Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Wrong website opens after a google search & click link

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Wrong website opens after a google search & click link

Unread postby billt » December 28th, 2009, 11:09 am

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
billt
Regular Member
 
Posts: 15
Joined: December 10th, 2009, 4:38 pm
Advertisement
Register to Remove

Re: Wrong website opens after a google search & click link

Unread postby Cypher » December 28th, 2009, 12:39 pm

Hi billt.
That worked thank you.

Uninstall programs
  • Click on Start
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following

Adobe Reader 8.1.5
Java(TM) 6 Update 5


Next.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 17.
  • Click on Download.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.2 are vulnerable.
  • Go HERE and click on AdbeRdr920_en_US.exe to download the latest version of Adobe Acrobat Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Next.

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply.

  • RSIT log.txt
  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Wrong website opens after a google search & click link

Unread postby billt » December 28th, 2009, 5:20 pm

Everything is running great. Here are the logs:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Lisa at 2009-12-28 13:26:56
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 68 GB (47%) free of 143 GB
Total RAM: 2814 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:14 PM, on 12/28/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Wondershare\Flash Slideshow Builder\FSSB.exe
C:\Users\Lisa\Desktop\RSIT.exe
C:\Program Files\trend micro\Lisa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [PrintDisp] C:\Windows\system32\PrintDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - C:\Windows\system32\PrintCtrl.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9974 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2347099956-282104287-4172513318-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2347099956-282104287-4172513318-1000UA.job
C:\Windows\tasks\HPCeeScheduleForLisa.job
C:\Windows\tasks\Malwarebytes' Scheduled Scan for Lisa.job
C:\Windows\tasks\Malwarebytes' Scheduled Update for Lisa.job
C:\Windows\tasks\ParetoLogic Registration.job
C:\Windows\tasks\User_Feed_Synchronization-{CFD427E5-B189-4A99-975B-B995A481C0DE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-11 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-11 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2009-06-29 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-14 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-17 1049896]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-06-12 468264]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-23 13797920]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-23 2033432]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 429392]
"PrintDisp"=C:\Windows\system32\PrintDisp.exe [2009-08-21 878080]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2009-12-28 12:01:10 ----SHD---- C:\Config.Msi
2009-12-26 12:17:51 ----D---- C:\wadtemp
2009-12-23 11:18:22 ----D---- C:\Program Files\Wondershare
2009-12-22 17:00:29 ----D---- C:\Program Files\Makayama Interactive
2009-12-21 11:03:26 ----D---- C:\Windows\temp
2009-12-21 11:01:47 ----SHD---- C:\$RECYCLE.BIN
2009-12-21 10:40:00 ----A---- C:\Windows\zip.exe
2009-12-21 10:40:00 ----A---- C:\Windows\SWREG.exe
2009-12-21 10:40:00 ----A---- C:\Windows\PEV.exe
2009-12-21 10:40:00 ----A---- C:\Windows\NIRCMD.exe
2009-12-21 10:40:00 ----A---- C:\Windows\MBR.exe
2009-12-21 10:39:59 ----A---- C:\Windows\SWXCACLS.exe
2009-12-21 10:39:59 ----A---- C:\Windows\SWSC.exe
2009-12-21 10:39:59 ----A---- C:\Windows\sed.exe
2009-12-21 10:39:59 ----A---- C:\Windows\grep.exe
2009-12-21 10:38:20 ----D---- C:\Qoobox
2009-12-21 10:19:38 ----D---- C:\Windows\ERDNT
2009-12-21 10:10:16 ----D---- C:\Program Files\ERUNT
2009-12-18 11:52:49 ----D---- C:\rsit
2009-12-18 11:40:08 ----D---- C:\Windows\Minidump
2009-12-12 14:45:08 ----D---- C:\Users\Lisa\AppData\Roaming\AVG9
2009-12-12 03:21:50 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-12 03:21:47 ----A---- C:\Windows\system32\httpapi.dll
2009-12-12 03:18:42 ----SHD---- C:\Windows\system32\%APPDATA%
2009-12-11 21:02:22 ----A---- C:\rollback.ini
2009-12-11 19:45:47 ----D---- C:\ProgramData\XoftSpySE
2009-12-11 19:06:19 ----D---- C:\ProgramData\ParetoLogic
2009-12-11 19:06:19 ----D---- C:\Program Files\Common Files\ParetoLogic
2009-12-11 17:59:45 ----A---- C:\Windows\system32\SaveTo.dll
2009-12-11 17:59:45 ----A---- C:\Windows\system32\ActPDF.dll
2009-12-11 17:59:44 ----A---- C:\Windows\system32\CPDF.dll
2009-12-11 17:58:49 ----A---- C:\Windows\system32\PrintDisp.exe
2009-12-11 17:58:49 ----A---- C:\Windows\system32\PrintCtrl.exe
2009-12-11 17:58:28 ----A---- C:\Windows\system32\SetPrinter.exe
2009-12-11 17:58:28 ----A---- C:\Windows\system32\PrtTools.exe
2009-12-11 17:58:28 ----A---- C:\Windows\system32\PrtPass.exe
2009-12-11 17:58:28 ----A---- C:\Windows\system32\PrintLog.exe
2009-12-11 17:58:27 ----D---- C:\Windows\Infix PDF
2009-12-11 17:58:27 ----A---- C:\Windows\system32\SetupDrv.exe
2009-12-11 17:58:27 ----A---- C:\Windows\system32\PrtClient.exe
2009-12-11 17:57:44 ----D---- C:\Users\Lisa\AppData\Roaming\Iceni
2009-12-11 15:37:44 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-12-11 15:37:44 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-12-11 15:37:44 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-11 15:37:44 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-12-11 15:32:35 ----A---- C:\Windows\ntbtlog.txt
2009-12-11 15:28:05 ----D---- C:\SpybotSDPortable
2009-12-11 15:17:08 ----D---- C:\$AVG
2009-12-11 15:17:00 ----A---- C:\Windows\system32\avgrsstx.dll
2009-12-11 14:49:39 ----A---- C:\Windows\system32\winhttp.dll
2009-12-11 14:49:27 ----A---- C:\Windows\system32\mshtml.dll
2009-12-11 14:49:25 ----A---- C:\Windows\system32\ieframe.dll
2009-12-11 14:49:22 ----A---- C:\Windows\system32\urlmon.dll
2009-12-11 14:49:22 ----A---- C:\Windows\system32\iertutil.dll
2009-12-11 14:49:21 ----A---- C:\Windows\system32\wininet.dll
2009-12-11 14:49:21 ----A---- C:\Windows\system32\occache.dll
2009-12-11 14:49:21 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-11 14:49:21 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-11 14:49:20 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-11 14:49:20 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-11 14:49:20 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-11 14:49:20 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-11 14:49:20 ----A---- C:\Windows\system32\ieui.dll
2009-12-11 14:49:20 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-11 14:49:20 ----A---- C:\Windows\system32\iesetup.dll
2009-12-11 14:49:20 ----A---- C:\Windows\system32\iernonce.dll
2009-12-11 14:49:20 ----A---- C:\Windows\system32\iepeers.dll
2009-12-11 14:49:20 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-11 14:44:16 ----A---- C:\Windows\system32\rastls.dll
2009-12-11 13:14:28 ----D---- C:\VundoFix Backups
2009-12-11 13:14:28 ----A---- C:\VundoFix.txt
2009-12-10 15:44:21 ----D---- C:\Program Files\Trend Micro
2009-12-10 14:00:45 ----D---- C:\Program Files\AVG
2009-12-10 13:23:34 ----D---- C:\ProgramData\Iceni
2009-12-10 13:23:34 ----D---- C:\ProgramData\Aspell
2009-12-10 13:23:30 ----D---- C:\Users\Lisa\AppData\Roaming\Aspell
2009-12-10 13:23:30 ----D---- C:\Program Files\Iceni
2009-12-10 10:26:13 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-12-10 10:26:03 ----D---- C:\Users\Lisa\AppData\Roaming\SUPERAntiSpyware.com
2009-12-10 10:26:03 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-09 12:26:33 ----D---- C:\Program Files\Registry Easy
2009-12-07 11:33:15 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-05 15:16:44 ----D---- C:\ProgramData\avg9
2009-12-05 13:10:00 ----HDC---- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-05 13:06:11 ----D---- C:\ProgramData\Lavasoft
2009-12-03 17:13:38 ----A---- C:\logs.txt
2009-12-03 16:46:04 ----D---- C:\ProgramData\Kaspersky Lab
2009-12-03 12:49:49 ----D---- C:\Program Files\Common Files\PC Tools
2009-12-03 12:49:48 ----D---- C:\Users\Lisa\AppData\Roaming\PC Tools
2009-12-02 16:51:46 ----D---- C:\ProgramData\PC Tools
2009-12-02 16:51:30 ----RASHD---- C:\ProgramData\TEMP
2009-12-02 15:39:26 ----D---- C:\Users\Lisa\AppData\Roaming\Malwarebytes
2009-12-02 15:38:52 ----D---- C:\ProgramData\Malwarebytes
2009-12-02 15:38:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-02 11:59:38 ----D---- C:\Users\Lisa\AppData\Roaming\Megaupload
2009-12-02 11:56:42 ----D---- C:\Program Files\Megaupload
2009-12-02 11:54:52 ----D---- C:\Users\Lisa\AppData\Roaming\InstallShield
2009-12-02 11:01:33 ----D---- C:\Users\Lisa\AppData\Roaming\Mozilla
2009-11-30 12:24:51 ----A---- C:\bassmod.dll
2009-11-30 11:04:56 ----A---- C:\Windows\system32\BBPdfPortMon.DLL
2009-11-30 10:59:09 ----D---- C:\ProgramData\Bluebeam Software
2009-11-30 10:59:09 ----D---- C:\Program Files\Bluebeam Software

======List of files/folders modified in the last 1 months======

2009-12-28 13:27:11 ----D---- C:\Windows\Prefetch
2009-12-28 12:54:16 ----SHD---- C:\Windows\Installer
2009-12-28 12:54:07 ----D---- C:\ProgramData\Adobe
2009-12-28 12:52:10 ----D---- C:\Program Files\Common Files\Adobe
2009-12-28 12:51:35 ----D---- C:\Program Files\Adobe
2009-12-28 12:50:59 ----D---- C:\Windows\System32
2009-12-28 12:50:53 ----SHD---- C:\System Volume Information
2009-12-28 11:58:47 ----RD---- C:\Program Files
2009-12-23 11:18:55 ----RSD---- C:\Windows\Fonts
2009-12-23 10:22:01 ----D---- C:\Windows\system32\drivers
2009-12-21 16:45:49 ----D---- C:\Users\Lisa\AppData\Roaming\Adobe
2009-12-21 11:03:26 ----D---- C:\Windows
2009-12-21 10:56:43 ----A---- C:\Windows\system.ini
2009-12-21 10:48:46 ----D---- C:\Windows\AppPatch
2009-12-21 10:48:45 ----D---- C:\Program Files\Common Files
2009-12-12 14:59:09 ----D---- C:\Downloads
2009-12-12 14:51:04 ----D---- C:\Windows\system32\catroot2
2009-12-12 13:15:08 ----HD---- C:\Windows\system32\GroupPolicyUsers
2009-12-12 12:39:52 ----D---- C:\Windows\Tasks
2009-12-12 12:39:48 ----D---- C:\Windows\system32\Tasks
2009-12-12 10:16:15 ----D---- C:\ProgramData
2009-12-12 10:13:48 ----D---- C:\Windows\system32\catroot
2009-12-12 03:58:46 ----D---- C:\Windows\rescache
2009-12-12 03:54:32 ----D---- C:\Windows\winsxs
2009-12-12 03:41:44 ----D---- C:\Program Files\Google
2009-12-12 03:40:15 ----D---- C:\Windows\system32\migration
2009-12-12 03:40:12 ----D---- C:\Windows\system32\en-US
2009-12-12 03:40:12 ----D---- C:\Program Files\Windows Mail
2009-12-12 03:40:12 ----D---- C:\Program Files\Internet Explorer
2009-12-12 03:24:35 ----D---- C:\ProgramData\Microsoft Help
2009-12-12 03:21:11 ----RSD---- C:\Windows\assembly
2009-12-11 21:19:05 ----N---- C:\Windows\Setup1.exe
2009-12-11 21:18:52 ----A---- C:\Windows\ST6UNST.EXE
2009-12-11 17:53:13 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-11 17:40:01 ----D---- C:\ProgramData\McAfee
2009-12-11 17:38:42 ----D---- C:\Windows\Sun
2009-12-11 17:27:30 ----D---- C:\Windows\system32\config
2009-12-11 17:25:15 ----D---- C:\Program Files\Common Files\Services
2009-12-11 17:25:10 ----D---- C:\Windows\system32\TVUAx
2009-12-11 17:25:10 ----D---- C:\Windows\system32\spool
2009-12-11 17:25:10 ----D---- C:\Windows\system32\Msdtc
2009-12-11 17:25:10 ----D---- C:\Windows\system32\CodeIntegrity
2009-12-11 17:25:09 ----D---- C:\Windows\SMINST
2009-12-11 17:24:56 ----D---- C:\ProgramData\FLEXnet
2009-12-11 17:24:56 ----D---- C:\Program Files\WinRAR
2009-12-11 17:24:55 ----D---- C:\Program Files\WebSite X5 v8 - Evolution
2009-12-11 17:24:51 ----D---- C:\Program Files\iTunes
2009-12-11 17:24:49 ----D---- C:\Program Files\Common Files\Outlook Security Manager
2009-12-11 17:24:46 ----D---- C:\Program Files\Common Files\MAPILab Ltd
2009-12-11 17:24:45 ----D---- C:\Program Files\Bonjour
2009-12-11 17:24:25 ----D---- C:\Windows\registration
2009-12-11 17:24:15 ----D---- C:\Program Files\BlueVoda Website Builder
2009-12-11 17:24:14 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-12-11 17:24:13 ----SD---- C:\Users\Lisa\AppData\Roaming\Microsoft
2009-12-11 17:24:13 ----DC---- C:\Windows\system32\DRVSTORE
2009-12-11 17:24:13 ----D---- C:\Windows\system32\Adobe
2009-12-11 17:24:13 ----D---- C:\Windows\Downloaded Installations
2009-12-11 17:24:13 ----D---- C:\Users\Lisa\AppData\Roaming\FlashGet
2009-12-11 17:24:13 ----D---- C:\Program Files\Web Page Maker
2009-12-11 17:24:13 ----D---- C:\Program Files\Serif
2009-12-11 17:24:13 ----D---- C:\Program Files\FlashGet
2009-12-11 17:24:13 ----D---- C:\Program Files\Common Files\MSSoap
2009-12-11 17:24:12 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-11 17:24:12 ----D---- C:\Program Files\Windows Live
2009-12-11 17:24:10 ----D---- C:\Program Files\Microsoft Sync Framework
2009-12-11 17:24:09 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-12-11 17:24:09 ----D---- C:\Program Files\Microsoft Silverlight
2009-12-11 17:24:09 ----D---- C:\Program Files\Microsoft
2009-12-11 17:24:09 ----D---- C:\Program Files\Common Files\Windows Live
2009-12-11 17:24:08 ----D---- C:\Program Files\QuickTime
2009-12-11 17:24:00 ----D---- C:\Windows\system32\EventProviders
2009-12-11 17:23:57 ----D---- C:\RegitPOS
2009-12-11 17:23:57 ----D---- C:\Program Files\Microsoft Visual Studio
2009-12-11 17:23:56 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-12-11 17:23:56 ----D---- C:\Program Files\Business Objects
2009-12-11 17:23:49 ----D---- C:\ProgramData\Hewlett-Packard
2009-12-11 17:23:44 ----D---- C:\HP
2009-12-11 17:23:43 ----RD---- C:\Program Files\Online Services
2009-12-11 17:23:43 ----D---- C:\SWSetup
2009-12-11 17:23:43 ----D---- C:\Program Files\Yahoo!
2009-12-11 17:23:43 ----D---- C:\Program Files\HP
2009-12-11 17:23:43 ----D---- C:\Program Files\Hewlett-Packard
2009-12-11 17:23:43 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-11 17:23:43 ----D---- C:\Program Files\AWS
2009-12-11 17:23:41 ----HD---- C:\Windows\system32\GroupPolicy
2009-12-11 17:23:41 ----D---- C:\Program Files\CyberLink
2009-12-11 17:23:41 ----D---- C:\Program Files\Apple Software Update
2009-12-11 17:23:39 ----D---- C:\ProgramData\Yahoo! Companion
2009-12-11 17:23:36 ----D---- C:\Users\Lisa\AppData\Roaming\Macromedia
2009-12-11 17:23:36 ----D---- C:\ProgramData\HP
2009-12-11 17:23:36 ----D---- C:\Program Files\Free Download Manager
2009-12-11 17:23:36 ----D---- C:\Program Files\Common Files\HP
2009-12-11 17:23:34 ----SD---- C:\ProgramData\Microsoft
2009-12-11 17:23:34 ----D---- C:\Windows\system32\Macromed
2009-12-11 17:23:34 ----D---- C:\Program Files\Microsoft.NET
2009-12-11 17:23:33 ----D---- C:\Program Files\muvee Technologies
2009-12-11 17:23:33 ----D---- C:\Program Files\Microsoft Office
2009-12-11 17:23:33 ----D---- C:\Program Files\Common Files\muvee Technologies
2009-12-11 17:23:32 ----D---- C:\Program Files\Microsoft Works
2009-12-11 17:23:31 ----D---- C:\Program Files\HP Games
2009-12-11 17:23:29 ----D---- C:\ProgramData\WildTangent
2009-12-11 17:23:27 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-12-11 17:23:26 ----D---- C:\Windows\Users
2009-12-11 17:23:26 ----D---- C:\Windows\system32\sysprep
2009-12-11 17:23:25 ----D---- C:\Program Files\iPod
2009-12-11 17:23:23 ----D---- C:\Windows\system32\DriverStore
2009-12-11 17:22:56 ----D---- C:\Windows\WindowsMobile
2009-12-11 17:22:56 ----D---- C:\Windows\Web
2009-12-11 17:22:56 ----D---- C:\Windows\system32\XPSViewer
2009-12-11 17:22:56 ----D---- C:\Windows\system32\winrm
2009-12-11 17:22:56 ----D---- C:\Windows\system32\WCN
2009-12-11 17:22:56 ----D---- C:\Windows\system32\wbem
2009-12-11 17:22:56 ----D---- C:\Windows\system32\Speech
2009-12-11 17:22:56 ----D---- C:\Windows\system32\SMI
2009-12-11 17:22:56 ----D---- C:\Windows\system32\slmgr
2009-12-11 17:22:56 ----D---- C:\Windows\system32\RemInst
2009-12-11 17:22:56 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2009-12-11 17:22:56 ----D---- C:\Windows\system32\oobe
2009-12-11 17:22:56 ----D---- C:\Windows\system32\networklist
2009-12-11 17:22:56 ----D---- C:\Windows\system32\MUI
2009-12-11 17:22:55 ----D---- C:\Windows\system32\migwiz
2009-12-11 17:22:55 ----D---- C:\Windows\system32\licensing
2009-12-11 17:22:55 ----D---- C:\Windows\system32\IME
2009-12-11 17:22:52 ----D---- C:\Windows\system32\com
2009-12-11 17:22:51 ----D---- C:\Windows\system32\Boot
2009-12-11 17:22:51 ----D---- C:\Windows\Speech
2009-12-11 17:22:51 ----D---- C:\Windows\Setup
2009-12-11 17:22:51 ----D---- C:\Windows\servicing
2009-12-11 17:22:51 ----D---- C:\Windows\ServiceProfiles
2009-12-11 17:22:51 ----D---- C:\Windows\security
2009-12-11 17:22:51 ----D---- C:\Windows\schemas
2009-12-11 17:22:51 ----D---- C:\Windows\Resources
2009-12-11 17:22:51 ----D---- C:\Windows\Provisioning
2009-12-11 17:22:51 ----D---- C:\Windows\PolicyDefinitions
2009-12-11 17:22:51 ----D---- C:\Windows\PLA
2009-12-11 17:22:51 ----D---- C:\Windows\Performance
2009-12-11 17:22:51 ----D---- C:\Windows\MSAgent
2009-12-11 17:22:50 ----D---- C:\Windows\IME
2009-12-11 17:22:50 ----D---- C:\Windows\Help
2009-12-11 17:22:50 ----D---- C:\Windows\ehome
2009-12-11 17:22:50 ----D---- C:\Windows\DigitalLocker
2009-12-11 17:22:50 ----D---- C:\Windows\Branding
2009-12-11 17:22:50 ----D---- C:\Windows\Boot
2009-12-11 17:22:48 ----D---- C:\Program Files\Windows Sidebar
2009-12-11 17:22:48 ----D---- C:\Program Files\Windows Photo Gallery
2009-12-11 17:22:48 ----D---- C:\Program Files\Windows NT
2009-12-11 17:22:48 ----D---- C:\Program Files\Windows Media Player
2009-12-11 17:22:48 ----D---- C:\Program Files\Windows Journal
2009-12-11 17:22:48 ----D---- C:\Program Files\Windows Defender
2009-12-11 17:22:48 ----D---- C:\Program Files\Windows Collaboration
2009-12-11 17:22:48 ----D---- C:\Program Files\Windows Calendar
2009-12-11 17:22:48 ----D---- C:\Program Files\Movie Maker
2009-12-11 17:22:48 ----D---- C:\Program Files\Microsoft Games
2009-12-11 17:22:48 ----D---- C:\Program Files\Common Files\System
2009-12-11 17:22:47 ----D---- C:\System.sav
2009-12-11 17:22:47 ----D---- C:\Program Files\NetWaiting
2009-12-11 17:22:47 ----D---- C:\Program Files\CONEXANT
2009-12-11 17:22:47 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-12-11 17:22:46 ----D---- C:\Program Files\The KMPlayer
2009-12-11 17:22:46 ----D---- C:\Program Files\Common Files\Business Objects
2009-12-11 17:22:42 ----D---- C:\ProgramData\CyberLink
2009-12-11 17:22:42 ----D---- C:\Program Files\Atheros
2009-12-11 17:22:41 ----D---- C:\Program Files\Snapfish Picture Mover
2009-12-11 17:22:41 ----D---- C:\Program Files\Cisco
2009-12-11 16:18:58 ----SD---- C:\Windows\Downloaded Program Files
2009-12-11 15:15:04 ----D---- C:\Windows\inf
2009-12-11 15:13:23 ----D---- C:\Program Files\Common Files\microsoft shared
2009-12-11 14:49:21 ----D---- C:\Program Files\Java
2009-12-11 14:38:07 ----D---- C:\ProgramData\Viewpoint
2009-12-11 11:21:36 ----D---- C:\Windows\LiveKernelReports
2009-12-04 15:44:49 ----D---- C:\Users\Lisa\AppData\Roaming\Free Download Manager
2009-12-01 15:06:19 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-12-11 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-12-11 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-12-11 28424]
R1 AvgTdiX;AVG Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-12-11 360584]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-10-03 222208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-10-31 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-10-31 208896]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2009-12-03 19160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-01-29 1042464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-23 9791072]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-04-24 14848]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-17 199344]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-10-31 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 catchme;catchme; \??\C:\Users\Lisa\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 mbr;mbr; \??\C:\Users\Lisa\AppData\Local\Temp\mbr.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NPF;Netgroup Packet Filter; C:\Windows\system32\drivers\npf.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-11 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2009-12-11 2303680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-12-03 276816]
R2 MSSQL$MSPOSINSTANCE;MSSQL$MSPOSINSTANCE; C:\Program Files\Microsoft SQL Server\MSSQL$MSPOSINSTANCE\Binn\sqlservr.exe [2005-05-04 9150464]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-23 211488]
R2 Printer Control;Printer Control; C:\Windows\system32\PrintCtrl.exe [2009-06-16 77824]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-04-26 361808]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2008-01-09 148832]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-29 31048]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-28 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-12-04 181784]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$MSPOSINSTANCE;SQLAgent$MSPOSINSTANCE; C:\Program Files\Microsoft SQL Server\MSSQL$MSPOSINSTANCE\Binn\sqlagent.EXE [2005-05-03 323584]
S4 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]

-----------------EOF-----------------




Results from ESET

C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip Win32/Bagle.gen.zip worm
billt
Regular Member
 
Posts: 15
Joined: December 10th, 2009, 4:38 pm

Re: Wrong website opens after a google search & click link

Unread postby Cypher » December 29th, 2009, 2:57 pm

Hi billt.
Good work so far just a few things the clean up.

Fix HijackThis entries

Run HijackThis

If using Vista, you must right click (hijackthis.exe) and choose "Run As Administrator".
  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)

  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.

Next.

Download and run OTM

Download OTM by Old Timer and save it to your Desktop.
  • Right-click OTM.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Files
    C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip
    :Commands
    [emptytemp]
    [Reboot]
    

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Next.

    Post a New HJT Log
    • Start HijackThis.
    • If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
    • From the Main Menu... Press the "Do System Scan and Save a Log File"...button.
    • When completed...Notepad will open with the new "hijackthis.log" file contents.
    • Copy/paste the entire (hijackthis.log) file contents in your next reply.


    Logs/Information to Post in your Next Reply.

    • OTM log.
    • HijackThis log.
    • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Wrong website opens after a google search & click link

Unread postby billt » December 30th, 2009, 2:38 pm

It will be a few days until I get back to you. I am away on vacation for the holidays and won't be back until January 5th.
billt
Regular Member
 
Posts: 15
Joined: December 10th, 2009, 4:38 pm

Re: Wrong website opens after a google search & click link

Unread postby Cypher » December 31st, 2009, 10:30 am

Hi billt.
This topic may not remain open until then.
But if it does i will be waiting for your next reply :)
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Wrong website opens after a google search & click link

Unread postby Elrond » December 31st, 2009, 12:03 pm

We expect a reply from you on Jan. 7 at the latest if the thread has not been closed before then. If we do not hear from you by then the topic will be closed.
Happy New Year
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Wrong website opens after a google search & click link

Unread postby billt » December 31st, 2009, 12:25 pm

The computer seems to be slow in response now. Here are your logs you requested. Now I will not be in until 1/5/10.


All processes killed
========== FILES ==========
C:\ProgramData\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip moved successfully.
File/Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lisa
->Temp folder emptied: 783226584 bytes
->Temporary Internet Files folder emptied: 89581417 bytes
->Java cache emptied: 47860800 bytes
->FireFox cache emptied: 60383421 bytes
->Google Chrome cache emptied: 7026086 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 632 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1050760 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 25494473 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 968.00 mb


OTM by OldTimer - Version 3.1.4.0 log created on 12312009_105037

Files moved on Reboot...
C:\Windows\temp\a38822a5-950d-4e8d-a738-1a25633bef4b.tmp moved successfully.
C:\Windows\temp\ebdcad3c-b932-469b-b8a1-1c36719948b0.tmp moved successfully.

Registry entries deleted on Reboot...




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:14 AM, on 12/31/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lisa\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [PrintDisp] C:\Windows\system32\PrintDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - C:\Windows\system32\PrintCtrl.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9926 bytes
billt
Regular Member
 
Posts: 15
Joined: December 10th, 2009, 4:38 pm

Re: Wrong website opens after a google search & click link

Unread postby Cypher » January 3rd, 2010, 2:48 pm

Hi billt your latest set of logs appear to be clean! :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Time for some housekeeping
  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Next.

Clean up with OTM

  • Double-click OTM.exe to start the program, This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used that remain on your PC.


Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.


Here are some free programs I recommend that could help you improve your computer's security.

Install Sitehound
SiteHound is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

Read some information HERE On how to prevent Malware

Is your pc running slow?
Read What to do if your Computer is running slowly

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Wrong website opens after a google search & click link

Unread postby billt » January 5th, 2010, 11:43 am

Thank You verry much for all your help. Everything seems to be going great.
billt
Regular Member
 
Posts: 15
Joined: December 10th, 2009, 4:38 pm

Re: Wrong website opens after a google search & click link

Unread postby Cypher » January 5th, 2010, 12:08 pm

Your welcome :)
I will ask for this topic to be closed, good luck.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Wrong website opens after a google search & click link

Unread postby Elrond » January 5th, 2010, 2:06 pm

billt this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 63 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware