Inactive [InActive] Google Redirect Problem

kris1 · 2009/03/28

Basically i've just come back home from uni to find my family have been living with the incredibily annoying google redirect problem. I'm afraid i can't give any details on how it got there but i'm certain nothing has been tried to remove it. I've searched the internet for an easy, common, fix but there doesn't appear to be such a thing. I'll add the log reports asked for and if required i've done the hjackthis report as well but i won't include that.
Many thanks if anyone can help!
Kris

DDS (Ver_09-03-16.01) - NTFSx86
Run by Kris at 21:06:38.26 on 28/03/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1023.290 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\NatNix\p2p_peer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iRiver\HSeries\iHPDetect.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\CyberLink\PowerStarter\PowerBar.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\TrueSwitchMSN\TrueWizard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\CTPdeSrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bbc.co.uk/
uSearch Page = hxxp://www.google.com
uWindow Title = Tiscali Internet Access
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Tiscali Internet Access
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: e404mgr Class: {8bd4438c-2511-4b93-ad34-2bdcd0ff78d2} - c:\program files\helper\1203166008.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {c2a1c5cb-c0ef-4689-9436-f62cca1c5383} - c:\program files\netproject\sbmdl.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Web Application: {81705d67-3f73-4983-859b-97d0922e5abe} - c:\program files\netproject\wamdl.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Encarta &Researcher: {9455301c-cf6b-11d3-a266-00c04f689c50} - c:\program files\common files\microsoft shared\encarta researcher\EROPROJ.DLL
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
uRun: [PowerBar] "c:\program files\cyberlink\powerstarter\PowerBar.exe" /AtBootTime
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Steam] c:\program files\valve\steam\\Steam.exe -silent
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Boots Insert Detect] c:\program files\boots f2cd\picture suite\InsDetect.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe "
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe "
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "c:\program files\cyberlink\powerbackup\PBKScheduler.exe "
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe "
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [adiras] adiras.exe
mRun: [iHP-100] c:\program files\iriver\hseries\iHPDetect.exe
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Windows Media Connect 2] "c:\program files\windows media connect 2\WMCCFG.exe" /StartQuiet
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [VideoraiPodConverter] c:\program files\videoraipodconverter\VideoraiPodConverter.exe -t
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe "
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe "
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [DPAgnt] c:\program files\digitalpersona\bin\DPAgnt.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [some] c:\program files\netproject\scit.exe
mExplorerRun: [start] c:\program files\netproject\sbmntr.exe
StartupFolder: c:\docume~1\kris\startm~1\programs\startup\trueas~1.lnk - c:\program files\trueswitchmsn\TrueWizard.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lumixs~1.lnk - c:\program files\panasonic\lumixsimpleviewer\PhLeAutoRun.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nokian~1.lnk - c:\program files\nokia\nnpcs\RunLauncher.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/229?fd28a351fb7d4b83bf3efd7ca2581daf
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/230?fd28a351fb7d4b83bf3efd7ca2581daf
IE: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {9455301C-CF6B-11D3-A266-00C04F689C50} - {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\program files\common files\microsoft

shared\encarta researcher\EROPROJ.DLL
Trusted Zone: swapitshop.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {759AA6A5-76B2-43E2-B940-B0C336C69E01} - hxxp://202.106.184.51/download/VodoneActivex.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab
TCP: NameServer = 85.255.112.39,85.255.112.40
TCP: {2C5BC309-978A-4029-B2D4-1286C185EE40} = 85.255.112.39,85.255.112.40
TCP: {2E7A727F-57F5-4C6C-9615-55F15E1EC9A3} = 85.255.112.39,85.255.112.40
TCP: {D2088120-040E-4B74-BC2E-DA51F7CEEFB4} = 10.88.0.2
TCP: {DBB80C9B-341F-40E6-A51B-8EDAA294C4C9} = 85.255.112.39,85.255.112.40
TCP: {F43DCFB1-F62E-4A15-A7F0-48A214A91F96} = 10.88.0.2
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - c:\program files\common files\microsoft shared\encarta researcher\MSERO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: DPWLN - c:\windows\system32\DPWLEvHd.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: epistylar: {917f93bf-6714-4e11-8982-59db2e0f88fc} - c:\windows\system32\eeioq.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli DPPWDFLT

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-1-12 55136]
R2 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2008-12-8 533344]
R2 p2p_peer;P2P-VPN Network Service;c:\progra~1\natnix\p2p_peer.exe [2008-3-5 1662976]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2008-12-4 226640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-4 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 ethertap;EtherTap Adapter;c:\windows\system32\drivers\ethertap.sys [2008-3-5 21930]
S3 3ac4dd09-cc42-4274-9b21-bfdbccbbb0b0;3ac4dd09-cc42-4274-9b21-bfdbccbbb0b0;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 cpuz;cpuz;\??\f:\cpuz.sys --> f:\cpuz.sys [?]
S3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\drivers\dpK0Bx01.sys [2006-9-16 35584]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe

[2006-5-21 29744]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-30 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-30 8320]
S3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [2006-9-16 47360]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-9-9 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2005-9-9 51840]
S4 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2005-9-9 89749]
S4 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [2005-9-9 54872]

=============== Created Last 30 ================

2009-03-28 20:57 <DIR> --d----- c:\program files\Trend Micro
2009-03-05 20:58 75,264 a------- c:\windows\system32\drivers\quadraserv.sys

==================== Find3M ====================

2009-01-13 13:46 59,344 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2005-12-05 20:17 170 ac------ c:\docume~1\kris\applic~1\wklnhst.dat
2005-11-20 13:55 11,144,586 ac------ c:\program files\WSFTP_ProT128_Install.exe

============= FINISH: 21:07:12.26 ===============

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 05/11/2005 11:49:15
System Uptime: 28/03/2009 10:15:55 (11 hours ago)

Motherboard: ASUSTeK Computer INC. | | A8N-E
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket 939 | 2010/200mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket 939 | 2010/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 186 GiB total, 17.906 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N95 8GB
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N95 8GB
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP1235: 11/12/2008 17:33:11 - System Checkpoint
RP1236: 12/12/2008 09:31:02 - Software Distribution Service 3.0
RP1237: 13/12/2008 12:53:19 - System Checkpoint
RP1238: 14/12/2008 14:48:33 - System Checkpoint
RP1239: 15/12/2008 15:14:03 - System Checkpoint
RP1240: 16/12/2008 19:11:52 - System Checkpoint
RP1241: 17/12/2008 07:58:04 - Software Distribution Service 3.0
RP1242: 18/12/2008 13:44:29 - System Checkpoint
RP1243: 18/12/2008 23:18:40 - Software Distribution Service 3.0
RP1244: 19/12/2008 13:02:57 - Software Distribution Service 3.0
RP1245: 20/12/2008 13:27:29 - System Checkpoint
RP1246: 21/12/2008 14:15:53 - System Checkpoint
RP1247: 21/12/2008 15:34:45 - Install Virtual CloneDrive
RP1248: 21/12/2008 15:39:10 - Install Virtual CloneDrive
RP1249: 21/12/2008 18:38:07 - Installed DirectX
RP1250: 22/12/2008 20:44:43 - System Checkpoint
RP1251: 23/12/2008 08:48:00 - Software Distribution Service 3.0
RP1252: 29/12/2008 16:05:58 - Software Distribution Service 3.0
RP1253: 29/12/2008 19:33:18 - Installed %1 %2.
RP1254: 29/12/2008 19:33:46 - Printer Driver Microsoft XPS Document Writer Installed
RP1255: 29/12/2008 23:31:36 - Installed Windows XP Wudf01005.
RP1256: 30/12/2008 23:33:39 - System Checkpoint
RP1257: 31/12/2008 00:54:05 - Software Distribution Service 3.0
RP1258: 01/01/2009 14:38:51 - System Checkpoint
RP1259: 02/01/2009 10:54:09 - Software Distribution Service 3.0
RP1260: 03/01/2009 11:31:24 - System Checkpoint
RP1261: 04/01/2009 11:54:08 - System Checkpoint
RP1262: 05/01/2009 13:05:26 - System Checkpoint
RP1263: 06/01/2009 16:26:41 - Software Distribution Service 3.0
RP1264: 07/01/2009 18:36:37 - System Checkpoint
RP1265: 08/01/2009 18:53:13 - System Checkpoint
RP1266: 09/01/2009 08:10:26 - Software Distribution Service 3.0
RP1267: 10/01/2009 11:34:38 - System Checkpoint
RP1268: 11/01/2009 11:54:05 - System Checkpoint
RP1269: 12/01/2009 14:58:31 - System Checkpoint
RP1270: 12/01/2009 22:23:53 - Installed Windows XP KB954708.
RP1271: 12/01/2009 22:24:08 - Installed DirectX
RP1272: 13/01/2009 13:52:43 - Software Distribution Service 3.0
RP1273: 14/01/2009 16:56:51 - System Checkpoint
RP1274: 14/01/2009 23:49:54 - Software Distribution Service 3.0
RP1275: 15/01/2009 16:18:45 - Software Distribution Service 3.0
RP1276: 16/01/2009 17:08:35 - System Checkpoint
RP1277: 17/01/2009 20:07:34 - System Checkpoint
RP1278: 18/01/2009 20:20:12 - System Checkpoint
RP1279: 19/01/2009 21:05:35 - System Checkpoint
RP1280: 20/01/2009 15:10:20 - Software Distribution Service 3.0
RP1281: 21/01/2009 18:55:40 - System Checkpoint
RP1282: 22/01/2009 16:52:57 - Software Distribution Service 3.0
RP1283: 23/01/2009 18:22:48 - System Checkpoint
RP1284: 24/01/2009 18:44:06 - System Checkpoint
RP1285: 25/01/2009 18:54:55 - System Checkpoint
RP1286: 26/01/2009 19:43:35 - System Checkpoint
RP1287: 27/01/2009 20:13:17 - Software Distribution Service 3.0
RP1288: 28/01/2009 22:22:00 - System Checkpoint
RP1289: 29/01/2009 16:46:51 - Software Distribution Service 3.0
RP1290: 30/01/2009 17:02:09 - System Checkpoint
RP1291: 31/01/2009 17:17:48 - System Checkpoint
RP1292: 01/02/2009 18:16:31 - System Checkpoint
RP1293: 02/02/2009 19:07:16 - System Checkpoint
RP1294: 03/02/2009 11:02:20 - Software Distribution Service 3.0
RP1295: 04/02/2009 12:53:28 - System Checkpoint
RP1296: 05/02/2009 13:43:19 - System Checkpoint

==== Installed Programs ======================

4oD
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Adobe Shockwave Player
Adventure Pinball Demo
AIPTEK PenCam Manager
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
AviSynth 2.5
Boots F2CD Picture Suite
Brian Lara International Cricket 2005
BufferChm
Call of Duty(R) 2
CD Burning 4
Choice Guard
Compatibility Pack for the 2007 Office system
Counter-Strike: Source
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Panorama1Config
Creative Jukebox Driver
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Video Blaster WebCam Control
Creative WebCam Monitor
Creative Zen Micro
Cucusoft DVD to Zune + Zune Video Converter Suite 7.6.7.5
CueTour
CustomerResearchQFolder
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DigitalPersona Password Manager 2.0.1
DVD Decrypter (Remove Only)
eSupportQFolder
Football Manager 2005
Football Manager 2006
Football Manager 2007
Football Manager 2008
Football Manager 2009
FullDPAppQFolder
GameShadow
GiPo@MoveOnBoot 1.9.5
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
Half-Life(R) 2
Hamachi 1.0.2.5
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
HP Deskjet 5900 series
HP Extended Capabilities 5.0
HP Image Zone 5.0
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
HPDeskjet5900Series
HPProductAssistant
Hydro Thunder
InstantShareDevices
Internet Service
Ipswitch WS_FTP Professional 2006
iRiver HSeries Manager VER 1.60
iriverter 0.14
iTunes
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_01
JourneySoftware
JourneySoftwarePromo
Junk Mail filter update
K-Lite Mega Codec Pack 3.8.0
KRISTAL Audio Engine
L&H TTS3000 British English
Ladbrokes Poker
LiveUpdate BVRP Software
LUMIX Simple Viewer
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8 Plugin
MarketResearch
MediaShow 3.0
Medieval II Total War
Medieval Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Premium Suite - WE 2003
Microsoft IntelliPoint 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mobile PhoneTools
MSN Switching Service
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MyPhoneExplorer
NatNix Peer-to-Peer VPN
Nokia Connectivity Cable Driver
Nokia Download!
Nokia Flashing Cable Driver
Nokia Map Loader
Nokia NSeries Application Installer
Nokia NSeries Application Installer 6.83.11
Nokia NSeries Content Copier
Nokia NSeries Content Copier 6.83.11
Nokia NSeries Music Manager
Nokia NSeries Music Manager 6.83.11
Nokia NSeries One Touch Access
Nokia NSeries One Touch Access 6.83.11
Nokia Nseries PC Suite
Nokia NSeries System Utilities
Nokia NSeries System Utilities 6.83.11
Nokia Nseries Video Manager
Nokia Photos
Nokia Software Updater
NVIDIA Drivers
NvMixer
PC Connectivity Solution
PhotoGallery
PhotoNow! 1.0
Populous: The Beginning
Popup Blocker (Windows Live Toolbar)
Power2Go 4.0
PowerBackup 1.0
PowerCinema 4.0
PowerDirector Express
PowerDVD
PowerDVD Copy 1.0
PowerProducer
PowerStarter
Pro Pinball : Big Race USA
Project64 1.6
PSP Video 9 1.74
PSP Video Express(remove only)
QuickTime
RandMap
RealPlayer
Rise and Fall
SAGEM F@st 800-840
Secure Browsing
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Segoe UI
Shockwave
SkinsHP1
SolutionCenter
Sonic_PrimoSDK
Sony Ericsson PC Suite
SopCast 1.1.2
SopCore 1.0.1
SpeedTouch USB Software
Starry Synth/ES10 Bundle 1.0
Status
Steam(TM)
Switch Uninstall
Tabbed Browsing (Windows Live Toolbar)
The Battle for Middle-earth (tm)
The Battle for Middle-earth (tm) II
The Lord of the Rings, The Rise of the Witch-king
The Sims 2
Theory Interactive
Tiscali 10.0
Tiscali Internet Access
TrackMania Sunrise
TradeManager
TrayApp
TVAnts 1.0
Tweakui Powertoy for Windows XP
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Videora iPod Converter 0.91
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virgin Net Connection/Signup Files
VirtualCloneDrive
Web Application
WebCam PhotoEditor
WebFldrs XP
WebReg
Windows Communication Foundation
Windows Defender
Windows Defender Signatures
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR archiver
Xbox 360 Controller for Windows
XML Paper Specification Shared Components Pack 1.0
ZENcast Organizer
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== Event Viewer Messages From Past Week ========

24/03/2009 17:14:55, error: Service Control Manager [7022] - The KService service hung on starting.
24/03/2009 17:13:33, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
23/03/2009 07:45:41, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013D4D4361D. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
22/03/2009 17:41:07, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0013D4D4361D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
22/03/2009 16:31:23, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
22/03/2009 16:31:23, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
25/03/2009 17:38:00, error: SideBySide [61] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2. The required attribute version is missing from element assemblyIdentity.
25/03/2009 17:38:00, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2.
25/03/2009 17:38:00, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest. Reference error message: The operation completed successfully. .
25/03/2009 17:38:00, error: SideBySide [61] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2. The required attribute version is missing from element assemblyIdentity.
25/03/2009 17:38:00, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2.
25/03/2009 17:38:00, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest. Reference error message: The operation completed successfully. .
27/03/2009 15:00:41, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows CardSpace service to connect.
27/03/2009 15:00:41, error: Service Control Manager [7000] - The Windows CardSpace service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

Geri · 2009/04/06

Hi kris1
Welcome to WindowsBBS
Please do not put [Active] in your title, We do that so we know you've been helped. That could be why you have been over looked.

Please do this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

Vista users right click Combofix.exe and select Run As Administrator.

When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

Thanks
Geri

kris1 · 2009/04/08

Hey, apologies for adding the [active] bit in the title, i just saw that all the other threads had it on them, perhaps it would be useful to add that to the thread people read before they post for the first time?

Regarding the problem itself the log is posted below and i think it might also be useful to add that the computer appears to have problems (almost certainly not related to google redirect) in starting itself - it normally only loads up once every three attempts.

ComboFix 09-04-04.01 - Kris 2009-04-08 13:23:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.596 [GMT 1:00]
Running from: c:\documents and settings\Kris\My Documents\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\All Users\Documents\EA Games\Desktop_.ini
c:\documents and settings\All Users\Documents\EA Games\The Sims 2\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\My Playlists\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Sample Music\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\0006A57A\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Sync Playlists\00264369\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Sync Playlists\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\Image Editor\Default archive\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\Image Editor\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\LUMIXSimpleViewer\02032007\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\LUMIXSimpleViewer\06012007\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\LUMIXSimpleViewer\06042007\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\LUMIXSimpleViewer\16052007\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\LUMIXSimpleViewer\17052007\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\LUMIXSimpleViewer\19012007\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\LUMIXSimpleViewer\20012007\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\LUMIXSimpleViewer\22012007\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\LUMIXSimpleViewer\22072007\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\LUMIXSimpleViewer\30122006\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\LUMIXSimpleViewer\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\Sample Pictures\Desktop_.ini
c:\documents and settings\All Users\Documents\My Videos\Desktop_.ini
c:\documents and settings\All Users\Documents\Sports Interactive\Desktop_.ini
c:\documents and settings\All Users\Documents\Sports Interactive\Football Manager 2005\Desktop_.ini
c:\documents and settings\All Users\Documents\Sports Interactive\Football Manager 2006\Desktop_.ini
c:\documents and settings\All Users\Documents\Sports Interactive\Football Manager 2007\db\Desktop_.ini
c:\documents and settings\All Users\Documents\Sports Interactive\Football Manager 2007\Desktop_.ini
c:\documents and settings\All Users\Documents\Sports Interactive\Football Manager 2007\skins\Desktop_.ini
c:\documents and settings\All Users\Documents\Sports Interactive\Football Manager 2007\sounds\Desktop_.ini
c:\documents and settings\All Users\Documents\Sports Interactive\Football Manager 2008\db\Desktop_.ini
c:\documents and settings\All Users\Documents\Sports Interactive\Football Manager 2008\Desktop_.ini
c:\documents and settings\All Users\Documents\Sports Interactive\Football Manager 2008\skins\Desktop_.ini
c:\documents and settings\All Users\Documents\Sports Interactive\Football Manager 2008\sounds\Desktop_.ini
c:\documents and settings\Kris\Start Menu\Programs\coolplay
c:\recycler\S-9-6-72-100014528-100027484-100021717-8987.com
c:\windows\system32\drivers\gaopdxjdkkkayb.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxpvejwold.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.

2009-03-28 21:57 . 2009-03-28 21:57 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 12:59 --------- d-----w c:\program files\TrueSwitchMSN
2009-04-08 12:59 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-03-05 20:58 75,264 ----a-w c:\windows\system32\drivers\quadraserv.sys
2006-06-26 14:11 748 -c--a-w c:\documents and settings\Robin\Application Data\wklnhst.dat
2005-12-05 20:17 170 -c--a-w c:\documents and settings\Kris\Application Data\wklnhst.dat
2005-11-20 13:55 11,144,586 -c--a-w c:\program files\WSFTP_ProT128_Install.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Power2GoExpress "= "c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-03-23 1630303]
"PowerBar "= "c:\program files\CyberLink\PowerStarter\PowerBar.exe" [2005-02-17 110592]
"Creative Detector "= "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 98304]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 68856]
"Steam "= "c:\program files\Valve\Steam\\Steam.exe" [2008-10-08 1410296]
"kdx "= "c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"Boots Insert Detect "= "c:\program files\Boots F2CD\Picture Suite\InsDetect.exe" [2003-02-17 262144]
"CTSyncU.exe "= "c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck "= "c:\windows\system32\dumprep 0 -u" [X]
"NokiaMServer "= "c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"PCMService "= "c:\program files\CyberLink\PowerCinema\PCMService.exe" [2005-01-14 110744]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"{1290A33C-85F5-4164-A1BE-7DD299D4986A} "= "c:\program files\CyberLink\PowerBackup\PBKScheduler.exe" [2004-06-08 69721]
"NVMixerTray "= "c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]
"iHP-100 "= "c:\program files\iRiver\HSeries\iHPDetect.exe" [2004-05-10 24576]
"SpeedTouch USB Diagnostics "= "c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-21 180269]
"Windows Media Connect 2 "= "c:\program files\Windows Media Connect 2\WMCCFG.exe" [2006-10-18 8704]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-21 29744]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"VideoraiPodConverter "= "c:\program files\VideoraiPodConverter\VideoraiPodConverter.exe" [2005-11-11 483328]
"fssui "= "c:\program files\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"4oD "= "c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"Zune Launcher "= "c:\program files\Zune\ZuneLauncher.exe" [2008-04-29 158624]
"LifeCam "= "c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000 "= "c:\windows\vVX1000.exe" [2007-04-10 709992]
"DPAgnt "= "c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2006-10-09 807440]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"VirtualCloneDrive "= "c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"Ptipbmf "= "ptipbmf.dll" [2003-06-20 c:\windows\system32\ptipbmf.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Kris\Start Menu\Programs\Startup\
TrueAssistant.lnk - c:\program files\TrueSwitchMSN\TrueWizard.exe [2008-12-11 1064960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-11-15 962660]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-07-22 57344]
Nokia Nseries PC Suite.lnk - c:\program files\Nokia\NNPCS\RunLauncher.exe [2008-01-14 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
2006-10-09 16:27 99856 c:\windows\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc "= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msvideo7 "= STV680tg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe "=
"c:\\Program Files\\TmSunrise\\TmSunrise.exe "=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat "=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe "=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat "=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat "=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat "=
"c:\\Program Files\\tvants\\Tvants.exe "=
"c:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe "=
"c:\\WINDOWS\\system32\\rtcshare.exe "=
"c:\\Program Files\\NetMeeting\\conf.exe "=
"c:\\Program Files\\Midway Games\\Rise and Fall\\RiseAndFall.exe "=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Alibaba\\TradeManager\\TradeManager.exe "=
"c:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe "=
"c:\\Documents and Settings\\Kris\\Application Data\\SopCast\\adv\\SopAdver.exe "=
"c:\\Program Files\\SopCast\\SopCast.exe "=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe "=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe "=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe "=
"c:\\Program Files\\Kontiki\\KService.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe "=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe "=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-12 55136]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R2 p2p_peer;P2P-VPN Network Service;c:\progra~1\NatNix\p2p_peer.exe [2008-03-05 1662976]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-04 24652]
R3 ethertap;EtherTap Adapter;c:\windows\system32\drivers\ethertap.sys [2008-03-05 21930]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 3ac4dd09-cc42-4274-9b21-bfdbccbbb0b0;3ac4dd09-cc42-4274-9b21-bfdbccbbb0b0;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 cpuz;cpuz;\??\f:\cpuz.sys --> f:\cpuz.sys [?]
S3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\drivers\dpK0Bx01.sys [2006-09-16 35584]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-05-21 29744]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-30 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-30 8320]
S3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [2006-09-16 47360]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-09-09 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2005-09-09 51840]
S4 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2005-09-09 89749]
S4 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [2005-09-09 54872]
.
Contents of the 'Scheduled Tasks' folder

2009-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

2009-04-08 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]
.
- - - - ORPHANS REMOVED - - - -

BHO-{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} - c:\program files\Helper\1203166008.dll
BHO-{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - c:\program files\NetProject\sbmdl.dll
Toolbar-{81705D67-3F73-4983-859B-97D0922E5ABE} - c:\program files\NetProject\wamdl.dll
WebBrowser-{81705D67-3F73-4983-859B-97D0922E5ABE} - c:\program files\NetProject\wamdl.dll
HKLM-Run-adiras - adiras.exe
SharedTaskScheduler-{917f93bf-6714-4e11-8982-59db2e0f88fc} - c:\windows\system32\eeioq.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Tiscali Internet Access
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?fd28a351fb7d4b83bf3efd7ca2581daf
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?fd28a351fb7d4b83bf3efd7ca2581daf
IE: {{9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php
Trusted Zone: swapitshop.com\www
TCP: {D2088120-040E-4B74-BC2E-DA51F7CEEFB4} = 10.88.0.2
TCP: {F43DCFB1-F62E-4A15-A7F0-48A214A91F96} = 10.88.0.2
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
DPF: {759AA6A5-76B2-43E2-B940-B0C336C69E01} - hxxp://202.106.184.51/download/VodoneActivex.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 13:57:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-928598585-468054873-335432765-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EB499C6B-17E9-50CC-AE784525E8AC56BA}\{8364303F-14D2-EDB9-EF60B5C62A5A1F49}\{622ABE87-D953-3C3E-A5507D8B27591D99}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1 "=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\DPWLEvHd.dll

- - - - - - - > 'lsass.exe'(1200)
c:\windows\DPPWDFLT.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\DigitalPersona\Bin\DPWinLct.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\DigitalPersona\Bin\DpHost.exe
c:\program files\Kontiki\KService.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\DigitalPersona\Bin\DPFUSMgr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ati2evxx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\system32\CTPdeSrv.exe
.
**************************************************************************
.
Completion time: 2009-04-08 14:05:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-08 13:05:27

Pre-Run: 19,128,033,280 bytes free
Post-Run: 19,898,384,384 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

280 --- E O F --- 2009-02-03 11:03:16

In addition i assume the log might tell you this but i'll add it anyway, it asked me to reset the computer at the begginning telling me to note down these two files for future reference;
C:\WINDOWS\system32\drivers\gaopdxjdkkkayb.sys
C:\WINDOWS\system32\goapdxpvejwold.dll

Many thanks,
Kris

Geri · 2009/04/08

Hi
OK please do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.
Code:
File::
c:\windows\system32\drivers\quadraserv.sys 
Please post the Combofix log.

Let me know how things are running.

Thanks
Geri

kris1 · 2009/04/09

The latest combofix log is posted below, if you spot anything please let me know. However, i've done about 10 google searches and don't think i'm experiancing the redirect problem anymore!

ComboFix 09-04-04.01 - Kris 2009-04-09 16:52:08.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1023.345 [GMT 1:00]
Running from: c:\documents and settings\Kris\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Kris\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\drivers\quadraserv.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\quadraserv.sys

.
((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.

2009-04-08 13:08 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-03-28 21:57 . 2009-03-28 21:57 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 16:00 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-04-09 15:39 --------- d-----w c:\program files\TrueSwitchMSN
2009-04-09 15:33 --------- d-----w c:\program files\Microsoft Silverlight
2006-06-26 14:11 748 -c--a-w c:\documents and settings\Robin\Application Data\wklnhst.dat
2005-12-05 20:17 170 -c--a-w c:\documents and settings\Kris\Application Data\wklnhst.dat
2005-11-20 13:55 11,144,586 -c--a-w c:\program files\WSFTP_ProT128_Install.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-04-08_14.04.28.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
- 2009-01-14 23:51:44 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-08 22:39:34 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-01-14 23:51:44 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-04-08 22:39:34 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-01-14 23:51:44 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-08 22:39:34 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-01-14 23:51:44 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-04-08 22:39:34 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-14 23:51:44 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-04-08 22:39:34 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-01-14 23:51:44 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-04-08 22:39:34 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-01-14 23:51:44 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-04-08 22:39:34 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-01-14 23:51:45 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-04-08 22:39:35 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-14 23:51:44 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-08 22:39:34 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-01-14 23:51:44 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-04-08 22:39:33 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-09-17 14:29:12 20,040 ----a-w c:\windows\system32\config\systemprofile\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
- 2008-10-16 20:38:34 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 23:15:11 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-10-16 20:38:34 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-10-16 20:38:35 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 23:15:13 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
- 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-10-16 13:11:09 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2008-10-16 20:38:35 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-10-16 20:38:35 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-10-16 20:38:37 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:21 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-10-16 20:38:37 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-16 20:35:14 3,594,752 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-16 20:38:38 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-10-16 20:38:38 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 23:15:31 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-10-16 20:38:39 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 23:15:32 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2008-10-16 20:38:39 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 23:15:38 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-10-16 20:38:39 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2007-04-25 14:21:15 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll
+ 2008-12-05 07:12:45 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll
- 2007-10-26 03:34:01 8,460,288 -c--a-w c:\windows\system32\dllcache\shell32.dll
+ 2008-07-03 13:03:29 8,460,800 -c--a-w c:\windows\system32\dllcache\shell32.dll
- 2008-10-16 20:38:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 23:15:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-10-16 20:38:39 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 23:15:40 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-09-15 11:57:41 1,846,016 -c--a-w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 10:19:34 1,846,272 -c--a-w c:\windows\system32\dllcache\win32k.sys
- 2008-10-16 20:38:40 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 23:15:41 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2007-06-11 22:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2008-11-11 17:34:42 10,838,016 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ------w c:\windows\system32\extmgr.dll
- 2009-01-13 13:40:03 240,736 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-04-09 15:33:13 240,736 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ------w c:\windows\system32\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\ieakui.dll
- 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ------w c:\windows\system32\iernonce.dll
- 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-10-16 20:38:37 27,648 ------w c:\windows\system32\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ------w c:\windows\system32\jsproxy.dll
- 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-16 20:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-10-16 20:38:38 193,024 ------w c:\windows\system32\msrating.dll
+ 2008-12-20 23:15:31 193,024 ------w c:\windows\system32\msrating.dll
- 2008-10-16 20:38:39 671,232 ------w c:\windows\system32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ------w c:\windows\system32\mstime.dll
- 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\occache.dll
+ 2008-12-20 23:15:38 102,912 ------w c:\windows\system32\occache.dll
- 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-04-25 14:21:15 144,896 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 07:12:45 144,896 ----a-w c:\windows\system32\schannel.dll
- 2007-10-26 03:34:01 8,460,288 ----a-w c:\windows\system32\shell32.dll
+ 2008-07-03 13:03:29 8,460,800 ----a-w c:\windows\system32\shell32.dll
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-03-21 12:57:18 23,856 ----a-w c:\windows\system32\spupdsvc.exe
+ 2007-07-27 08:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
- 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\win32k.sys
+ 2009-02-09 10:19:34 1,846,272 ----a-w c:\windows\system32\win32k.sys
- 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll
- 2007-06-11 22:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-11 17:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
+ 2009-04-09 16:04:40 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_334.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Power2GoExpress "= "c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-03-23 1630303]
"PowerBar "= "c:\program files\CyberLink\PowerStarter\PowerBar.exe" [2005-02-17 110592]
"Creative Detector "= "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 98304]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 68856]
"Steam "= "c:\program files\Valve\Steam\\Steam.exe" [2008-10-08 1410296]
"kdx "= "c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"Boots Insert Detect "= "c:\program files\Boots F2CD\Picture Suite\InsDetect.exe" [2003-02-17 262144]
"CTSyncU.exe "= "c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck "= "c:\windows\system32\dumprep 0 -u" [X]
"NokiaMServer "= "c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"PCMService "= "c:\program files\CyberLink\PowerCinema\PCMService.exe" [2005-01-14 110744]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"{1290A33C-85F5-4164-A1BE-7DD299D4986A} "= "c:\program files\CyberLink\PowerBackup\PBKScheduler.exe" [2004-06-08 69721]
"NVMixerTray "= "c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]
"iHP-100 "= "c:\program files\iRiver\HSeries\iHPDetect.exe" [2004-05-10 24576]
"SpeedTouch USB Diagnostics "= "c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-21 180269]
"Windows Media Connect 2 "= "c:\program files\Windows Media Connect 2\WMCCFG.exe" [2006-10-18 8704]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-21 29744]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"VideoraiPodConverter "= "c:\program files\VideoraiPodConverter\VideoraiPodConverter.exe" [2005-11-11 483328]
"fssui "= "c:\program files\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"4oD "= "c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"Zune Launcher "= "c:\program files\Zune\ZuneLauncher.exe" [2008-04-29 158624]
"LifeCam "= "c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000 "= "c:\windows\vVX1000.exe" [2007-04-10 709992]
"DPAgnt "= "c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2006-10-09 807440]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"VirtualCloneDrive "= "c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"Ptipbmf "= "ptipbmf.dll" [2003-06-20 c:\windows\system32\ptipbmf.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Kris\Start Menu\Programs\Startup\
TrueAssistant.lnk - c:\program files\TrueSwitchMSN\TrueWizard.exe [2008-12-11 1064960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-11-15 962660]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-07-22 57344]
Nokia Nseries PC Suite.lnk - c:\program files\Nokia\NNPCS\RunLauncher.exe [2008-01-14 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
2006-10-09 16:27 99856 c:\windows\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc "= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msvideo7 "= STV680tg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe "=
"c:\\Program Files\\TmSunrise\\TmSunrise.exe "=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat "=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe "=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat "=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat "=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat "=
"c:\\Program Files\\tvants\\Tvants.exe "=
"c:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe "=
"c:\\WINDOWS\\system32\\rtcshare.exe "=
"c:\\Program Files\\NetMeeting\\conf.exe "=
"c:\\Program Files\\Midway Games\\Rise and Fall\\RiseAndFall.exe "=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Alibaba\\TradeManager\\TradeManager.exe "=
"c:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe "=
"c:\\Documents and Settings\\Kris\\Application Data\\SopCast\\adv\\SopAdver.exe "=
"c:\\Program Files\\SopCast\\SopCast.exe "=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe "=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe "=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe "=
"c:\\Program Files\\Kontiki\\KService.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe "=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe "=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-12 55136]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R2 p2p_peer;P2P-VPN Network Service;c:\progra~1\NatNix\p2p_peer.exe [2008-03-05 1662976]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-04 24652]
R3 ethertap;EtherTap Adapter;c:\windows\system32\drivers\ethertap.sys [2008-03-05 21930]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 3ac4dd09-cc42-4274-9b21-bfdbccbbb0b0;3ac4dd09-cc42-4274-9b21-bfdbccbbb0b0;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 cpuz;cpuz;\??\f:\cpuz.sys --> f:\cpuz.sys [?]
S3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\drivers\dpK0Bx01.sys [2006-09-16 35584]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-05-21 29744]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-30 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-30 8320]
S3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [2006-09-16 47360]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-09-09 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2005-09-09 51840]
S4 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2005-09-09 89749]
S4 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [2005-09-09 54872]
.
Contents of the 'Scheduled Tasks' folder

2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

2009-04-08 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Tiscali Internet Access
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?fd28a351fb7d4b83bf3efd7ca2581daf
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?fd28a351fb7d4b83bf3efd7ca2581daf
Trusted Zone: swapitshop.com\www
TCP: {D2088120-040E-4B74-BC2E-DA51F7CEEFB4} = 10.88.0.2
TCP: {F43DCFB1-F62E-4A15-A7F0-48A214A91F96} = 10.88.0.2
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
DPF: {759AA6A5-76B2-43E2-B940-B0C336C69E01} - hxxp://202.106.184.51/download/VodoneActivex.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 17:04:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-928598585-468054873-335432765-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EB499C6B-17E9-50CC-AE784525E8AC56BA}\{8364303F-14D2-EDB9-EF60B5C62A5A1F49}\{622ABE87-D953-3C3E-A5507D8B27591D99}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1 "=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\DPWLEvHd.dll

- - - - - - - > 'lsass.exe'(1200)
c:\windows\DPPWDFLT.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\DigitalPersona\Bin\DPWinLct.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\DigitalPersona\Bin\DpHost.exe
c:\program files\Kontiki\KService.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\DigitalPersona\Bin\DPFUSMgr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\system32\CTPdeSrv.exe
c:\program files\Microsoft Office\OFFICE11\WINWORD.EXE
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Windows Live\Toolbar\wltuser.exe
c:\program files\Java\jre1.5.0_06\bin\jucheck.exe
c:\program files\Microsoft\Office Live\OfficeLiveSignIn.exe
.
**************************************************************************
.
Completion time: 2009-04-09 17:20:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-09 16:20:19
ComboFix2.txt 2009-04-08 13:05:31

Pre-Run: 20,731,105,280 bytes free
Post-Run: 20,730,724,352 bytes free

426 --- E O F --- 2009-04-08 22:40:23

Geri · 2009/04/09

Hi
OK please do this in the order given.

Jotti File Submission:

Please go to Jotti's malware scan

Copy and paste the following file path into the "File to upload & scan "box on the top of the page: one at a time

C:\pv.exe

Click on the submit button

Please post the results in your next reply.

Now run this.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select 'Perform Quick Scan', then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Post the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Please post the MBAM log and the Jotti results.

Geri

Log in or Sign up

Inactive [InActive] Google Redirect Problem

kris1 Inactive Thread Starter

Geri Inactive Alumni

kris1 Inactive Thread Starter

Geri Inactive Alumni

kris1 Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Log in or Sign up

Inactive [InActive] Google Redirect Problem

kris1 Inactive Thread Starter

Geri Inactive Alumni

kris1 Inactive Thread Starter

Geri Inactive Alumni

kris1 Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Useful Searches