Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Search Misdirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Search Misdirect

Unread postby olejnic » May 30th, 2010, 2:46 am

I seem to have been infected with malware of some type. Google searches are misdirected to other sites, and I cannot access the Windows Update page from the link in the Start menu. I get the "Cannot find server" error. My computer is also slow at times and hangs when first opening Firefox or other programs that access the internet.

I have Avira Antivirus active, and I have also run Malwarebytes and HitmanPro. Each of these programs has found and fixed security problems, but I still have the Google misdirect problem and cannot access Windows update.

Here is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:54 PM, on 5/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB002" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKCU\..\Run: [QuickGammaLoader] C:\Program Files\QuickGamma\QuickGammaLoader.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn ... taller.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.mpix.com/customer/uploading/ ... oader5.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7377 bytes

Here is the Uninstall list:
Across Lite 2.0
Adobe Acrobat 4.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Premiere Elements 2.0
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Mobile Device Support
Apple Software Update
APRWIN
ArcSoft Software Suite
Arthur's Preschool
Avira AntiVir Personal - Free Antivirus
Bailey's Book House
BCM V.92 56K Modem
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon PIXMA iP6000D
Canon PowerShot S45 WIA Driver
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities FileViewerUtility 1.0
Canon Utilities PhotoStitch
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.6
Canon Utilities ZoomBrowser EX
Civ3 Conquests v1.22 Full
Civilization III
Civilization III v1.29f
Civilization III: Conquests
Classic PhoneTools
Control Pad
DeepBurner v1.1.4.143
Dell Modem-On-Hold
Dell ResourceCD
Dell Solution Center
Digital Line Detect
Dora Backpack
Dreamship Tales
Driver Cleaner - Driverheaven
DVDSentry
Easy CD Creator 5 Basic
EPSON CX5800F Guide
EPSON Printer Software
EPSON Scan
Game Booster
getPlus(R)_ocx
Google Desktop
Google Earth
Google Update Helper
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
InterActual Player
iPod for Windows 2005-09-23
ItsDeductible Express
iTunes
iTunes
J2SE Runtime Environment 5.0 Update 4
KWorld PVR 883 WDM Drivers
Logitech Harmony Remote Software 7
LUMIX Simple Viewer
MahJongg Solitaire 3D
Malwarebytes' Anti-Malware
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Plus! Digital Media Edition
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Net MULE
NVIDIA Display Driver
Palm
PHOTOfunSTUDIO HD Edition
PowerDVD
PVR Plus
QuickGamma 2.0.0.3
QuickTime
QuickTime
Reader Rabbit Toddler
RealPlayer
Remote Control USB Driver
Risk
SafeCast Shared Components
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Shutterfly Plugin
SILKYPIX Developer Studio 2.0 SE
Sophos Anti-Rootkit 1.5.0
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Ulead DVD MovieFactory 4.0 SE
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Verizon Online DSL
Verizon Online Support Center
Visual IP InSight(Verizon Online)
VPN Client
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Resource Kit Tools
Windows Search 4.0
Windows XP Service Pack 3
WinZip

Thanks in advance for your help.
olejnic
Active Member
 
Posts: 13
Joined: May 30th, 2010, 2:40 am
Advertisement
Register to Remove

Re: Google Search Misdirect

Unread postby Cypher » May 30th, 2010, 12:53 pm

Hi and welcome to Malware Removal Forums.
My name is Cypher, and I will be helping you with your malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Back up your files

please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.

  • If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.




Quick question... Is this PC for Business use or personal use or both?
Let me know in you're next reply.

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google Search Misdirect

Unread postby olejnic » May 30th, 2010, 1:07 pm

Hi,

Thanks for the quick response.

It's a home computer for personal use.

Here is the MGADiag log file.


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-T6DFB-Y934T-YD4YT
Windows Product Key Hash: 3g4CZGFEDgbKmn/oB4pa2FZsssU=
Windows Product ID: 55274-OEM-2211906-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {0C3C6AC6-AA87-4D5C-990F-6EE55A081F26}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x800b0003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0C3C6AC6-AA87-4D5C-990F-6EE55A081F26}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YD4YT</PKey><PID>55274-OEM-2211906-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-4002763785-4037546843-2122700090</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Dimension 8250 </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A02</Version><SMBIOSVersion major="2" minor="3"/><Date>20030128000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>7BA531E70184C062</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Computer Corporation</name><model>Dell DIMENSION 8250</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>8D5D635300D6ED2</Val><Hash>2CiXcV7FbkSseS6rwRVlTRUo4uU=</Hash><Pid>81599-873-7707275-65479</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 8000:Dell Inc|8000:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A
olejnic
Active Member
 
Posts: 13
Joined: May 30th, 2010, 2:40 am

Re: Google Search Misdirect

Unread postby Cypher » May 30th, 2010, 1:22 pm

Hi olejnic.
Thanks for the quick response.

You're most welcome.
Please continue with the instructions below.



Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following.
J2SE Runtime Environment 5.0 Update 4
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition

Spybot - Search & Destroy

Note: "If asked whether you want to remove all settings, answer YES"
(This will remove the immunization and Teatimer settings.)

Now please reboot your system.



Next.

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)



Logs/Information to Post in your Next Reply

  • Gmer.txt log.
  • RSIT log.txt and info.txt contents.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google Search Misdirect

Unread postby olejnic » May 30th, 2010, 4:49 pm

I screwed up and didn't reboot after removing Spybot and Super Anti-virus. I will re-run the logs and re-post. I didn't see J2SE or any program in the list of software to uninstall.
Last edited by olejnic on May 30th, 2010, 5:02 pm, edited 1 time in total.
olejnic
Active Member
 
Posts: 13
Joined: May 30th, 2010, 2:40 am

Re: Google Search Misdirect

Unread postby olejnic » May 30th, 2010, 4:51 pm

After rebooting after I removed Spybot and Super Antivirus, I got a yellow shield icon in my taskbar and a balloon dialogue box saying "Updates are ready for your computer. Click here to install these updates." I didn't do anything. I still can't get to the Windows Update site either through the Start Menu or by typing the address into IE. When I shutdown or restart the computer, I have the option of installing updates and shutting down or just shutting down. I haven't installed the updates.

Here is the GMER log file:
-------------------------------------------------------------------
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-30 16:44:22
Windows 5.1.2600 Service Pack 3
Running: 6wdompkk.exe; Driver: C:\DOCUME~1\JOLEJN~1\LOCALS~1\Temp\kfdiapod.sys


---- System - GMER 1.0.15 ----

SSDT EF8B2456 ZwCreateKey
SSDT EF8B244C ZwCreateThread
SSDT EF8B245B ZwDeleteKey
SSDT EF8B2465 ZwDeleteValueKey
SSDT IPVNMon.sys (IPVNMon/Visual Networks) ZwDeviceIoControlFile [0xF7578B23]
SSDT EF8B2483 ZwLoadDriver
SSDT EF8B246A ZwLoadKey
SSDT EF8B2438 ZwOpenProcess
SSDT EF8B243D ZwOpenThread
SSDT EF8B2474 ZwReplaceKey
SSDT EF8B246F ZwRestoreKey
SSDT EF8B2488 ZwSetSystemInformation
SSDT EF8B2460 ZwSetValueKey
SSDT EF8B2447 ZwTerminateProcess
SSDT EF8B2442 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 450 804E2ABC 1 Byte [47]
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6162340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D6380, 0x25BA81, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[220] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A2000A
.text C:\WINDOWS\Explorer.EXE[220] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A8000A
.text C:\WINDOWS\Explorer.EXE[220] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A1000C
.text C:\WINDOWS\system32\wuauclt.exe[744] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007C000A
.text C:\WINDOWS\system32\wuauclt.exe[744] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007D000A
.text C:\WINDOWS\system32\wuauclt.exe[744] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 003E000C
.text C:\WINDOWS\System32\svchost.exe[1400] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007B000A
.text C:\WINDOWS\System32\svchost.exe[1400] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007C000A
.text C:\WINDOWS\System32\svchost.exe[1400] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007A000C
.text C:\WINDOWS\System32\svchost.exe[1400] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00CC000A

---- Devices - GMER 1.0.15 ----

Device atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat EBF12D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\gopher\DefaultIcon@ %SystemRoot%\system32\url.dll,0
Reg HKLM\SOFTWARE\Classes\gopher\shell\open
Reg HKLM\SOFTWARE\Classes\gopher\shell\open\command
Reg HKLM\SOFTWARE\Classes\gopher\shell\open\command@ "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Reg HKLM\SOFTWARE\Classes\gopher\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\gopher\shell\open\ddeexec@ "%1",,-1,0,,,,
Reg HKLM\SOFTWARE\Classes\gopher\shell\open\ddeexec@NoActivateHandler
Reg HKLM\SOFTWARE\Classes\gopher\shell\open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\gopher\shell\open\ddeexec\Application@ IExplore
Reg HKLM\SOFTWARE\Classes\gopher\shell\open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\gopher\shell\open\ddeexec\Topic@ WWW_OpenURL
Reg HKLM\SOFTWARE\Classes\icsfile\DefaultIcon@ C:\PROGRA~1\MICROS~2\Office10\1033\OUTLLIBR.DLL,41
Reg HKLM\SOFTWARE\Classes\icsfile\shell\open
Reg HKLM\SOFTWARE\Classes\icsfile\shell\open\command
Reg HKLM\SOFTWARE\Classes\icsfile\shell\open\command@ "C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE" /ical "%1"
Reg HKLM\SOFTWARE\Classes\ImageEngine.Album\CLSID@ {E33E8ABB-9364-400A-8DC0-E4FE032DDAC4}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Album\CurVer@ ImageEngine.Album.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.Album.1\CLSID@ {E33E8ABB-9364-400A-8DC0-E4FE032DDAC4}
Reg HKLM\SOFTWARE\Classes\ImageEngine.AxiomComboBox\CLSID@ {BE009BBE-557C-45A7-8EAD-59B3EC3D2CC8}
Reg HKLM\SOFTWARE\Classes\ImageEngine.AxiomComboBox\CurVer@ ImageEngine.AxiomComboBox.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.AxiomComboBox.1\CLSID@ {BE009BBE-557C-45A7-8EAD-59B3EC3D2CC8}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Details\CLSID@ {3C2F0956-F352-4A96-94BB-6829B32465EE}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Details\CurVer@ ImageEngine.Details.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.Details.1\CLSID@ {3C2F0956-F352-4A96-94BB-6829B32465EE}
Reg HKLM\SOFTWARE\Classes\ImageEngine.EditContainer\CLSID@ {061337A4-F1FC-4D50-918D-A90143CE3D8E}
Reg HKLM\SOFTWARE\Classes\ImageEngine.EditContainer\CurVer@ ImageEngine.EditContainer.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.EditContainer.1\CLSID@ {061337A4-F1FC-4D50-918D-A90143CE3D8E}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Email\CLSID@ {2386D1C2-1B1E-4AD2-860D-B1B4E1252CC0}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Email\CurVer@ ImageEngine.Email.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.Email.1\CLSID@ {2386D1C2-1B1E-4AD2-860D-B1B4E1252CC0}
Reg HKLM\SOFTWARE\Classes\ImageEngine.HTTPPost\CLSID@ {286B5370-2D86-447D-B258-6187A34CC736}
Reg HKLM\SOFTWARE\Classes\ImageEngine.HTTPPost\CurVer@ ImageEngine.HTTPPost.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.HTTPPost.1\CLSID@ {286B5370-2D86-447D-B258-6187A34CC736}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Image\CLSID@ {A1338FDE-0C77-43CC-99F3-48DBABF1C2E4}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Image\CurVer@ ImageEngine.Image.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.Image.1\CLSID@ {A1338FDE-0C77-43CC-99F3-48DBABF1C2E4}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageData\CLSID@ {F2AD23D2-99E2-432A-AECD-1C6A7DCE8B55}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageData\CurVer@ ImageEngine.ImageData.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageData.1\CLSID@ {F2AD23D2-99E2-432A-AECD-1C6A7DCE8B55}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageEngineReg\CLSID@ {4EEB4FB5-3E71-430A-8377-638830BE4099}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageEngineReg\CurVer@ ImageEngine.ImageEngineReg.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageEngineReg.1\CLSID@ {4EEB4FB5-3E71-430A-8377-638830BE4099}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageInfo\CLSID@ {297CA5CC-3717-480F-B958-D10BC669DFE7}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageInfo\CurVer@ ImageEngine.ImageInfo.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageInfo.1\CLSID@ {297CA5CC-3717-480F-B958-D10BC669DFE7}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageInfoDlg2\CLSID@ {86471623-AB87-468e-B7D0-DDEAD5A1985C}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageInfoDlg2\CurVer@ ImageEngine.ImageInfoDlg2.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageInfoDlg2.1\CLSID@ {86471623-AB87-468e-B7D0-DDEAD5A1985C}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageManger\CLSID@ {BA613FB4-D82E-424C-B3F2-CAE0BBACD771}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageManger\CurVer@ ImageEngine.ImageManger.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageManger.1\CLSID@ {BA613FB4-D82E-424C-B3F2-CAE0BBACD771}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageText\CLSID@ {411F7CB0-58F1-4540-8C59-6E782E5A4193}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageText\CurVer@ ImageEngine.ImageText.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.ImageText.1\CLSID@ {411F7CB0-58F1-4540-8C59-6E782E5A4193}
Reg HKLM\SOFTWARE\Classes\ImageEngine.LocaleHelper\CLSID@ {B31A8188-4D78-4CB5-9CAA-1BBE91CDF045}
Reg HKLM\SOFTWARE\Classes\ImageEngine.LocaleHelper\CurVer@ ImageEngine.LocaleHelper.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.LocaleHelper.1\CLSID@ {B31A8188-4D78-4CB5-9CAA-1BBE91CDF045}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Logger\CLSID@ {45B0FF2A-7E5E-49E3-8FA9-DBB5EC9150A9}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Logger\CurVer@ ImageEngine.Logger.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.Logger.1\CLSID@ {45B0FF2A-7E5E-49E3-8FA9-DBB5EC9150A9}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Order\CLSID@ {6E14AD57-FFE9-4940-A885-F7C3EA43B7FC}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Order\CurVer@ ImageEngine.Order.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.Order.1\CLSID@ {6E14AD57-FFE9-4940-A885-F7C3EA43B7FC}
Reg HKLM\SOFTWARE\Classes\ImageEngine.OrderStatusItem\CLSID@ {C1801221-CDE2-4B28-8E06-A1EC0E8668A3}
Reg HKLM\SOFTWARE\Classes\ImageEngine.OrderStatusItem\CurVer@ ImageEngine.OrderStatusItem.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.OrderStatusItem.1\CLSID@ {C1801221-CDE2-4B28-8E06-A1EC0E8668A3}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Panel\CLSID@ {38C1C4DF-0849-4F0B-897F-ACEB14C11F2F}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Panel\CurVer@ ImageEngine.Panel.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.Panel.1\CLSID@ {38C1C4DF-0849-4F0B-897F-ACEB14C11F2F}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Preview\CLSID@ {ACA422CF-E690-4283-AEE2-70153770EACA}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Preview\CurVer@ ImageEngine.Preview.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.Preview.1\CLSID@ {ACA422CF-E690-4283-AEE2-70153770EACA}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ProductDetails\CLSID@ {EC78E3E5-3257-4E4F-8F46-C0ECB0E143DB}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ProductDetails\CurVer@ ImageEngine.ProductDetails.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.ProductDetails.1\CLSID@ {EC78E3E5-3257-4E4F-8F46-C0ECB0E143DB}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Scaling\CLSID@ {144D91AE-2E29-4528-B549-876A6179318E}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Scaling\CurVer@ ImageEngine.Scaling.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.Scaling.1\CLSID@ {144D91AE-2E29-4528-B549-876A6179318E}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ThumbnailBrowser\CLSID@ {9A38AD39-6935-45C4-8882-8E79884A5946}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ThumbnailBrowser\CurVer@ ImageEngine.ThumbnailBrowser.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.ThumbnailBrowser.1\CLSID@ {9A38AD39-6935-45C4-8882-8E79884A5946}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ThumbScroll\CLSID@ {4AEEA943-E6C4-44E7-A0A9-2A97F80ECA28}
Reg HKLM\SOFTWARE\Classes\ImageEngine.ThumbScroll\CurVer@ ImageEngine.ThumbScroll.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.ThumbScroll.1\CLSID@ {4AEEA943-E6C4-44E7-A0A9-2A97F80ECA28}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Twain\CLSID@ {7DE58799-AAC7-4B47-BFF4-86B79A5DBF0A}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Twain\CurVer@ ImageEngine.Twain.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.Twain.1\CLSID@ {7DE58799-AAC7-4B47-BFF4-86B79A5DBF0A}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Video\CLSID@ {AD86BD1B-1E0E-40F3-B775-23CC11F10748}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Video\CurVer@ ImageEngine.Video.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.Video.1\CLSID@ {AD86BD1B-1E0E-40F3-B775-23CC11F10748}
Reg HKLM\SOFTWARE\Classes\ImageEngine.XmlHistory\CLSID@ {1DEAD344-6412-42ED-93F2-F1ADCA4A0384}
Reg HKLM\SOFTWARE\Classes\ImageEngine.XmlHistory\CurVer@ ImageEngine.XmlHistory.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.XmlHistory.1\CLSID@ {1DEAD344-6412-42ED-93F2-F1ADCA4A0384}
Reg HKLM\SOFTWARE\Classes\ImageEngine.XMLLog\CLSID@ {E2BD4FAB-5110-4CCB-8354-BDB68F8A58D9}
Reg HKLM\SOFTWARE\Classes\ImageEngine.XMLLog\CurVer@ ImageEngine.XMLLog.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.XMLLog.1\CLSID@ {E2BD4FAB-5110-4CCB-8354-BDB68F8A58D9}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Zoom\CLSID@ {AF71F3C5-062F-4F88-8236-FD61D2283949}
Reg HKLM\SOFTWARE\Classes\ImageEngine.Zoom\CurVer@ ImageEngine.Zoom.1
Reg HKLM\SOFTWARE\Classes\ImageEngine.Zoom.1\CLSID@ {AF71F3C5-062F-4F88-8236-FD61D2283949}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.Deliveries\CLSID@ {EC969558-1236-4B74-BF51-F60F21DB7923}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.Deliveries\CurVer@ InterprintUploader.Deliveries.1
Reg HKLM\SOFTWARE\Classes\InterprintUploader.Deliveries.1\CLSID@ {EC969558-1236-4B74-BF51-F60F21DB7923}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.Delivery\CLSID@ {49070806-F511-4549-86F6-6AD1B3D425CA}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.Delivery\CurVer@ InterprintUploader.Delivery.1
Reg HKLM\SOFTWARE\Classes\InterprintUploader.Delivery.1\CLSID@ {49070806-F511-4549-86F6-6AD1B3D425CA}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.DeliveryItem\CLSID@ {8FFC47AB-34C3-4231-83BB-2C3D7D9A19B9}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.DeliveryItem\CurVer@ InterprintUploader.DeliveryItem.1
Reg HKLM\SOFTWARE\Classes\InterprintUploader.DeliveryItem.1\CLSID@ {8FFC47AB-34C3-4231-83BB-2C3D7D9A19B9}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.GDIPlusEditImage\CLSID@ {003C6573-E55C-468E-9537-00BF2E789A2A}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.GDIPlusEditImage\CurVer@ InterprintUploader.GDIPlusEditImage.1
Reg HKLM\SOFTWARE\Classes\InterprintUploader.GDIPlusEditImage.1\CLSID@ {003C6573-E55C-468E-9537-00BF2E789A2A}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.InterprintOrder1\CLSID@ {CEB9BB33-1ADD-4171-B21B-0E1A2B19EDA2}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.InterprintOrder1\CurVer@ InterprintUploader.InterprintOrder1.1
Reg HKLM\SOFTWARE\Classes\InterprintUploader.InterprintOrder1.1\CLSID@ {CEB9BB33-1ADD-4171-B21B-0E1A2B19EDA2}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderImage\CLSID@ {0CD3010B-F3AD-4BB2-B25F-52C6C98E47A5}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderImage\CurVer@ InterprintUploader.OrderImage.1
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderImage.1\CLSID@ {0CD3010B-F3AD-4BB2-B25F-52C6C98E47A5}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderImages\CLSID@ {8E95518B-0493-4641-A909-50B56F597F18}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderImages\CurVer@ InterprintUploader.OrderImages.1
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderImages.1\CLSID@ {8E95518B-0493-4641-A909-50B56F597F18}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderImageScaling\CLSID@ {A276ACEF-8F8E-45A4-A3C3-1C688FFD7CF2}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderImageScaling\CurVer@ InterprintUploader.OrderImageScaling.1
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderImageScaling.1\CLSID@ {A276ACEF-8F8E-45A4-A3C3-1C688FFD7CF2}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderManager\CLSID@ {B3F3940E-CDC3-406F-9D81-4522E181D6B3}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderManager\CurVer@ InterprintUploader.OrderManager.1
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderManager.1\CLSID@ {B3F3940E-CDC3-406F-9D81-4522E181D6B3}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderProduct\CLSID@ {16ECC0A1-82BA-468F-84A2-27E7E9C910C9}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderProduct\CurVer@ InterprintUploader.OrderProduct.1
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderProduct.1\CLSID@ {16ECC0A1-82BA-468F-84A2-27E7E9C910C9}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderProducts\CLSID@ {2AA24D59-A078-42E1-BCFA-1EA9BE6B3E44}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderProducts\CurVer@ InterprintUploader.OrderProducts.1
Reg HKLM\SOFTWARE\Classes\InterprintUploader.OrderProducts.1\CLSID@ {2AA24D59-A078-42E1-BCFA-1EA9BE6B3E44}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.Product\CLSID@ {4AE55204-863D-40B3-BDE1-3DE34EECA35D}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.Product\CurVer@ InterprintUploader.Product.1
Reg HKLM\SOFTWARE\Classes\InterprintUploader.Product.1\CLSID@ {4AE55204-863D-40B3-BDE1-3DE34EECA35D}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.ProductItem\CLSID@ {18F97240-C79F-4B4E-AB86-C2AD2C426A3C}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.ProductItem\CurVer@ InterprintUploader.ProductItem.1
Reg HKLM\SOFTWARE\Classes\InterprintUploader.ProductItem.1\CLSID@ {18F97240-C79F-4B4E-AB86-C2AD2C426A3C}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.ProductItemPriceBand\CLSID@ {4E6BF739-5CD1-4C3C-9900-DC0E7617A38B}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.ProductItemPriceBand\CurVer@ InterprintUploader.ProductItemPriceBand.1
Reg HKLM\SOFTWARE\Classes\InterprintUploader.ProductItemPriceBand.1\CLSID@ {4E6BF739-5CD1-4C3C-9900-DC0E7617A38B}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.Products\CLSID@ {AA95E0DC-2AAF-4531-9B0D-15D410492C4E}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.Products\CurVer@ InterprintUploader.Products.1
Reg HKLM\SOFTWARE\Classes\InterprintUploader.Products.1\CLSID@ {AA95E0DC-2AAF-4531-9B0D-15D410492C4E}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.Upload\CLSID@ {0FF4EB07-6097-4246-9506-89218FFA40FE}
Reg HKLM\SOFTWARE\Classes\InterprintUploader.Upload\CurVer@ InterprintUploader.Upload.1
Reg HKLM\SOFTWARE\Classes\InterprintUploader.Upload.1\CLSID@ {0FF4EB07-6097-4246-9506-89218FFA40FE}
Reg HKLM\SOFTWARE\Classes\PointImporter.Document\CLSID@ {9DD963E1-C642-41E6-8E3B-BD2F35A5578B}
Reg HKLM\SOFTWARE\Classes\SmartDraw\Clsid@ {F869AC20-E930-11CE-AE10-444553540000}
Reg HKLM\SOFTWARE\Classes\SmartDraw\CurVer@ SmartDraw.2
Reg HKLM\SOFTWARE\Classes\SmartDraw.1\Clsid@ {0004F44F-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\SmartDraw.1\NotInsertable@
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\Clsid@ {F869AC20-E930-11CE-AE10-444553540000}
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\FileID@ 1203207921
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\Insertable@
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\protocol\StdFileEditing
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\protocol\StdFileEditing\server
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\protocol\StdFileEditing\server@ C:\PROGRA~1\SMARTD~1\SMARTD~1.EXE
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\protocol\StdFileEditing\verb
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\protocol\StdFileEditing\verb\0
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\protocol\StdFileEditing\verb\0@ &Edit
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\protocol\StdFileEditing\verb\1
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\protocol\StdFileEditing\verb\1@ &Print
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\SDVer@ -5
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\shell\open
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\shell\open\command
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\shell\open\command@ "C:\PROGRA~1\SMARTD~1\SMARTD~1.EXE" %1
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\shell\print
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\shell\print\command
Reg HKLM\SOFTWARE\Classes\SmartDraw.2\shell\print\command@ "C:\PROGRA~1\SMARTD~1\SMARTD~1.EXE" /p %1
Reg HKLM\SOFTWARE\Classes\SmartDraw.Library\Clsid@ {8F3DCF85-FFD6-11ce-AE10-444553540000}
Reg HKLM\SOFTWARE\Classes\SmartDraw.Library\shell\open
Reg HKLM\SOFTWARE\Classes\SmartDraw.Library\shell\open\command
Reg HKLM\SOFTWARE\Classes\SmartDraw.Library\shell\open\command@ "C:\PROGRA~1\SMARTD~1\SMARTD~1.EXE" %1
Reg HKLM\SOFTWARE\Classes\SmartDraw.Template\Clsid@ {8F3DCF82-FFD6-11ce-AE10-444553540000}
Reg HKLM\SOFTWARE\Classes\SmartDraw.Template\shell\open
Reg HKLM\SOFTWARE\Classes\SmartDraw.Template\shell\open\command
Reg HKLM\SOFTWARE\Classes\SmartDraw.Template\shell\open\command@ "C:\PROGRA~1\SMARTD~1\SMARTD~1.EXE" %1
Reg HKLM\SOFTWARE\Classes\SmartDraw.Template\shell\print
Reg HKLM\SOFTWARE\Classes\SmartDraw.Template\shell\print\command
Reg HKLM\SOFTWARE\Classes\SmartDraw.Template\shell\print\command@ "C:\PROGRA~1\SMARTD~1\SMARTD~1.EXE" /p %1
Reg HKLM\SOFTWARE\Classes\vcffile\DefaultIcon@ C:\PROGRA~1\MICROS~2\Office10\1033\OUTLLIBR.DLL,42
Reg HKLM\SOFTWARE\Classes\vcffile\shell\open
Reg HKLM\SOFTWARE\Classes\vcffile\shell\open\command
Reg HKLM\SOFTWARE\Classes\vcffile\shell\open\command@ "C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE" /v "%1"
Reg HKLM\SOFTWARE\Classes\vcsfile\DefaultIcon@ C:\PROGRA~1\MICROS~2\Office10\1033\OUTLLIBR.DLL,41
Reg HKLM\SOFTWARE\Classes\vcsfile\shell\open
Reg HKLM\SOFTWARE\Classes\vcsfile\shell\open\command
Reg HKLM\SOFTWARE\Classes\vcsfile\shell\open\command@ "C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE" /vcal "%1"
Reg HKLM\SOFTWARE\Classes\Viewer.ViewerUI\CLSID@ {9D247FC3-0198-4C09-9440-1E70B3EBAC03}
Reg HKLM\SOFTWARE\Classes\Viewer.ViewerUI\CurVer@ Viewer.ViewerUI.1
Reg HKLM\SOFTWARE\Classes\Viewer.ViewerUI.1\CLSID@ {9D247FC3-0198-4C09-9440-1E70B3EBAC03}
Reg HKLM\SOFTWARE\Classes\xlsx_auto_file\shell\edit
Reg HKLM\SOFTWARE\Classes\xlsx_auto_file\shell\edit@ &Open
Reg HKLM\SOFTWARE\Classes\xlsx_auto_file\shell\edit\command
Reg HKLM\SOFTWARE\Classes\xlsx_auto_file\shell\edit\command@ "C:\Program Files\Microsoft Office\Office10\EXCEL.EXE" /e
Reg HKLM\SOFTWARE\Classes\xlsx_auto_file\shell\edit\command@command *r=^Vn-}f(YR]eAR6.jiEXCELFiles>EUFOC=M&g(pKeqFrsF*m /e?
Reg HKLM\SOFTWARE\Classes\xlsx_auto_file\shell\edit\ddeexec
Reg HKLM\SOFTWARE\Classes\xlsx_auto_file\shell\edit\ddeexec@ [open("%1")]
Reg HKLM\SOFTWARE\Classes\xlsx_auto_file\shell\edit\ddeexec\application
Reg HKLM\SOFTWARE\Classes\xlsx_auto_file\shell\edit\ddeexec\application@ Excel
Reg HKLM\SOFTWARE\Classes\xlsx_auto_file\shell\edit\ddeexec\topic
Reg HKLM\SOFTWARE\Classes\xlsx_auto_file\shell\edit\ddeexec\topic@ system

---- EOF - GMER 1.0.15 ----
Last edited by olejnic on May 30th, 2010, 7:53 pm, edited 2 times in total.
olejnic
Active Member
 
Posts: 13
Joined: May 30th, 2010, 2:40 am

Re: Google Search Misdirect

Unread postby olejnic » May 30th, 2010, 4:52 pm

RSIT info.txt file:
----------------------------------------
info.txt logfile of random's system information tool 1.06 2010-05-30 16:49:22

======Uninstall list======

-->C:\PROGRA~1\VERIZO~1\SUPPOR~1\Uninstall.exe Verizon
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\uninst.exe -fC:\Maxis\SimFarm\DeIsL1.isu
-->MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Across Lite 2.0-->C:\PROGRA~1\Litsoft\ACROSS~1.0\UNWISE.EXE C:\PROGRA~1\Litsoft\ACROSS~1.0\INSTALL.LOG
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop Elements 4.0-->msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Premiere Elements 2.0-->msiexec /I {11C98E1A-EC91-4B38-B44C-C562292D8453}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{B5C3B892-0849-476C-9F46-B12F84819D57}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
APRWIN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00E143F3-49BB-45F0-98E2-0AD6C0162DC3}\Setup.exe" -uninst
ArcSoft Software Suite-->C:\Program Files\InstallShield Installation Information\{497A1721-088F-41EF-8876-B43C9DA5528B}\Setup.exe -runfromtemp -l0x0009 -removeonly
Arthur's Preschool-->C:\Program Files\The Learning Company\Arthur's Preschool\uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bailey's Book House-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02DB8EFF-46FE-4EEA-A253-F1E59EC05C1F}\setup.exe" -l0x9
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Bonjour-->MsiExec.exe /X{76BC2442-0002-47FA-9617-43BAD82BEF4C}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon PIXMA iP6000D-->C:\WINDOWS\System32\CNMCP69.exe "-PRINTERNAMECanon PIXMA iP6000D" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP6000D Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP6000D Installer\Inst2\cnmi0409.dll"
Canon PowerShot S45 WIA Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{25E671BE-87A0-40F1-ABE5-BCBC6E65B0F5}
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Easy-PhotoPrint-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities FileViewerUtility 1.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0627E8E9-6822-4A5E-9225-286741CDC3E4}
Canon Utilities PhotoStitch 3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture 2.6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\PROGRA~1\Canon\ZOOMBR~1\Program\Uninst.ini"
Civ3 Conquests v1.22 Full-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}\Setup.exe"
Civilization III v1.29f-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}\Setup.exe"
Civilization III: Conquests-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F31BC49F-AB7B-4A53-A399-EB7331B585BC}\setup.exe" -l0x9
Civilization III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\setup.exe"
Classic PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
Control Pad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86C3A7C1-454F-11D5-9BFF-080009B69BB3}\Setup.exe" -l0x9 UNINSTALL
DeepBurner v1.1.4.143-->"C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log"
Dell Modem-On-Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Dora Backpack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D859D35F-E947-4F2A-8591-C76A4D116178}\setup.exe" -l0x9 -uninst
Dreamship Tales-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Dreamship Tales\Uninstall.xml"
Driver Cleaner - Driverheaven-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Driver Cleaner\ST6UNST.LOG"
DVDSentry-->MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EPSON CX5800F Guide-->C:\Program Files\epson\guide\cx5800f_e\uninstall.exe
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Game Booster-->"C:\Program Files\IObit\Game Booster\unins000.exe"
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman Pro 3.5-->"C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
Intel(R) PROSet II-->MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPod for Windows 2005-09-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
ItsDeductible Express-->MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
iTunes-->MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}
iTunes-->MsiExec.exe /I{996A2FAA-7514-4628-9D12-A8FC34A0016E}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
KWorld PVR 883 WDM Drivers-->C:\WINDOWS\c8xunist.exe
Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
LUMIX Simple Viewer-->C:\Program Files\InstallShield Installation Information\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\setup.exe -runfromtemp -l0x0009 -removeonly
MahJongg Solitaire 3D-->C:\Program Files\MahJongg Solitaire 3D\Uninstal.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB886906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M886906\M886906Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Interactive Training-->C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Net MULE-->C:\Program Files\UBeRLabs\Net MULE\uninstall.exe
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
Palm-->MsiExec.exe /X{0030188A-533E-42EE-9837-E044F10E4369}
PHOTOfunSTUDIO HD Edition-->C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\setup.exe -runfromtemp -l0x0009 -z"Uninstall" -removeonly
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PVR Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B893587-00A8-4A4E-83F0-8AFA7BFC7C1A}\Setup.exe" -l0x9
QuickGamma 2.0.0.3-->"C:\Program Files\QuickGamma\unins000.exe"
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Reader Rabbit Toddler-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Reader Rabbit Toddler\Uninstall.xml"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Risk-->"C:\Program Files\Risk\unins000.exe"
SafeCast Shared Components-->C:\WINDOWS\CDAC13BA.EXE /uninstall
Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\System32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\System32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Shutterfly Plugin-->C:\PROGRA~1\SHUTTE~1\UNWISE.EXE C:\PROGRA~1\SHUTTE~1\INSTALL.LOG
SILKYPIX Developer Studio 2.0 SE-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{5B25274F-088A-4A24-AE12-4AEE9278025A} /l1033 UNINSTALL
Sophos Anti-Rootkit 1.5.0-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
TurboTax 2009 wcaiper-->MsiExec.exe /I{360EDFB0-EAA2-012B-AD16-000000000000}
TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}
TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}
TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}
TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}
TurboTax 2009-->C:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe /u /t /a
Ulead DVD MovieFactory 4.0 SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}\setup.exe" -l0x9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
Verizon Online DSL-->C:\Program Files\Common Files\SupportSoft\Verizon\vzuninstall.exe /starthidden
Verizon Online Support Center-->C:\WINDOWS\Motive\Verizon\MCCUninst.exe
Visual IP InSight(Verizon Online)-->C:\Program Files\InstallShield Installation Information\{097346E0-6A51-11D1-AD16-00A0C95E0503}Verizon Online\setup.exe Verizon Online
VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows Resource Kit Tools-->MsiExec.exe /I{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: DELL8250
Event Code: 18
Message: TIMEOUT<firefox.exe> C:\...ookies.sqlite-journal

Record Number: 38482
Source Name: avgntflt
Time Written: 20100508185141.000000-420
Event Type: warning
User:

Computer Name: DELL8250
Event Code: 18
Message: TIMEOUT<firefox.exe> C:\...ookies.sqlite-journal

Record Number: 38481
Source Name: avgntflt
Time Written: 20100508185040.000000-420
Event Type: warning
User:

Computer Name: DELL8250
Event Code: 18
Message: TIMEOUT<firefox.exe> C:\...ookies.sqlite-journal

Record Number: 38480
Source Name: avgntflt
Time Written: 20100508184939.000000-420
Event Type: warning
User:

Computer Name: DELL8250
Event Code: 18
Message: TIMEOUT<firefox.exe> C:\...ookies.sqlite-journal

Record Number: 38479
Source Name: avgntflt
Time Written: 20100508184838.000000-420
Event Type: warning
User:

Computer Name: DELL8250
Event Code: 18
Message: TIMEOUT<svchost.exe> C:\...BEM\Logs\wbemcore.log

Record Number: 38478
Source Name: avgntflt
Time Written: 20100508184718.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: DELL8250
Event Code: 3013
Message: The entry <C:\DOCUMENTS AND SETTINGS\JOLEJNICZAK\MY DOCUMENTS\MY PICTURES\2009_09\20091015\IMP_TEMP_DIR\STREAM> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Record Number: 28638
Source Name: Windows Search Service
Time Written: 20091015132201.000000-420
Event Type: error
User:

Computer Name: DELL8250
Event Code: 3013
Message: The entry <C:\DOCUMENTS AND SETTINGS\JOLEJNICZAK\MY DOCUMENTS\MY PICTURES\2009_09\20091015\IMP_TEMP_DIR\CLIPINF> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Record Number: 28637
Source Name: Windows Search Service
Time Written: 20091015132200.000000-420
Event Type: error
User:

Computer Name: DELL8250
Event Code: 3013
Message: The entry <C:\DOCUMENTS AND SETTINGS\JOLEJNICZAK\MY DOCUMENTS\MY PICTURES\2009_09\20091015\IMP_TEMP_DIR\CLIPINF> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Record Number: 28636
Source Name: Windows Search Service
Time Written: 20091015132200.000000-420
Event Type: error
User:

Computer Name: DELL8250
Event Code: 3013
Message: The entry <C:\DOCUMENTS AND SETTINGS\JOLEJNICZAK\MY DOCUMENTS\MY PICTURES\2009_09\20091015\IMP_TEMP_DIR\STREAM> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Record Number: 28635
Source Name: Windows Search Service
Time Written: 20091015132200.000000-420
Event Type: error
User:

Computer Name: DELL8250
Event Code: 3013
Message: The entry <C:\DOCUMENTS AND SETTINGS\JOLEJNICZAK\MY DOCUMENTS\MY PICTURES\2009_09\20091015\IMP_TEMP_DIR\STREAM> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Record Number: 28634
Source Name: Windows Search Service
Time Written: 20091015132200.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Common Files\ArcSoft\Bin;C:\Program Files\Windows Resource Kits\Tools\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip

-----------------EOF-----------------
olejnic
Active Member
 
Posts: 13
Joined: May 30th, 2010, 2:40 am

Re: Google Search Misdirect

Unread postby olejnic » May 30th, 2010, 7:55 pm

RSIT log.txt file:
------------------------------------
Logfile of random's system information tool 1.07 (written by random/random)
Run by jolejniczak at 2010-05-30 16:49:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (12%) free of 76 GB
Total RAM: 1023 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:49:20 PM, on 5/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\jolejniczak\Desktop\RSIT.exe
C:\Program Files\trend micro\jolejniczak.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB002" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKCU\..\Run: [QuickGammaLoader] C:\Program Files\QuickGamma\QuickGammaLoader.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn ... taller.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.mpix.com/customer/uploading/ ... oader5.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7374 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-03-26 142120]
"EPSON Stylus CX5800F Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE [2005-05-09 98304]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-08-14 28672]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"Motive SmartBridge"=C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe [2002-05-18 327680]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-04-10 679936]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-05-24 30192]
"HitmanPro35"=C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe [2010-05-29 5937984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickGammaLoader"=C:\Program Files\QuickGamma\QuickGammaLoader.exe [2005-03-28 68096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\jolejniczak\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2010-05-30 13:38:32 ----D---- C:\rsit
2010-05-30 09:57:51 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-05-29 20:12:34 ----D---- C:\Documents and Settings\jolejniczak\Application Data\Malwarebytes
2010-05-29 20:12:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-05-29 20:12:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-29 17:26:14 ----D---- C:\Program Files\Hitman Pro 3.5
2010-05-29 17:26:14 ----D---- C:\Documents and Settings\jolejniczak\Application Data\Simply Super Software
2010-05-29 17:26:14 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2010-05-29 16:50:41 ----D---- C:\Program Files\Trend Micro
2010-05-29 12:11:38 ----N---- C:\WINDOWS\system32\7.tmp
2010-05-29 12:11:31 ----D---- C:\Program Files\Sophos
2010-05-29 10:41:09 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2010-05-29 10:41:09 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2010-05-29 10:41:09 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2010-05-29 10:41:09 ----A---- C:\WINDOWS\system32\unrar3.dll
2010-05-29 10:41:09 ----A---- C:\WINDOWS\system32\unacev2.dll
2010-05-29 10:20:09 ----D---- C:\Documents and Settings\All Users\Application Data\Hitman Pro
2010-05-17 10:45:36 ----SHD---- C:\WINDOWS\CSC
2010-05-01 16:06:26 ----D---- C:\WINDOWS\system32\Adobe
2010-04-24 22:32:57 ----D---- C:\WINDOWS\Prefetch
2010-04-24 18:25:50 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-24 18:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-04-24 18:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-24 18:24:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-24 18:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-04-24 18:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-24 18:24:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-24 18:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-04-24 18:23:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-04-24 18:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-04-24 18:23:12 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-04-24 18:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-04-24 18:22:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-04-24 18:22:33 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-04-24 18:22:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-04-24 18:22:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-04-24 18:22:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-04-24 18:21:48 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-04-24 18:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-04-24 18:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-04-24 18:21:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-04-24 18:21:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-04-24 18:20:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-04-24 18:20:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-04-24 18:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-04-24 18:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-04-24 18:20:10 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2010-04-24 18:19:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-04-24 18:19:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-04-24 18:19:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-04-24 18:19:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-04-24 18:19:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-04-24 18:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-04-24 18:18:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-04-24 18:18:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-04-24 18:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB980182_1$
2010-04-24 18:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2010-04-24 18:17:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-04-24 18:17:16 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-04-24 18:17:02 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-04-24 18:16:31 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-04-24 18:16:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-04-24 18:16:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2010-04-24 18:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-04-24 18:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-04-24 18:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-04-24 18:14:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2010-04-24 18:14:46 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-04-24 18:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-04-24 18:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2010-04-24 18:14:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-04-24 18:14:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-04-24 18:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2010-04-24 18:13:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-04-24 18:13:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-04-24 18:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2010-04-24 18:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-04-24 18:12:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-04-24 18:12:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-04-24 18:12:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-04-24 18:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-04-24 18:11:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-04-24 18:11:31 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$
2010-04-24 18:11:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-04-24 18:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-04-24 18:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-04-24 18:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-04-24 18:10:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-04-24 18:10:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2010-04-24 18:10:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-04-24 18:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-04-24 18:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-04-24 18:09:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-04-24 18:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-04-24 18:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2010-04-24 18:09:10 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-04-24 18:09:00 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2010-04-24 17:57:54 ----D---- C:\WINDOWS\system32\scripting
2010-04-24 17:57:49 ----D---- C:\WINDOWS\l2schemas
2010-04-24 17:57:48 ----D---- C:\WINDOWS\system32\en
2010-04-24 17:57:48 ----D---- C:\Program Files\msn
2010-04-24 17:11:22 ----N---- C:\WINDOWS\system32\wlanapi.dll
2010-04-24 17:10:58 ----N---- C:\WINDOWS\system32\tspkg.dll
2010-04-24 17:10:58 ----N---- C:\WINDOWS\system32\tsgqec.dll
2010-04-24 17:10:22 ----N---- C:\WINDOWS\system32\setupn.exe
2010-04-24 17:10:15 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2010-04-24 17:10:13 ----N---- C:\WINDOWS\system32\rasqec.dll
2010-04-24 17:10:12 ----N---- C:\WINDOWS\system32\qutil.dll
2010-04-24 17:10:09 ----N---- C:\WINDOWS\system32\qcliprov.dll
2010-04-24 17:10:08 ----N---- C:\WINDOWS\system32\qagentrt.dll
2010-04-24 17:10:08 ----N---- C:\WINDOWS\system32\qagent.dll
2010-04-24 17:09:58 ----N---- C:\WINDOWS\system32\onex.dll
2010-04-24 17:09:35 ----N---- C:\WINDOWS\system32\napstat.exe
2010-04-24 17:09:35 ----N---- C:\WINDOWS\system32\napmontr.dll
2010-04-24 17:09:35 ----N---- C:\WINDOWS\system32\napipsec.dll
2010-04-24 17:09:32 ----A---- C:\WINDOWS\system32\msxml6r.dll
2010-04-24 17:09:26 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2010-04-24 17:09:26 ----N---- C:\WINDOWS\system32\mssha.dll
2010-04-24 17:09:02 ----N---- C:\WINDOWS\system32\mmcperf.exe
2010-04-24 17:09:02 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2010-04-24 17:09:02 ----N---- C:\WINDOWS\system32\mmcex.dll
2010-04-24 17:09:02 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2010-04-24 17:08:44 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2010-04-24 17:08:44 ----N---- C:\WINDOWS\system32\kmsvc.dll
2010-04-24 17:08:43 ----N---- C:\WINDOWS\system32\kbdpash.dll
2010-04-24 17:08:43 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2010-04-24 17:08:42 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2010-04-24 17:08:42 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2010-04-24 17:08:17 ----A---- C:\WINDOWS\006312_.tmp
2010-04-24 17:08:16 ----N---- C:\WINDOWS\system32\eapsvc.dll
2010-04-24 17:08:16 ----N---- C:\WINDOWS\system32\eapqec.dll
2010-04-24 17:08:16 ----N---- C:\WINDOWS\system32\eappprxy.dll
2010-04-24 17:08:16 ----N---- C:\WINDOWS\system32\eapphost.dll
2010-04-24 17:08:16 ----N---- C:\WINDOWS\system32\eappgnui.dll
2010-04-24 17:08:16 ----N---- C:\WINDOWS\system32\eappcfg.dll
2010-04-24 17:08:16 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2010-04-24 17:08:16 ----N---- C:\WINDOWS\system32\eapolqec.dll
2010-04-24 17:08:13 ----N---- C:\WINDOWS\system32\dot3ui.dll
2010-04-24 17:08:13 ----N---- C:\WINDOWS\system32\dot3svc.dll
2010-04-24 17:08:13 ----N---- C:\WINDOWS\system32\dot3msm.dll
2010-04-24 17:08:13 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2010-04-24 17:08:13 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2010-04-24 17:08:13 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2010-04-24 17:08:13 ----N---- C:\WINDOWS\system32\dot3api.dll
2010-04-24 17:08:12 ----N---- C:\WINDOWS\system32\dimsroam.dll
2010-04-24 17:08:12 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2010-04-24 17:08:11 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2010-04-24 17:08:08 ----N---- C:\WINDOWS\system32\credssp.dll
2010-04-24 17:08:02 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2010-04-24 17:08:02 ----N---- C:\WINDOWS\system32\azroles.dll
2010-04-24 17:07:57 ----N---- C:\WINDOWS\system32\aaclient.dll
2010-04-24 11:45:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978601_0$
2010-04-24 11:43:03 ----HDC---- C:\WINDOWS\$NtUninstallKB979683_0$
2010-04-24 11:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978338_0$
2010-04-24 11:42:33 ----HDC---- C:\WINDOWS\$NtUninstallKB979309_0$
2010-04-24 11:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$
2010-04-24 11:42:15 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-24 11:42:02 ----HDC---- C:\WINDOWS\$NtUninstallKB980232_0$
2010-04-24 11:15:59 ----D---- C:\Documents and Settings\jolejniczak\Application Data\Avira
2010-04-24 11:01:41 ----A---- C:\WINDOWS\Mpcwty02.ini
2010-04-24 10:56:52 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-04-21 20:37:55 ----D---- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 20:18:15 ----D---- C:\Program Files\Bonjour
2010-04-19 14:49:16 ----D---- C:\Program Files\Microsoft Silverlight
2010-04-19 10:00:31 ----D---- C:\MC_TMP
2010-04-11 23:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB980182_0$
2010-04-11 23:58:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975561_0$
2010-04-11 23:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2_0$
2010-04-11 23:51:31 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-04-11 23:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2010-04-11 23:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2010-04-11 23:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2010-04-11 23:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-04-11 23:49:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2010-04-11 23:48:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978251_0$
2010-04-11 23:48:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2010-04-11 23:48:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975713_0$
2010-04-11 23:47:46 ----HDC---- C:\WINDOWS\$NtUninstallKB972270_0$
2010-04-11 23:47:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-04-11 23:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955759_0$
2010-04-11 23:46:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2010-04-11 23:45:44 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2010-04-11 23:45:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971737_0$
2010-04-11 23:45:02 ----HDC---- C:\WINDOWS\$NtUninstallKB970430_0$
2010-04-11 23:44:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2010-04-11 23:43:20 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2010-04-11 23:43:00 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2010-04-11 23:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-04-11 23:42:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2010-04-11 23:42:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2010-04-11 23:41:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2010-04-11 23:41:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-04-11 23:41:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-04-11 23:32:19 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2010-04-11 23:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-04-11 23:14:39 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-04-10 13:52:38 ----D---- C:\Program Files\Litsoft

======List of files/folders modified in the last 3 months======

2010-05-30 14:59:36 ----D---- C:\WINDOWS\Temp
2010-05-30 14:11:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-30 14:11:34 ----D---- C:\WINDOWS
2010-05-30 14:09:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-30 14:01:01 ----HD---- C:\WINDOWS\INF
2010-05-30 13:58:23 ----SHD---- C:\Config.Msi
2010-05-30 13:56:14 ----D---- C:\Documents and Settings\jolejniczak\Application Data\SUPERAntiSpyware.com
2010-05-30 13:56:13 ----SHD---- C:\WINDOWS\Installer
2010-05-30 13:56:12 ----D---- C:\Program Files\SUPERAntiSpyware
2010-05-30 13:56:12 ----D---- C:\Program Files\Common Files
2010-05-30 13:55:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-05-30 13:55:33 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-30 00:46:03 ----AH---- C:\boot.ini
2010-05-30 00:46:03 ----A---- C:\WINDOWS\WIN.INI
2010-05-30 00:46:03 ----A---- C:\WINDOWS\SYSTEM.INI
2010-05-30 00:09:41 ----D---- C:\WINDOWS\SYSTEM32
2010-05-29 23:44:10 ----D---- C:\WINDOWS\system32\NtmsData
2010-05-29 23:44:06 ----SHD---- C:\System Volume Information
2010-05-29 23:29:17 ----D---- C:\WINDOWS\Registration
2010-05-29 23:24:51 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-05-29 23:24:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-29 23:10:11 ----D---- C:\WINDOWS\network diagnostic
2010-05-29 20:12:25 ----D---- C:\WINDOWS\system32\DRIVERS
2010-05-29 20:12:20 ----RD---- C:\Program Files
2010-05-29 17:13:53 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-05-25 18:14:28 ----D---- C:\Program Files\Mozilla Firefox
2010-05-24 11:00:04 ----D---- C:\Program Files\Google
2010-05-17 11:24:52 ----D---- C:\WINDOWS\pss
2010-05-17 11:14:27 ----D---- C:\WINDOWS\REPAIR
2010-05-01 16:07:55 ----D---- C:\Documents and Settings\jolejniczak\Application Data\Adobe
2010-05-01 16:07:41 ----D---- C:\WINDOWS\system32\Macromed
2010-04-25 07:32:06 ----AC---- C:\WINDOWS\OEWABLog.txt
2010-04-24 23:22:04 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-24 22:57:10 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-24 22:43:21 ----AC---- C:\WINDOWS\SETUPLOG.TXT
2010-04-24 22:35:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-24 22:32:12 ----D---- C:\WINDOWS\system32\Setup
2010-04-24 22:32:12 ----D---- C:\WINDOWS\AppPatch
2010-04-24 22:32:12 ----D---- C:\Program Files\Internet Explorer
2010-04-24 22:32:11 ----D---- C:\WINDOWS\system32\WBEM
2010-04-24 22:32:10 ----RSD---- C:\WINDOWS\Fonts
2010-04-24 22:31:25 ----D---- C:\WINDOWS\SECURITY
2010-04-24 18:25:58 ----A---- C:\WINDOWS\imsins.BAK
2010-04-24 18:22:50 ----D---- C:\Program Files\Movie Maker
2010-04-24 18:20:34 ----D---- C:\Program Files\Outlook Express
2010-04-24 18:09:32 ----D---- C:\Program Files\Messenger
2010-04-24 18:09:23 ----D---- C:\WINDOWS\WinSxS
2010-04-24 17:58:23 ----D---- C:\WINDOWS\system32\INETSRV
2010-04-24 17:58:22 ----D---- C:\WINDOWS\IME
2010-04-24 17:58:22 ----D---- C:\WINDOWS\Help
2010-04-24 17:57:56 ----D---- C:\WINDOWS\system32\USMT
2010-04-24 17:57:56 ----D---- C:\WINDOWS\system32\en-US
2010-04-24 17:57:48 ----D---- C:\WINDOWS\system32\bits
2010-04-24 17:57:48 ----D---- C:\WINDOWS\PeerNet
2010-04-24 17:53:12 ----D---- C:\WINDOWS\system32\Restore
2010-04-24 17:53:12 ----D---- C:\WINDOWS\system32\NPP
2010-04-24 17:53:12 ----D---- C:\WINDOWS\MUI
2010-04-24 17:53:10 ----D---- C:\WINDOWS\MSAGENT
2010-04-24 17:53:08 ----D---- C:\WINDOWS\SRCHASST
2010-04-24 17:53:07 ----D---- C:\Program Files\NetMeeting
2010-04-24 17:53:05 ----D---- C:\WINDOWS\system32\Com
2010-04-24 17:53:02 ----D---- C:\Program Files\Windows Media Player
2010-04-24 17:53:01 ----D---- C:\Program Files\Windows NT
2010-04-24 17:52:56 ----D---- C:\Program Files\Common Files\System
2010-04-24 17:52:35 ----D---- C:\WINDOWS\system32\OOBE
2010-04-24 17:52:34 ----D---- C:\WINDOWS\SYSTEM
2010-04-24 17:47:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-04-24 17:47:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-04-24 17:41:29 ----D---- C:\WINDOWS\EHome
2010-04-24 16:29:06 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2010-04-24 16:29:05 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-04-24 15:30:11 ----D---- C:\WINDOWS\Debug
2010-04-24 11:28:59 ----D---- C:\WINDOWS\SoftwareDistribution
2010-04-24 10:59:58 ----RSD---- C:\WINDOWS\assembly
2010-04-24 10:56:44 ----SD---- C:\WINDOWS\Tasks
2010-04-21 20:41:08 ----D---- C:\Program Files\iTunes
2010-04-21 20:39:04 ----D---- C:\Program Files\iPod
2010-04-21 20:38:10 ----D---- C:\Program Files\Common Files\Apple
2010-04-21 20:29:48 ----D---- C:\Program Files\QuickTime
2010-04-21 20:22:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-12 08:08:20 ----D---- C:\WINDOWS\Microsoft.NET
2010-04-12 07:40:24 ----D---- C:\Program Files\Windows Desktop Search
2010-04-09 11:12:13 ----D---- C:\Program Files\TurboTax
2010-04-06 10:52:54 ----AC---- C:\WINDOWS\system32\MRT.exe
2010-03-09 21:33:41 ----A---- C:\WINDOWS\system32\shdocvw.dll
2010-03-09 21:33:38 ----A---- C:\WINDOWS\system32\browseui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-05-19 124784]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-12-23 59440]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-23 23724]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-04-10 236032]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-04-10 117898]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-04-10 206336]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS []
R2 CVPNDRV;Cisco Systems IPsec Driver; \??\C:\WINDOWS\System32\Drivers\CVPNDRV.sys []
R2 CX23880;KWorld PVR 883 Video Capture; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-05-16 186496]
R2 CX88XBAR;KWorld PVR 883 Crossbar; C:\WINDOWS\system32\drivers\CX88XBAR.sys [2005-05-16 8960]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\System32\DRIVERS\dne2000.sys [2002-01-09 128380]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-04-10 24554]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-04-30 139776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-04-10 29638]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 kfdiapod;kfdiapod; \??\C:\DOCUME~1\JOLEJN~1\LOCALS~1\Temp\kfdiapod.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\5.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS []
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\System32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-24 267432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2002-09-03 1282112]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
S3 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-05-24 30192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMSSvc;Intel(R) NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\SYSTEM32\bgsvcgen.exe [2007-06-15 145504]
S4 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
S4 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2003-02-10 52736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-03-13 49152]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------
olejnic
Active Member
 
Posts: 13
Joined: May 30th, 2010, 2:40 am

Re: Google Search Misdirect

Unread postby Cypher » May 31st, 2010, 5:30 am

Hi olejnic.
"Updates are ready for your computer. Click here to install these updates." I didn't do anything.

Don't install any updates or make any changes to you're system until i tell you to do so.
Please continue with the instructions below.


Disable Avira anti-virus

  • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
  • Note: Don't forget to re-enable it after the fix.

Next.

Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper




Logs/Information to Post in your Next Reply

  • ComboFix.txt log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google Search Misdirect

Unread postby olejnic » May 31st, 2010, 11:20 am

After following your instructions, the symptoms have gone away. There are no more search redirects, and I can reach the Windows Update site from the Start Menu (don't worry, I haven't installed anything).

---------------------------------------------------------------------------
ComboFix 10-05-30.09 - jolejniczak 05/31/2010 7:39.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.700 [GMT -7:00]
Running from: c:\documents and settings\jolejniczak\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\dolejniczak\System
c:\documents and settings\dolejniczak\System\win_qs8.jqx
c:\program files\Internet Explorer\SET581.tmp
c:\program files\Internet Explorer\SET704.tmp
c:\program files\Internet Explorer\SET744.tmp
c:\program files\Internet Explorer\SET82C.tmp
c:\program files\Internet Explorer\SET907.tmp
c:\program files\Internet Explorer\SET9E8.tmp
c:\program files\Internet Explorer\SETAC9.tmp
c:\program files\Internet Explorer\SETBAB.tmp
c:\program files\Internet Explorer\SETC8C.tmp
c:\program files\Internet Explorer\SETD6D.tmp
c:\program files\Internet Explorer\SETE52.tmp
c:\program files\Internet Explorer\SETF38.tmp
c:\windows\herjek.config
c:\windows\SET479.tmp
c:\windows\SET5FC.tmp
c:\windows\SET63C.tmp
c:\windows\SET724.tmp
c:\windows\SET7FF.tmp
c:\windows\SET8E0.tmp
c:\windows\SET9C1.tmp
c:\windows\SETAA3.tmp
c:\windows\SETB84.tmp
c:\windows\SETC65.tmp
c:\windows\SETD4A.tmp
c:\windows\SETE30.tmp
c:\windows\system32\_002777_.tmp.dll
c:\windows\system32\_002785_.tmp.dll
c:\windows\system32\_002793_.tmp.dll
c:\windows\system32\_002809_.tmp.dll
c:\windows\system32\_002833_.tmp.dll
c:\windows\system32\_002841_.tmp.dll
c:\windows\system32\_002933_.tmp.dll
c:\windows\system32\_002934_.tmp.dll
c:\windows\system32\_002935_.tmp.dll
c:\windows\system32\_002936_.tmp.dll
c:\windows\system32\_002939_.tmp.dll
c:\windows\system32\_002940_.tmp.dll
c:\windows\system32\_002941_.tmp.dll
c:\windows\system32\_002942_.tmp.dll
c:\windows\system32\_002947_.tmp.dll
c:\windows\syst em32\_002948_.tmp.dll
c:\windows\system32\_002949_.tmp.dll
c:\windows\system32\_002950_.tmp.dll
c:\windows\system32\_002955_.tmp.dll
c:\windows\system32\_002956_.tmp.dll
c:\windows\system32\_002957_.tmp.dll
c:\windows\system32\_002958_.tmp.dll
c:\windows\system32\_002963_.tmp.dll
c:\windows\system32\_002964_.tmp.dll
c:\windows\system32\_002965_.tmp.dll
c:\windows\system32\_002966_.tmp.dll
c:\windows\system32\_002971_.tmp.dll
c:\windows\system32\_002972_.tmp.dll
c:\windows\system32\_002973_.tmp.dll
c:\windows\system32\_002974_.tmp.dll
c:\windows\system32\_002979_.tmp.dll
c:\windows\system32\_002980_.tmp.dll
c:\windows\system32\_002981_.tmp.dll
c:\windows\system32\_002982_.tmp.dll
c:\windows\system32\_002987_.tmp.dll
c:\windows\system32\_002988_.tmp.dll
c:\windows\system32\_002989_.tmp.dll
c:\windows\system32\_002990_.tmp.dll
c:\windows\system32\_002995_.tmp.dll
c:\windows\system32\_0 02996_.tmp.dll
c:\windows\system32\_002997_.tmp.dll
c:\windows\system32\_002998_.tmp.dll
c:\windows\system32\_003003_.tmp.dll
c:\windows\system32\_003004_.tmp.dll
c:\windows\system32\_003005_.tmp.dll
c:\windows\system32\_003006_.tmp.dll
c:\windows\system32\_003011_.tmp.dll
c:\windows\system32\_003012_.tmp.dll
c:\windows\system32\_003013_.tmp.dll
c:\windows\system32\_003014_.tmp.dll
c:\windows\system32\_003019_.tmp.dll
c:\windows\system32\_003020_.tmp.dll
c:\windows\system32\_003021_.tmp.dll
c:\windows\system32\_003022_.tmp.dll

Infected copy of c:\windows\system32\DRIVERS\kbdclass.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-31 14:36 . 2008-04-13 18:39 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2010-05-31 14:36 . 2008-04-13 18:39 24576 ----a-w- c:\windows\system32\dllcache\kbdclass.sys
2010-05-31 14:24 . 2010-05-31 14:24 85352 ----a-w- c:\documents and settings\jolejniczak\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-31 14:22 . 2010-05-31 14:22 -------- d-----w- c:\program files\ERUNT
2010-05-30 20:38 . 2010-05-30 23:49 -------- d-----w- C:\rsit
2010-05-30 16:57 . 2010-05-30 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-30 03:12 . 2010-05-30 03:12 -------- d-----w- c:\documents and settings\jolejniczak\Application Data\Malwarebytes
2010-05-30 03:12 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-30 03:12 . 2010-05-30 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-30 03:12 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-30 03:12 . 2010-05-30 03:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-30 00:26 . 2010-05-30 00:26 -------- d-----w- c:\documents and settings\jolejniczak\Application Data\Simply Super Software
2010-05-30 00:26 . 2010-05-30 00:26 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-30 00:26 . 2010-05-30 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-05-29 23:50 . 2010-05-30 23:49 -------- d-----w- c:\program files\Trend Micro
2010-05-29 19:11 . 2010-05-29 19:11 -------- d-----w- c:\program files\Sophos
2010-05-29 17:41 . 2006-06-19 19:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-29 17:41 . 2006-05-25 21:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-29 17:41 . 2005-08-26 07:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-29 17:41 . 2003-02-03 02:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-05-29 17:41 . 2002-03-06 07:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-29 17:24 . 2010-05-31 14:55 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-29 17:20 . 2010-05-30 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-20 01:52 . 2010-05-20 01:50 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-01 23:06 . 2010-05-02 03:03 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 20:56 . 2009-03-17 20:02 -------- d-----w- c:\documents and settings\jolejniczak\Application Data\SUPERAntiSpyware.com
2010-05-30 20:56 . 2009-03-17 20:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-30 20:55 . 2003-05-16 19:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-30 20:55 . 2003-05-16 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-24 18:00 . 2005-05-14 16:21 -------- d-----w- c:\program files\Google
2010-04-24 23:29 . 2004-04-05 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-24 23:29 . 2004-04-05 00:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-24 18:15 . 2010-04-24 18:15 -------- d-----w- c:\documents and settings\jolejniczak\Application Data\Avira
2010-04-22 03:41 . 2010-04-22 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-22 03:41 . 2007-09-25 19:02 -------- d-----w- c:\program files\iTunes
2010-04-22 03:39 . 2005-11-25 22:47 -------- d-----w- c:\program files\iPod
2010-04-22 03:38 . 2009-04-19 17:47 -------- d-----w- c:\program files\Common Files\Apple
2010-04-22 03:29 . 2006-03-12 01:55 -------- d-----w- c:\program files\QuickTime
2010-04-22 03:18 . 2010-04-22 03:18 -------- d-----w- c:\program files\Bonjour
2010-04-19 21:49 . 2010-04-19 21:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-12 14:40 . 2009-10-09 04:52 -------- d-----w- c:\program files\Windows Desktop Search
2010-04-11 00:00 . 2010-04-10 06:21 188280 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-10 20:52 . 2010-04-10 20:52 -------- d-----w- c:\program files\Litsoft
2010-04-09 18:12 . 2003-02-10 20:06 -------- d-----w- c:\program files\TurboTax
2010-03-09 11:09 . 2009-03-16 16:47 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-05-24 18:00 . 2010-05-24 18:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-22 08:25 . 2007-09-22 04:48 24 -csh--w- c:\windows\SC68EAB51.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickGammaLoader"="c:\program files\QuickGamma\QuickGammaLoader.exe" [2005-03-28 68096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"EPSON Stylus CX5800F Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE" [2005-05-10 98304]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Motive SmartBridge"="c:\progra~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2002-05-18 327680]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-05-24 30192]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-05-29 5937984]

c:\documents and settings\jolejniczak\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-5-2 113664]

c:\documents and settings\dolejniczak\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2004-1-1 233472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\ipsecdialer.exe [2003-8-17 1269836]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-12-23 45056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/17/2009 2:41 PM 135336]
R2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\SYSTEM32\DRIVERS\CVPNDrv.sys [8/17/2003 11:26 PM 263751]
R2 CX88XBAR;KWorld PVR 883 Crossbar;c:\windows\SYSTEM32\DRIVERS\cx88xbar.sys [9/22/2007 10:46 AM 8960]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/24/2010 11:00 AM 30192]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2010-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - c:\program files\Verizon Online\ControlPad\Misc\a_menu.exe
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {15589FA1-C456-11CE-BF01-000000000000} - hxxp://www.errornuker.com/products/errn ... taller.exe
FF - ProfilePath - c:\documents and settings\jolejniczak\Application Data\Mozilla\Firefox\Profiles\sy5q5wci.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 07:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4002763785-4037546843-2122700090-1005\Software\Local AppWizard-Generated Applications\MMDiag\Settings]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings\MP3Encoding]
@DACL=(02 0000)
@SACL=
"LowRate"=dword:0001f400
"LowRateSample"=dword:00005dc0
"PreferredCodecName"="mp3"
"PreferredCodecPath"="c:\\WINDOWS\\System32\\l3codecp.acm"
"MediumRate"=dword:0002ee00
"MediumHighRate"=dword:0003e800
"HighRate"=dword:0004e200
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3384)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\windows\BCMSMMSG.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-31 08:08:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-31 15:08

Pre-Run: 9,006,632,960 bytes free
Post-Run: 9,417,166,848 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 39FFBF6AA95DE49530C78E92B7473109
olejnic
Active Member
 
Posts: 13
Joined: May 30th, 2010, 2:40 am

Re: Google Search Misdirect

Unread postby Cypher » May 31st, 2010, 12:09 pm

Hi olejnic.
the symptoms have gone away. There are no more search redirects, and I can reach the Windows Update site from the Start Menu

Excellent good work :thumbup:
We still have work to do so stay with me.

Disable Avira anti-virus

  • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
  • Note: Don't forget to re-enable it after the fix.

Next.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    File::
    C:\WINDOWS\system32\7.tmp
    C:\WINDOWS\006312_.tmp
    C:\MC_TMP
    c:\windows\SC68EAB51.tmp
    
    Folder::
    C:\Documents and Settings\jolejniczak\Application Data\Simply Super Software
    C:\Documents and Settings\All Users\Application Data\Simply Super Software
    
    Registry::
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages"=hex(7):73,63,65,63,6c,69,00,00
    
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.


Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)



Logs/Information to Post in your Next Reply

  • ComboFix log.
  • RSIT log.txt log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google Search Misdirect

Unread postby olejnic » May 31st, 2010, 1:04 pm

I followed the instructions. There is no change of computer performance. It is still symptom free.

ComboFix log:
--------------------------
ComboFix 10-05-30.09 - jolejniczak 05/31/2010 9:35.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.646 [GMT -7:00]
Running from: c:\documents and settings\jolejniczak\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jolejniczak\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"C:\MC_TMP"
"c:\windows\006312_.tmp"
"c:\windows\SC68EAB51.tmp"
"c:\windows\system32\7.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Simply Super Software
c:\documents and settings\jolejniczak\Application Data\Simply Super Software
c:\windows\006312_.tmp
c:\windows\SC68EAB51.tmp
c:\windows\system32\7.tmp

Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-31 14:36 . 2008-04-13 18:39 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2010-05-31 14:36 . 2008-04-13 18:39 24576 ----a-w- c:\windows\system32\dllcache\kbdclass.sys
2010-05-31 14:24 . 2010-05-31 14:24 85352 ----a-w- c:\documents and settings\jolejniczak\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-31 14:22 . 2010-05-31 14:22 -------- d-----w- c:\program files\ERUNT
2010-05-30 20:38 . 2010-05-30 23:49 -------- d-----w- C:\rsit
2010-05-30 16:57 . 2010-05-30 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-30 03:12 . 2010-05-30 03:12 -------- d-----w- c:\documents and settings\jolejniczak\Application Data\Malwarebytes
2010-05-30 03:12 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-30 03:12 . 2010-05-30 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-30 03:12 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-30 03:12 . 2010-05-30 03:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-30 00:26 . 2010-05-30 00:26 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-29 23:50 . 2010-05-30 23:49 -------- d-----w- c:\program files\Trend Micro
2010-05-29 19:11 . 2010-05-29 19:11 -------- d-----w- c:\program files\Sophos
2010-05-29 17:41 . 2006-06-19 19:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-29 17:41 . 2006-05-25 21:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-29 17:41 . 2005-08-26 07:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-29 17:41 . 2003-02-03 02:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-05-29 17:41 . 2002-03-06 07:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-29 17:24 . 2010-05-31 14:55 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-29 17:20 . 2010-05-30 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-20 01:52 . 2010-05-20 01:50 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-01 23:06 . 2010-05-02 03:03 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 20:56 . 2009-03-17 20:02 -------- d-----w- c:\documents and settings\jolejniczak\Application Data\SUPERAntiSpyware.com
2010-05-30 20:56 . 2009-03-17 20:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-30 20:55 . 2003-05-16 19:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-30 20:55 . 2003-05-16 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-24 18:00 . 2005-05-14 16:21 -------- d-----w- c:\program files\Google
2010-04-25 01:05 . 2002-09-03 19:34 90943 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-04-24 23:29 . 2004-04-05 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-24 23:29 . 2004-04-05 00:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-24 18:15 . 2010-04-24 18:15 -------- d-----w- c:\documents and settings\jolejniczak\Application Data\Avira
2010-04-22 03:41 . 2010-04-22 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-22 03:41 . 2007-09-25 19:02 -------- d-----w- c:\program files\iTunes
2010-04-22 03:39 . 2005-11-25 22:47 -------- d-----w- c:\program files\iPod
2010-04-22 03:38 . 2009-04-19 17:47 -------- d-----w- c:\program files\Common Files\Apple
2010-04-22 03:29 . 2006-03-12 01:55 -------- d-----w- c:\program files\QuickTime
2010-04-22 03:18 . 2010-04-22 03:18 -------- d-----w- c:\program files\Bonjour
2010-04-22 03:14 . 2010-04-22 03:14 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-19 21:49 . 2010-04-19 21:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-12 14:40 . 2009-10-09 04:52 -------- d-----w- c:\program files\Windows Desktop Search
2010-04-11 00:00 . 2010-04-10 06:21 188280 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-10 20:52 . 2010-04-10 20:52 -------- d-----w- c:\program files\Litsoft
2010-04-09 18:12 . 2003-02-10 20:06 -------- d-----w- c:\program files\TurboTax
2010-03-09 11:09 . 2009-03-16 16:47 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 21:47 . 2010-03-08 21:47 6 ----a-w- c:\windows\Fonts\wfonts.key
2010-05-24 18:00 . 2010-05-24 18:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickGammaLoader"="c:\program files\QuickGamma\QuickGammaLoader.exe" [2005-03-28 68096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"EPSON Stylus CX5800F Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE" [2005-05-10 98304]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Motive SmartBridge"="c:\progra~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2002-05-18 327680]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-05-24 30192]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-05-29 5937984]

c:\documents and settings\jolejniczak\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-5-2 113664]

c:\documents and settings\dolejniczak\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2004-1-1 233472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\ipsecdialer.exe [2003-8-17 1269836]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-12-23 45056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/17/2009 2:41 PM 135336]
R2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\SYSTEM32\DRIVERS\CVPNDrv.sys [8/17/2003 11:26 PM 263751]
R2 CX88XBAR;KWorld PVR 883 Crossbar;c:\windows\SYSTEM32\DRIVERS\cx88xbar.sys [9/22/2007 10:46 AM 8960]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/24/2010 11:00 AM 30192]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2010-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - c:\program files\Verizon Online\ControlPad\Misc\a_menu.exe
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {15589FA1-C456-11CE-BF01-000000000000} - hxxp://www.errornuker.com/products/errn ... taller.exe
FF - ProfilePath - c:\documents and settings\jolejniczak\Application Data\Mozilla\Firefox\Profiles\sy5q5wci.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 09:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4002763785-4037546843-2122700090-1005\Software\Local AppWizard-Generated Applications\MMDiag\Settings]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings\MP3Encoding]
@DACL=(02 0000)
@SACL=
"LowRate"=dword:0001f400
"LowRateSample"=dword:00005dc0
"PreferredCodecName"="mp3"
"PreferredCodecPath"="c:\\WINDOWS\\System32\\l3codecp.acm"
"MediumRate"=dword:0002ee00
"MediumHighRate"=dword:0003e800
"HighRate"=dword:0004e200
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(368)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\windows\BCMSMMSG.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-31 09:56:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-31 16:56
ComboFix2.txt 2010-05-31 15:08

Pre-Run: 9,344,745,472 bytes free
Post-Run: 9,310,728,192 bytes free

- - End Of File - - 1716DB079517276178238CB95F51996F
olejnic
Active Member
 
Posts: 13
Joined: May 30th, 2010, 2:40 am

Re: Google Search Misdirect

Unread postby olejnic » May 31st, 2010, 1:05 pm

And here is the RSIT log:
--------------------------------
Logfile of random's system information tool 1.07 (written by random/random)
Run by jolejniczak at 2010-05-31 09:57:03
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (12%) free of 76 GB
Total RAM: 1023 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:57:10 AM, on 5/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\jolejniczak\Desktop\RSIT.exe
C:\Program Files\trend micro\jolejniczak.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB002" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKCU\..\Run: [QuickGammaLoader] C:\Program Files\QuickGamma\QuickGammaLoader.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn ... taller.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.mpix.com/customer/uploading/ ... oader5.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7691 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-03-26 142120]
"EPSON Stylus CX5800F Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE [2005-05-09 98304]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-08-14 28672]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"Motive SmartBridge"=C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe [2002-05-18 327680]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-04-10 679936]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-05-24 30192]
"HitmanPro35"=C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe [2010-05-29 5937984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickGammaLoader"=C:\Program Files\QuickGamma\QuickGammaLoader.exe [2005-03-28 68096]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\jolejniczak\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2010-05-31 09:56:08 ----D---- C:\WINDOWS\temp
2010-05-31 09:56:06 ----A---- C:\ComboFix.txt
2010-05-31 07:34:01 ----A---- C:\Boot.bak
2010-05-31 07:33:53 ----RASHD---- C:\cmdcons
2010-05-31 07:27:19 ----A---- C:\WINDOWS\zip.exe
2010-05-31 07:27:19 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-31 07:27:19 ----A---- C:\WINDOWS\SWSC.exe
2010-05-31 07:27:19 ----A---- C:\WINDOWS\SWREG.exe
2010-05-31 07:27:19 ----A---- C:\WINDOWS\sed.exe
2010-05-31 07:27:19 ----A---- C:\WINDOWS\PEV.exe
2010-05-31 07:27:19 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-31 07:27:19 ----A---- C:\WINDOWS\MBR.exe
2010-05-31 07:27:19 ----A---- C:\WINDOWS\grep.exe
2010-05-31 07:26:31 ----D---- C:\Qoobox
2010-05-31 07:22:37 ----D---- C:\WINDOWS\ERDNT
2010-05-31 07:22:07 ----D---- C:\Program Files\ERUNT
2010-05-31 07:15:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-05-31 07:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-05-31 07:15:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-05-30 13:38:32 ----D---- C:\rsit
2010-05-30 09:57:51 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-05-29 20:12:34 ----D---- C:\Documents and Settings\jolejniczak\Application Data\Malwarebytes
2010-05-29 20:12:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-05-29 20:12:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-29 17:26:14 ----D---- C:\Program Files\Hitman Pro 3.5
2010-05-29 16:50:41 ----D---- C:\Program Files\Trend Micro
2010-05-29 12:11:31 ----D---- C:\Program Files\Sophos
2010-05-29 10:41:09 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2010-05-29 10:41:09 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2010-05-29 10:41:09 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2010-05-29 10:41:09 ----A---- C:\WINDOWS\system32\unrar3.dll
2010-05-29 10:41:09 ----A---- C:\WINDOWS\system32\unacev2.dll
2010-05-29 10:20:09 ----D---- C:\Documents and Settings\All Users\Application Data\Hitman Pro
2010-05-17 10:45:36 ----SHD---- C:\WINDOWS\CSC
2010-05-01 16:06:26 ----D---- C:\WINDOWS\system32\Adobe
2010-04-24 22:32:57 ----D---- C:\WINDOWS\Prefetch
2010-04-24 18:25:50 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-24 18:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-04-24 18:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-24 18:24:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-24 18:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-04-24 18:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-24 18:24:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-24 18:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-04-24 18:23:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-04-24 18:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-04-24 18:23:12 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-04-24 18:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-04-24 18:22:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-04-24 18:22:33 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-04-24 18:22:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-04-24 18:22:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-04-24 18:22:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-04-24 18:21:48 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-04-24 18:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-04-24 18:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-04-24 18:21:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-04-24 18:21:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-04-24 18:20:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-04-24 18:20:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-04-24 18:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-04-24 18:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-04-24 18:20:10 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2010-04-24 18:19:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-04-24 18:19:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-04-24 18:19:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-04-24 18:19:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-04-24 18:19:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-04-24 18:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-04-24 18:18:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-04-24 18:18:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-04-24 18:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB980182_1$
2010-04-24 18:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2010-04-24 18:17:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-04-24 18:17:16 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-04-24 18:17:02 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-04-24 18:16:31 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-04-24 18:16:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-04-24 18:16:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2010-04-24 18:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-04-24 18:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-04-24 18:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-04-24 18:14:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2010-04-24 18:14:46 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-04-24 18:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-04-24 18:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2010-04-24 18:14:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-04-24 18:14:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-04-24 18:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2010-04-24 18:13:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-04-24 18:13:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-04-24 18:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2010-04-24 18:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-04-24 18:12:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-04-24 18:12:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-04-24 18:12:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-04-24 18:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-04-24 18:11:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-04-24 18:11:31 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$
2010-04-24 18:11:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-04-24 18:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-04-24 18:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-04-24 18:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-04-24 18:10:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-04-24 18:10:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2010-04-24 18:10:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-04-24 18:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-04-24 18:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-04-24 18:09:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-04-24 18:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-04-24 18:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2010-04-24 18:09:10 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-04-24 18:09:00 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2010-04-24 17:57:54 ----D---- C:\WINDOWS\system32\scripting
2010-04-24 17:57:49 ----D---- C:\WINDOWS\l2schemas
2010-04-24 17:57:48 ----D---- C:\WINDOWS\system32\en
2010-04-24 17:57:48 ----D---- C:\Program Files\msn
2010-04-24 17:11:22 ----N---- C:\WINDOWS\system32\wlanapi.dll
2010-04-24 17:10:58 ----N---- C:\WINDOWS\system32\tspkg.dll
2010-04-24 17:10:58 ----N---- C:\WINDOWS\system32\tsgqec.dll
2010-04-24 17:10:22 ----N---- C:\WINDOWS\system32\setupn.exe
2010-04-24 17:10:15 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2010-04-24 17:10:13 ----N---- C:\WINDOWS\system32\rasqec.dll
2010-04-24 17:10:12 ----N---- C:\WINDOWS\system32\qutil.dll
2010-04-24 17:10:09 ----N---- C:\WINDOWS\system32\qcliprov.dll
2010-04-24 17:10:08 ----N---- C:\WINDOWS\system32\qagentrt.dll
2010-04-24 17:10:08 ----N---- C:\WINDOWS\system32\qagent.dll
2010-04-24 17:09:58 ----N---- C:\WINDOWS\system32\onex.dll
2010-04-24 17:09:35 ----N---- C:\WINDOWS\system32\napstat.exe
2010-04-24 17:09:35 ----N---- C:\WINDOWS\system32\napmontr.dll
2010-04-24 17:09:35 ----N---- C:\WINDOWS\system32\napipsec.dll
2010-04-24 17:09:32 ----A---- C:\WINDOWS\system32\msxml6r.dll
2010-04-24 17:09:26 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2010-04-24 17:09:26 ----N---- C:\WINDOWS\system32\mssha.dll
2010-04-24 17:09:02 ----N---- C:\WINDOWS\system32\mmcperf.exe
2010-04-24 17:09:02 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2010-04-24 17:09:02 ----N---- C:\WINDOWS\system32\mmcex.dll
2010-04-24 17:09:02 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2010-04-24 17:08:44 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2010-04-24 17:08:44 ----N---- C:\WINDOWS\system32\kmsvc.dll
2010-04-24 17:08:43 ----N---- C:\WINDOWS\system32\kbdpash.dll
2010-04-24 17:08:43 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2010-04-24 17:08:42 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2010-04-24 17:08:42 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2010-04-24 17:08:16 ----N---- C:\WINDOWS\system32\eapsvc.dll
2010-04-24 17:08:16 ----N---- C:\WINDOWS\system32\eapqec.dll
2010-04-24 17:08:16 ----N---- C:\WINDOWS\system32\eappprxy.dll
2010-04-24 17:08:16 ----N---- C:\WINDOWS\system32\eapphost.dll
2010-04-24 17:08:16 ----N---- C:\WINDOWS\system32\eappgnui.dll
2010-04-24 17:08:16 ----N---- C:\WINDOWS\system32\eappcfg.dll
2010-04-24 17:08:16 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2010-04-24 17:08:16 ----N---- C:\WINDOWS\system32\eapolqec.dll
2010-04-24 17:08:13 ----N---- C:\WINDOWS\system32\dot3ui.dll
2010-04-24 17:08:13 ----N---- C:\WINDOWS\system32\dot3svc.dll
2010-04-24 17:08:13 ----N---- C:\WINDOWS\system32\dot3msm.dll
2010-04-24 17:08:13 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2010-04-24 17:08:13 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2010-04-24 17:08:13 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2010-04-24 17:08:13 ----N---- C:\WINDOWS\system32\dot3api.dll
2010-04-24 17:08:12 ----N---- C:\WINDOWS\system32\dimsroam.dll
2010-04-24 17:08:12 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2010-04-24 17:08:11 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2010-04-24 17:08:08 ----N---- C:\WINDOWS\system32\credssp.dll
2010-04-24 17:08:02 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2010-04-24 17:08:02 ----N---- C:\WINDOWS\system32\azroles.dll
2010-04-24 17:07:57 ----N---- C:\WINDOWS\system32\aaclient.dll
2010-04-24 11:45:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978601_0$
2010-04-24 11:43:03 ----HDC---- C:\WINDOWS\$NtUninstallKB979683_0$
2010-04-24 11:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978338_0$
2010-04-24 11:42:33 ----HDC---- C:\WINDOWS\$NtUninstallKB979309_0$
2010-04-24 11:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$
2010-04-24 11:42:15 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-24 11:42:02 ----HDC---- C:\WINDOWS\$NtUninstallKB980232_0$
2010-04-24 11:15:59 ----D---- C:\Documents and Settings\jolejniczak\Application Data\Avira
2010-04-24 11:01:41 ----A---- C:\WINDOWS\Mpcwty02.ini
2010-04-24 10:56:52 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-04-21 20:37:55 ----D---- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 20:18:15 ----D---- C:\Program Files\Bonjour
2010-04-19 14:49:16 ----D---- C:\Program Files\Microsoft Silverlight
2010-04-19 10:00:31 ----D---- C:\MC_TMP
2010-04-11 23:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB980182_0$
2010-04-11 23:58:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975561_0$
2010-04-11 23:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2_0$
2010-04-11 23:51:31 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-04-11 23:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2010-04-11 23:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2010-04-11 23:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2010-04-11 23:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-04-11 23:49:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2010-04-11 23:48:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978251_0$
2010-04-11 23:48:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2010-04-11 23:48:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975713_0$
2010-04-11 23:47:46 ----HDC---- C:\WINDOWS\$NtUninstallKB972270_0$
2010-04-11 23:47:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-04-11 23:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955759_0$
2010-04-11 23:46:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2010-04-11 23:45:44 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2010-04-11 23:45:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971737_0$
2010-04-11 23:45:02 ----HDC---- C:\WINDOWS\$NtUninstallKB970430_0$
2010-04-11 23:44:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2010-04-11 23:43:20 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2010-04-11 23:43:00 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2010-04-11 23:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-04-11 23:42:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2010-04-11 23:42:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2010-04-11 23:41:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2010-04-11 23:41:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-04-11 23:41:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-04-11 23:32:19 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2010-04-11 23:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-04-11 23:14:39 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-04-10 13:52:38 ----D---- C:\Program Files\Litsoft

======List of files/folders modified in the last 3 months======

2010-05-31 09:56:09 ----D---- C:\WINDOWS\system32\DRIVERS
2010-05-31 09:56:08 ----D---- C:\WINDOWS
2010-05-31 09:47:13 ----A---- C:\WINDOWS\system.ini
2010-05-31 09:46:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-31 09:43:59 ----D---- C:\WINDOWS\SYSTEM32
2010-05-31 09:41:52 ----D---- C:\WINDOWS\AppPatch
2010-05-31 09:41:49 ----D---- C:\Program Files\Common Files
2010-05-31 09:34:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-31 07:52:53 ----D---- C:\WINDOWS\system32\CONFIG
2010-05-31 07:49:13 ----D---- C:\Program Files\Internet Explorer
2010-05-31 07:39:57 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-05-31 07:34:01 ----RASH---- C:\boot.ini
2010-05-31 07:22:07 ----RD---- C:\Program Files
2010-05-31 07:15:58 ----HD---- C:\WINDOWS\INF
2010-05-31 07:15:47 ----A---- C:\WINDOWS\imsins.BAK
2010-05-31 07:15:30 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-31 07:14:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-05-30 13:58:23 ----D---- C:\Config.Msi
2010-05-30 13:56:14 ----D---- C:\Documents and Settings\jolejniczak\Application Data\SUPERAntiSpyware.com
2010-05-30 13:56:13 ----SHD---- C:\WINDOWS\Installer
2010-05-30 13:56:12 ----D---- C:\Program Files\SUPERAntiSpyware
2010-05-30 13:55:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-05-30 13:55:33 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-30 00:46:03 ----A---- C:\WINDOWS\WIN.INI
2010-05-29 23:44:10 ----D---- C:\WINDOWS\system32\NtmsData
2010-05-29 23:44:06 ----SHD---- C:\System Volume Information
2010-05-29 23:29:17 ----D---- C:\WINDOWS\Registration
2010-05-29 23:24:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-29 23:10:11 ----D---- C:\WINDOWS\network diagnostic
2010-05-29 17:13:53 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-05-25 18:14:28 ----D---- C:\Program Files\Mozilla Firefox
2010-05-24 11:00:04 ----D---- C:\Program Files\Google
2010-05-17 11:24:52 ----D---- C:\WINDOWS\pss
2010-05-17 11:14:27 ----D---- C:\WINDOWS\REPAIR
2010-05-01 16:07:55 ----D---- C:\Documents and Settings\jolejniczak\Application Data\Adobe
2010-05-01 16:07:41 ----D---- C:\WINDOWS\system32\Macromed
2010-04-25 07:32:06 ----AC---- C:\WINDOWS\OEWABLog.txt
2010-04-24 23:22:04 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-24 22:43:21 ----AC---- C:\WINDOWS\SETUPLOG.TXT
2010-04-24 22:35:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-24 22:32:12 ----D---- C:\WINDOWS\system32\Setup
2010-04-24 22:32:11 ----D---- C:\WINDOWS\system32\WBEM
2010-04-24 22:32:10 ----RSD---- C:\WINDOWS\Fonts
2010-04-24 22:31:25 ----D---- C:\WINDOWS\SECURITY
2010-04-24 18:22:50 ----D---- C:\Program Files\Movie Maker
2010-04-24 18:20:34 ----D---- C:\Program Files\Outlook Express
2010-04-24 18:09:32 ----D---- C:\Program Files\Messenger
2010-04-24 18:09:23 ----D---- C:\WINDOWS\WinSxS
2010-04-24 17:58:23 ----D---- C:\WINDOWS\system32\INETSRV
2010-04-24 17:58:22 ----D---- C:\WINDOWS\IME
2010-04-24 17:58:22 ----D---- C:\WINDOWS\Help
2010-04-24 17:57:56 ----D---- C:\WINDOWS\system32\USMT
2010-04-24 17:57:56 ----D---- C:\WINDOWS\system32\en-US
2010-04-24 17:57:48 ----D---- C:\WINDOWS\system32\bits
2010-04-24 17:57:48 ----D---- C:\WINDOWS\PeerNet
2010-04-24 17:53:12 ----D---- C:\WINDOWS\system32\Restore
2010-04-24 17:53:12 ----D---- C:\WINDOWS\system32\NPP
2010-04-24 17:53:12 ----D---- C:\WINDOWS\MUI
2010-04-24 17:53:10 ----D---- C:\WINDOWS\MSAGENT
2010-04-24 17:53:08 ----D---- C:\WINDOWS\SRCHASST
2010-04-24 17:53:07 ----D---- C:\Program Files\NetMeeting
2010-04-24 17:53:05 ----D---- C:\WINDOWS\system32\Com
2010-04-24 17:53:02 ----D---- C:\Program Files\Windows Media Player
2010-04-24 17:53:01 ----D---- C:\Program Files\Windows NT
2010-04-24 17:52:56 ----D---- C:\Program Files\Common Files\System
2010-04-24 17:52:35 ----D---- C:\WINDOWS\system32\OOBE
2010-04-24 17:52:34 ----D---- C:\WINDOWS\SYSTEM
2010-04-24 17:47:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-04-24 17:47:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-04-24 17:41:29 ----D---- C:\WINDOWS\EHome
2010-04-24 16:29:06 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2010-04-24 16:29:05 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-04-24 15:30:11 ----D---- C:\WINDOWS\Debug
2010-04-24 11:28:59 ----D---- C:\WINDOWS\SoftwareDistribution
2010-04-24 10:59:58 ----RSD---- C:\WINDOWS\assembly
2010-04-24 10:56:44 ----SD---- C:\WINDOWS\Tasks
2010-04-21 20:41:08 ----D---- C:\Program Files\iTunes
2010-04-21 20:39:04 ----D---- C:\Program Files\iPod
2010-04-21 20:38:10 ----D---- C:\Program Files\Common Files\Apple
2010-04-21 20:29:48 ----D---- C:\Program Files\QuickTime
2010-04-21 20:22:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-12 08:08:20 ----D---- C:\WINDOWS\Microsoft.NET
2010-04-12 07:40:24 ----D---- C:\Program Files\Windows Desktop Search
2010-04-09 11:12:13 ----D---- C:\Program Files\TurboTax
2010-04-06 10:52:54 ----AC---- C:\WINDOWS\system32\MRT.exe
2010-03-09 21:33:41 ----A---- C:\WINDOWS\system32\shdocvw.dll
2010-03-09 21:33:38 ----A---- C:\WINDOWS\system32\browseui.dll
2010-03-09 04:09:18 ----A---- C:\WINDOWS\system32\vbscript.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-05-19 124784]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-12-23 59440]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-23 23724]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-04-10 236032]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-04-10 117898]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-04-10 206336]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS []
R2 CVPNDRV;Cisco Systems IPsec Driver; \??\C:\WINDOWS\System32\Drivers\CVPNDRV.sys []
R2 CX23880;KWorld PVR 883 Video Capture; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-05-16 186496]
R2 CX88XBAR;KWorld PVR 883 Crossbar; C:\WINDOWS\system32\drivers\CX88XBAR.sys [2005-05-16 8960]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\System32\DRIVERS\dne2000.sys [2002-01-09 128380]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-04-10 24554]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-04-30 139776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-04-10 29638]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 mbr;mbr; \??\C:\DOCUME~1\JOLEJN~1\LOCALS~1\Temp\mbr.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\5.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS []
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\System32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-24 267432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2002-09-03 1282112]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
S3 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-05-24 30192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMSSvc;Intel(R) NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\SYSTEM32\bgsvcgen.exe [2007-06-15 145504]
S4 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
S4 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2003-02-10 52736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-03-13 49152]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------
olejnic
Active Member
 
Posts: 13
Joined: May 30th, 2010, 2:40 am

Re: Google Search Misdirect

Unread postby Cypher » May 31st, 2010, 1:26 pm

Hi olejnic.
Things look good so far.
Lets get a few updates done then check for any leftovers.



Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 20.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.


Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
  • Download Adobe Reader 930 from Here

Next.

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Next.

Disable Avira anti-virus

  • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
  • Note: Don't forget to re-enable it after the below scan.


Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.



Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google Search Misdirect

Unread postby olejnic » June 1st, 2010, 2:51 am

No change in the computer performance.

I can't install the updated Jave SE Runtime Environment. I downloaded the installer, but when I click on the 'Run' button in the installer dialogue box nothing happens.

I did update Adobe Reader and ran ATF Cleaner.

Here is the ESET log file:
-----------------------------
\C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\kbdclass.sys.vir_ Win32/Olmarik.ZC trojan
olejnic
Active Member
 
Posts: 13
Joined: May 30th, 2010, 2:40 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 378 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware