37 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-11 20:28 . 2009-12-11 20:34 -------- d-----w- C:\SpybotSDPortable
2009-12-11 20:17 . 2009-12-11 20:17 -------- d-----w- C:\$AVG
2009-12-11 20:17 . 2009-12-11 20:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-11 20:16 . 2009-12-11 20:16 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-11 20:16 . 2009-12-11 20:16 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-11 20:16 . 2009-12-11 20:16 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-11 20:16 . 2009-12-11 20:16 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-11 20:16 . 2009-12-21 15:09 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-11 20:14 . 2009-12-11 20:14 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-12-11 19:56 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-11 19:56 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-11 19:44 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-11 18:14 . 2009-12-11 18:14 -------- d-----w- C:\VundoFix Backups
2009-12-11 17:21 . 2009-12-11 17:25 -------- d-----w- c:\users\Lisa\.SunDownloadManager
2009-12-10 20:44 . 2009-12-18 16:53 -------- d-----w- c:\program files\Trend Micro
2009-12-10 19:00 . 2009-12-11 20:14 -------- d-----w- c:\program files\AVG
2009-12-10 18:23 . 2009-12-10 18:23 -------- d-----w- c:\programdata\Aspell
2009-12-10 18:23 . 2009-12-10 18:23 -------- d-----w- c:\programdata\Iceni
2009-12-10 18:23 . 2009-12-10 18:23 -------- d-----w- c:\users\Lisa\AppData\Roaming\Aspell
2009-12-10 18:23 . 2009-12-10 18:23 -------- d-----w- c:\program files\Iceni
2009-12-10 15:26 . 2009-12-10 15:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-10 15:26 . 2009-12-10 15:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-10 15:26 . 2009-12-10 15:26 -------- d-----w- c:\users\Lisa\AppData\Roaming\SUPERAntiSpyware.com
2009-12-09 17:26 . 2009-12-10 22:00 -------- d-----w- c:\program files\Registry Easy
2009-12-07 16:33 . 2009-12-10 22:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-05 20:16 . 2009-12-18 15:27 -------- d-----w- c:\programdata\avg9
2009-12-05 18:10 . 2009-12-05 18:10 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-05 18:06 . 2009-12-05 18:28 -------- d-----w- c:\programdata\Lavasoft
2009-12-03 21:46 . 2009-12-08 22:06 -------- d-----w- c:\programdata\Kaspersky Lab
2009-12-03 21:35 . 2009-12-03 21:35 92 ----a-w- c:\users\Lisa\AppData\Local\fusioncache.dat
2009-12-03 17:49 . 2009-12-03 17:53 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-03 17:49 . 2009-12-03 17:49 -------- d-----w- c:\users\Lisa\AppData\Roaming\PC Tools
2009-12-02 21:51 . 2009-12-03 17:49 -------- d-----w- c:\programdata\PC Tools
2009-12-02 20:39 . 2009-12-02 20:39 -------- d-----w- c:\users\Lisa\AppData\Roaming\Malwarebytes
2009-12-02 20:38 . 2009-12-02 20:38 -------- d-----w- c:\programdata\Malwarebytes
2009-12-02 20:38 . 2009-12-11 19:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-02 16:59 . 2009-12-02 16:59 -------- d-----w- c:\users\Lisa\AppData\Roaming\Megaupload
2009-12-02 16:56 . 2009-12-02 16:56 -------- d-----w- c:\program files\Megaupload
2009-12-02 16:54 . 2009-12-02 16:54 -------- d-----w- c:\users\Lisa\AppData\Roaming\InstallShield
2009-12-02 16:01 . 2009-12-02 16:01 -------- d-----w- c:\users\Lisa\AppData\Local\Mozilla
2009-11-30 20:15 . 2009-11-30 20:15 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC3A8.tmp.exe
2009-11-30 17:24 . 2009-11-30 17:24 34308 ----a-w- C:\bassmod.dll
2009-11-30 16:06 . 2009-11-30 16:06 -------- d-----w- c:\users\Lisa\AppData\Local\Bluebeam Software
2009-11-30 16:04 . 2008-11-07 21:47 97952 ----a-w- c:\windows\system32\BBPdfPortMon.DLL
2009-11-30 15:59 . 2009-12-11 22:52 -------- d-----w- c:\programdata\Bluebeam Software
2009-11-30 15:59 . 2009-12-11 22:52 -------- d-----w- c:\program files\Bluebeam Software
2009-11-28 21:06 . 2009-12-11 22:24 -------- d-----w- c:\programdata\FLEXnet
2009-11-28 20:55 . 2007-02-20 21:04 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2009-11-28 20:55 . 2007-02-20 21:04 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
2009-11-28 20:44 . 2009-12-11 22:24 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-28 20:14 . 2009-12-12 02:19 249856 ------w- c:\windows\Setup1.exe
2009-11-28 20:14 . 2009-12-12 02:18 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-28 19:59 . 2009-12-11 22:24 -------- d-----w- c:\windows\system32\Adobe
2009-11-28 19:15 . 2009-12-11 22:24 -------- d-----w- c:\users\Lisa\AppData\Roaming\FlashGet
2009-11-28 19:15 . 2009-12-11 22:24 -------- d-----w- c:\program files\FlashGet
2009-11-28 17:44 . 2009-12-11 22:23 -------- d-----w- c:\users\Lisa\AppData\Local\Easy Website Pro
2009-11-28 17:23 . 2009-11-28 17:21 737280 ----a-w- c:\windows\iun6002.exe
2009-11-28 17:22 . 2009-12-11 22:24 -------- d-----w- c:\program files\BlueVoda Website Builder
2009-11-27 18:13 . 2009-12-11 22:24 -------- d-----w- c:\program files\WebSite X5 v8 - Evolution
2009-11-27 17:54 . 1997-01-16 05:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL
2009-11-27 17:54 . 2009-05-14 21:26 207872 ----a-w- c:\windows\system32\iwpsetup.exe
2009-11-27 17:54 . 2001-08-31 19:00 1355776 ----a-w- c:\windows\system32\MSVBVM50.dll
2009-11-27 17:50 . 2009-12-11 22:24 -------- d-----w- c:\users\Lisa\DesktopwebSite X5v80011
2009-11-27 17:04 . 2009-11-27 17:04 -------- d-----w- c:\users\Lisa\AppData\Roaming\Serif
2009-11-27 16:49 . 2009-12-11 22:24 -------- d-----w- c:\program files\Serif
2009-11-26 08:02 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 19:26 . 2009-12-11 22:24 -------- d-----w- c:\program files\Web Page Maker
2009-11-25 19:23 . 2009-11-25 19:23 7680 ----a-w- c:\users\Lisa\AppData\Roaming\Thinstall\Web Page Maker V3.03\40000035500002i\fdm.exe
2009-11-25 15:17 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 15:17 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 18:46 . 2009-11-24 18:46 7680 ----a-w- c:\users\Lisa\AppData\Roaming\Thinstall\Web Page Maker V3.03\1000000600002i\verclsid.exe
2009-11-23 18:34 . 2009-12-11 22:24 -------- d-----w- c:\program files\Common Files\Outlook Security Manager
2009-11-23 18:34 . 2009-12-11 22:24 -------- d-----w- c:\program files\Common Files\MAPILab Ltd
2009-11-23 18:34 . 2009-11-23 18:34 -------- d-----w- c:\program files\MAPILab Ltd
2009-11-23 17:36 . 2009-11-23 17:36 8854 ----a-r- c:\users\Lisa\AppData\Roaming\Microsoft\Installer\{25B384BF-C6ED-496C-BD97-FB2FE16F6208}\Uninstall_MAPILab_To_25B384BFC6ED496CBD97FB2FE16F6208.exe
2009-11-23 17:36 . 2009-11-23 17:36 -------- d-----w- c:\users\Lisa\AppData\Roaming\MAPILab Ltd
2009-11-23 16:24 . 2009-11-23 16:24 -------- d-----w- c:\users\Lisa\AppData\Roaming\Rules Manager
2009-11-21 22:11 . 2009-11-27 19:17 -------- d-----w- c:\users\Lisa\AppData\Roaming\Web Page Maker
2009-11-21 22:11 . 2009-12-11 22:25 -------- d-----w- c:\windows\system32\TVUAx
2009-11-21 21:44 . 2009-11-21 22:27 -------- d-----w- c:\users\Lisa\AppData\Roaming\IBP
2009-11-21 16:14 . 2009-11-21 16:14 7680 ----a-w- c:\users\Lisa\AppData\Roaming\Thinstall\Web Page Maker V3.03\4000005200002i\AcroRd32.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-21 15:03 . 2009-02-27 03:52 77032 ----a-w- c:\programdata\nvModes.dat
2009-12-15 16:48 . 2009-10-21 20:22 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-12 15:26 . 2009-12-12 02:03 17792 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-12 08:41 . 2009-08-08 01:43 -------- d-----w- c:\program files\Google
2009-12-12 08:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-12 08:24 . 2008-08-04 18:13 -------- d-----w- c:\programdata\Microsoft Help
2009-12-11 22:53 . 2008-08-04 16:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-11 22:40 . 2009-04-12 14:02 -------- d-----w- c:\programdata\McAfee
2009-12-11 22:24 . 2009-11-19 15:46 -------- d-----w- c:\program files\iTunes
2009-12-11 22:24 . 2009-07-04 19:46 -------- d-----w- c:\program files\Bonjour
2009-12-11 22:24 . 2008-08-04 18:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-11 22:24 . 2009-11-19 15:46 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-11 22:24 . 2009-10-28 20:40 -------- d-----w- c:\program files\Windows Live
2009-12-11 22:24 . 2009-10-28 20:43 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-12-11 22:24 . 2009-10-28 20:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-12-11 22:24 . 2009-10-28 20:23 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-11 22:24 . 2009-10-28 20:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-11 22:24 . 2009-10-28 20:14 -------- d-----w- c:\program files\Microsoft
2009-12-11 22:24 . 2009-11-19 15:40 -------- d-----w- c:\program files\QuickTime
2009-12-11 22:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-11 20:46 . 2009-08-07 18:47 1356 ----a-w- c:\users\Lisa\AppData\Local\d3d9caps.dat
2009-12-11 19:49 . 2008-08-04 18:49 -------- d-----w- c:\program files\Java
2009-12-11 19:38 . 2009-02-02 04:27 -------- d-----w- c:\programdata\Viewpoint
2009-12-08 22:34 . 2009-02-02 04:33 158632 ----a-w- c:\users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-04 20:44 . 2009-10-31 21:13 -------- d-----w- c:\users\Lisa\AppData\Roaming\Free Download Manager
2009-11-21 06:40 . 2009-12-11 19:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-11 19:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-11 19:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-11 19:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 16:40 . 2009-11-20 16:40 7680 ----a-w- c:\users\Lisa\AppData\Roaming\Thinstall\Web Page Maker V3.03\400000c00002i\GoogleToolbarNotifier.exe
2009-11-20 16:40 . 2009-11-20 16:40 7680 ----a-w- c:\users\Lisa\AppData\Roaming\Thinstall\Web Page Maker V3.03\4000004100002i\FlashUtil10c.exe
2009-11-20 16:40 . 2009-11-20 16:40 7680 ----a-w- c:\users\Lisa\AppData\Roaming\Thinstall\Web Page Maker V3.03\400000600002i\ssvagent.exe
2009-11-20 16:40 . 2009-11-20 16:40 7680 ----a-w- c:\users\Lisa\AppData\Roaming\Thinstall\Web Page Maker V3.03\4000004d00002i\GoogleToolbarUser.exe
2009-11-20 16:40 . 2009-11-20 16:40 7680 ----a-w- c:\users\Lisa\AppData\Roaming\Thinstall\Web Page Maker V3.03\4000003f00002i\SeaPort.exe
2009-11-20 16:39 . 2009-11-20 16:39 7680 ----a-w- c:\users\Lisa\AppData\Roaming\Thinstall\Web Page Maker V3.03\4000003800002i\wltuser.exe
2009-11-20 16:39 . 2009-11-20 16:39 7680 ----a-w- c:\users\Lisa\AppData\Roaming\Thinstall\Web Page Maker V3.03\4000009c00002i\iexplore.exe
2009-11-20 16:38 . 2009-11-20 16:38 7680 ----a-w- c:\users\Lisa\AppData\Roaming\Thinstall\Web Page Maker V3.03\30000000c5e00002i\OUTLOOK.EXE
2009-11-19 20:32 . 2009-11-19 20:32 7680 ----a-w- c:\users\Lisa\AppData\Roaming\Thinstall\Web Page Maker V3.03\10000006e00002i\SearchIndexer.exe
2009-11-19 18:57 . 2009-11-19 18:57 7680 ----a-w- c:\users\Lisa\AppData\Roaming\Thinstall\Web Page Maker V3.03\400000e600002i\chrome.exe
2009-11-19 18:50 . 2009-11-19 18:50 -------- d-----w- c:\users\Lisa\AppData\Roaming\Thinstall
2009-11-19 15:47 . 2009-07-04 19:42 -------- d-----w- c:\program files\Common Files\Apple
2009-11-19 15:25 . 2009-11-19 15:25 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-17 15:52 . 2008-11-05 20:05 -------- d-----w- c:\programdata\NVIDIA
2009-11-14 19:33 . 2009-11-14 19:33 -------- d-----w- c:\users\Lisa\AppData\Roaming\Download Manager
2009-11-14 15:35 . 2009-11-14 15:35 -------- d-----w- c:\program files\Microsoft SQL Server
2009-11-06 01:51 . 2009-11-06 01:51 -------- d-----w- c:\programdata\WindowsSearch
2009-11-03 01:42 . 2009-10-10 21:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 14:56 . 2009-03-11 00:24 -------- d-----w- c:\users\Lisa\AppData\Roaming\CyberLink
2009-10-30 14:47 . 2009-10-30 14:47 -------- d-----w- c:\programdata\AVS4YOU
2009-10-28 20:51 . 2009-10-28 20:51 -------- d-----w- c:\program files\Windows Portable Devices
2009-10-28 20:51 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-28 20:50 . 2009-10-28 20:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-28 20:41 . 2009-10-28 20:41 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-28 15:15 . 2009-10-28 15:11 -------- d-----w- c:\users\Lisa\AppData\Roaming\ImgBurn
2009-10-28 14:55 . 2009-10-28 14:55 -------- d-----w- c:\program files\ImgBurn
2009-10-11 09:17 . 2009-04-12 14:07 18208 ----a-w- c:\users\Lisa\AppData\Roaming\Thinstall\Web Page Maker V3.03\%ProgramFilesDir%\Java\jre6\bin\ssvagent.exe
2009-10-11 09:17 . 2009-04-12 14:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-10-28 20:18 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-10-28 20:18 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-10-28 20:18 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-01 01:02 . 2009-10-28 20:19 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-10-28 20:20 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-10-28 20:19 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-10-28 20:19 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-10-28 20:20 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-10-28 20:19 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-10-28 20:19 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-10-28 20:20 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-10-28 20:19 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-10-28 20:19 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-10-28 20:19 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-10-28 20:20 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 02:10 . 2009-10-28 20:20 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-10-28 20:20 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-10-28 20:20 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-10-28 20:20 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-10-28 20:20 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-10-28 20:20 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-10-28 20:20 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-10-28 20:20 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-10-28 20:20 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-10-28 20:21 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-10-28 20:21 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-10-28 20:20 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-10-28 20:20 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-10-28 20:20 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-10-28 20:20 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-10-28 20:20 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-10-28 20:20 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-10-28 20:20 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-10-28 20:20 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-10-28 20:20 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-10-28 20:21 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-10-28 20:21 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-10-28 20:20 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-10-28 20:20 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-10-28 20:21 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-10-28 20:20 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-10-28 20:21 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2008-08-04 15:03 . 2008-08-04 15:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-11 2033432]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2009-08-21 878080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):fe,6c,4e,3d,2c,53,ca,01

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [12/11/2009 3:16 PM 161800]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [12/11/2009 3:14 PM 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12/11/2009 3:16 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [12/11/2009 3:16 PM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/11/2009 3:16 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [12/11/2009 3:16 PM 2303680]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/11/2009 2:57 PM 276816]
R2 MSSQL$MSPOSINSTANCE;MSSQL$MSPOSINSTANCE;c:\program files\Microsoft SQL Server\MSSQL$MSPOSINSTANCE\Binn\sqlservr.exe [5/4/2005 12:04 AM 9150464]
R2 Printer Control;Printer Control;c:\windows\System32\PrintCtrl.exe [12/11/2009 5:58 PM 77824]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [8/4/2008 1:43 PM 361808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [8/4/2008 12:15 PM 193840]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [12/11/2009 2:56 PM 19160]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [8/21/2009 7:24 PM 66592]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 9:23 PM 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/28/2009 3:44 PM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]
S3 SQLAgent$MSPOSINSTANCE;SQLAgent$MSPOSINSTANCE;c:\program files\Microsoft SQL Server\MSSQL$MSPOSINSTANCE\Binn\sqlagent.EXE [5/3/2005 9:42 PM 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dogpile.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 10:56
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8593B618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x807a1d24
\Driver\ACPI -> acpi.sys @ 0x8060fd68
\Driver\atapi -> ataport.SYS @ 0x822b7a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-21 11:03:18
ComboFix-quarantined-files.txt 2009-12-21 16:03

Pre-Run: 65,895,260,160 bytes free
Post-Run: 65,927,892,992 bytes free

- - End Of File - - E54F5B2547286A6EB94D2104B1D92848
billt
Regular Member
 
Posts: 15
Joined: December 10th, 2009, 4:38 pm

Re: Wrong website opens after a google search & click link

Unread postby Cypher » December 22nd, 2009, 6:22 am

Hi billt.
Thank you for your help

Your welcome :)


TDSSKiller

  • Click here to download TDSSKiller to your desktop.
  • Extract TDSSKiller.rar to your desktop.
    NOTE: Close all running programs as a reboot may be necessary
  • Right-click TDSSKiller_2.0.0 RC3.exe And select " Run as administrator " to run the tool.
  • Once it is finished, click any key to continue and allow reboot as necessary.

  • After the tool has run and any necessary reboot has ocurred, copy the text in the codebox below
    Code: Select all
    cmd /c mbr.exe -t >log.txt&start log.txt
  • Click Start, All programs, Accessories, Run... and paste the text above into the Open: line and click OK.
  • A log will open, please include the log in your next reply.

Next.

Set Your Computer to Show All Files/Folders.

  • Click Start.
  • Open Computer.
  • Press the ALT key.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Next

Upload a File to Jotti

Please go to jotti.org

Copy/paste this file and path into the white box at the top:
c:\windows\system32\SaveTo.dll

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

If you have trouble using jotti try Virustotal

Please repeat the process for the following.
c:\windows\system32\CPDF.dll

c:\windows\system32\iwpsetup.exe


In your next reply.

  • TDSSKiller log.
  • jotti or Virustotal results.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Wrong website opens after a google search & click link

Unread postby billt » December 22nd, 2009, 11:31 am

Thanks again. The computer seems to be running great. Here is what you requested:


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR

Filename: SaveTo.dll
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Tue 22 Dec 2009 16:25:22 (CET) Permalink

Filename: CPDF.dll
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Tue 22 Dec 2009 16:27:31 (CET) Permalink

Filename: iwpsetup.exe
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Tue 22 Dec 2009 16:30:44 (CET) Permalink
billt
Regular Member
 
Posts: 15
Joined: December 10th, 2009, 4:38 pm

Re: Wrong website opens after a google search & click link

Unread postby Cypher » December 23rd, 2009, 6:19 am

Hi billt.

Did you run TDSSKiller as admin?
Please follow the instructions again for running it, and take note to Right-click TDSSKiller_2.0.0 RC3.exe And select " Run as administrator "

Next.

Upload a File to Jotti

Please go to jotti.org

Copy/paste this file and path into the white box at the top:
c:\users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

If you have trouble using jotti try Virustotal

In your next reply.

  • TDSSKiller log.
  • jotti or Virustotal results.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Wrong website opens after a google search & click link

Unread postby billt » December 23rd, 2009, 11:33 am

I did run the TDSSKiller as admin. I ran it again 2 times and then copied your path into the run prompt and get the same results. the one thing I noticed is that the mbr.exe is located in the c:\windows and not c:\. Computer is still running good. Also, if you don't get back to me within the next 7 hours, I will not be on the computer until 12/28/09.


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR



Filename: GDIPFONTCACHEV1.DAT
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Wed 23 Dec 2009 16:30:52 (CET) Permalink
billt
Regular Member
 
Posts: 15
Joined: December 10th, 2009, 4:38 pm

Re: Wrong website opens after a google search & click link

Unread postby Cypher » December 27th, 2009, 11:06 am

Hi billt.
Ok lets give this a try.


MBR Rootkit Detector:

Please download The MBR Rootkit Detector by GMER
Be sure to download it to the root of your drive, e.g. C:\MBR.exe


Once the download has finished, click Click on Start > All programs > Accessories > Run.
Copy and paste the following into the run box, then click OK:
Code: Select all
\mbr

A log will be generated on your C:\ drive called MBR.txt. Post it in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware