Active google redirect

[Active] google redirect

Ok, hi i have the problem that everytime i try to search soething in google, if i click on the result it takes me to a completely random page like www.monstermarketplace.com etc. how to i stop this redirecting because i also suspect that it has disabled our outgoing connections because we cant automatically upgrade things like windows defender, but i just want to get the redirect problem sorted at the moment so here is the hijackthis log file.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:20, on 13/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\1st Security Agent\newlock.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\1st Security Agent\newlock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:/Documents and Settings/H Spragg/My Documents/My Music/Temp/Tunebite/.downloading/profile/rrproxy_ie_49046c44.pac
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [00saskda] "C:\Program Files\1st Security Agent\newlock.exe" saskda
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O21 - SSODL: Midusx32 - {3E2028DA-48FB-4ADE-99A2-629FA6BE98A9} - C:\WINDOWS\system32\artewuri.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccevtmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccsetmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (defwatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DeskSaverService - Unknown owner - C:\Program Files\1st Security Agent\newlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate (liveupdate) - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SAVRoam (savroam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (sndsrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (spbbcsvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus (symantec antivirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 12122 bytes

 

Temporarily disable real-time protection applications as they may interfere with running programs needed to eradicate infections. Check the list in How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs for any programs run.


Next, download ComboFix
Save to the Desktop <<< Important!!

• Now, close all open windows
• Double-click combofix.exe to run the program
• Follow the prompts.
  (Don't click on the window while the program is running, it may cause your system to stall.)
• CF may reboot the computer and resume running when it restarts.
• When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

ok here is the log:

ComboFix 08-12-12.05 - H Spragg 2008-12-13 19:00:47.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.638 [GMT 0:00]
Running from: c:\documents and settings\H Spragg\Desktop\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\resycled
c:\resycled\boot.com
c:\windows\system32\msqpdxravuocun.dll
c:\windows\system32\msqpdxwupeirxy.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-13 to 2008-12-13 )))))))))))))))))))))))))))))))
.

2008-12-06 16:31 . 2008-12-06 16:31 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\GrabPro
2008-12-06 16:27 . 2008-12-06 16:27 <DIR> d-------- c:\program files\ZillaTube
2008-12-06 11:04 . 2008-12-11 16:50 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\Orbit
2008-12-05 20:59 . 2008-12-05 20:59 <DIR> d-------- c:\documents and settings\alistair new\Application Data\CyberLink
2008-12-05 20:19 . 2008-12-12 13:19 <DIR> d-------- c:\program files\Orbitdownloader
2008-12-05 20:19 . 2008-12-05 21:00 <DIR> d-------- c:\documents and settings\alistair new\Application Data\Orbit
2008-12-05 20:19 . 2008-12-05 20:19 <DIR> d-------- c:\documents and settings\alistair new\Application Data\GrabPro
2008-12-05 18:47 . 2008-12-05 18:47 62,976 --a------ c:\windows\system32\drivers\msqpdxserv.sys
2008-12-05 18:32 . 2008-12-05 18:32 62,464 --a------ c:\windows\system32\drivers\msqpdxxxouktao.sys
2008-12-05 18:32 . 2008-12-05 18:47 27,904 --a------ c:\windows\system32\drivers\Ndisprot.sys
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\program files\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\documents and settings\H Spragg\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\documents and settings\children\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\documents and settings\Alistair\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\documents and settings\alistair new\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\documents and settings\Administrator\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d--h----- C:\1st Security Agent
2008-12-04 21:11 . 2008-12-04 21:11 <DIR> d-------- c:\program files\CryptIt
2008-12-04 21:11 . 2008-12-04 21:11 <DIR> d-------- c:\program files\Common Files\InstallerA
2008-12-04 21:11 . 2008-12-04 21:11 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\Sinner
2008-12-04 21:11 . 2008-12-04 21:11 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\ACAPsoft
2008-12-04 20:01 . 2008-12-04 20:01 <DIR> d-------- c:\program files\UBISOFT
2008-12-04 18:02 . 2008-12-04 18:02 <DIR> d-------- c:\program files\CDBurnerXP Pro 3
2008-12-04 17:53 . 2008-12-04 17:53 <DIR> d-------- c:\program files\CDBurnerXP
2008-12-04 17:53 . 2008-12-04 17:53 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\Canneverbe_Limited
2008-12-04 17:51 . 2008-12-04 17:51 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\ImgBurn
2008-12-04 17:41 . 2008-12-04 17:41 <DIR> d-------- c:\program files\ImgBurn
2008-12-03 22:16 . 2008-12-03 22:16 <DIR> d-------- c:\program files\free-downloads.net
2008-12-03 22:16 . 2008-12-03 22:16 <DIR> d-------- c:\program files\Conduit
2008-12-03 22:16 . 2008-12-03 22:16 <DIR> d-------- c:\program files\Alcohol Soft
2008-12-03 20:05 . 2008-12-03 20:05 <DIR> d-------- c:\program files\MagicISO
2008-12-01 11:10 . 2008-12-01 11:10 <DIR> d-------- c:\program files\Lavasoft
2008-12-01 11:10 . 2008-12-01 11:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-30 15:36 . 2008-11-30 17:04 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\Hamachi
2008-11-30 15:36 . 2008-11-30 15:36 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2008-11-23 20:58 . 2008-11-23 20:58 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-11-23 20:58 . 2008-11-23 20:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2008-11-23 16:24 . 2008-11-23 16:27 <DIR> d-------- c:\documents and settings\H Spragg\.SunDownloadManager
2008-11-23 16:11 . 2008-11-23 16:10 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-22 21:43 . 2008-11-22 21:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-22 21:35 . 2008-11-22 21:35 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-20 13:55 . 2008-11-20 14:00 <DIR> d-------- c:\documents and settings\H Spragg\dodian.com
2008-11-13 16:43 . 2008-11-13 16:43 <DIR> d-------- c:\windows\system32\VIRepair

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 19:04 --------- d-----w c:\documents and settings\H Spragg\Application Data\DNA
2008-12-13 18:55 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-13 18:54 --------- d-----w c:\program files\Common Files\Akamai
2008-12-13 18:48 31 ----a-w c:\documents and settings\H Spragg\jagex_runescape_preferences.dat
2008-12-11 16:49 --------- d-----w c:\program files\DNA
2008-12-04 20:10 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-04 20:10 --------- d-----w c:\program files\AGEIA Technologies
2008-12-04 20:01 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-30 14:06 --------- d-----w c:\program files\No-IP
2008-11-30 10:19 --------- d-----w c:\program files\Napster
2008-11-30 10:19 --------- d-----w c:\documents and settings\All Users\Application Data\Napster
2008-11-23 21:00 --------- d-----w c:\program files\Common Files\Adobe
2008-11-23 20:57 --------- d-----w c:\documents and settings\H Spragg\Application Data\BitTorrent
2008-11-23 16:33 --------- d-----w c:\program files\Java
2008-11-21 16:21 --------- d-----w c:\program files\Paint.NET
2008-11-13 17:01 --------- d-----w c:\program files\Thoosje Vista Sidebar
2008-11-13 16:43 --------- d-----w c:\program files\Styler
2008-11-11 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-11 19:23 58,904 ----a-w c:\windows\system32\azipcontmn.dll
2008-11-02 11:22 --------- d-----w c:\program files\RSDemon
2008-11-01 21:51 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-01 21:51 --------- d-----w c:\documents and settings\H Spragg\Application Data\Malwarebytes
2008-11-01 21:51 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-01 21:17 --------- d-----w c:\program files\Trend Micro
2008-11-01 20:58 --------- d-----w c:\program files\Common Files\TechSmith Shared
2008-11-01 20:58 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2008-11-01 20:35 --------- d-----w c:\program files\TechSmith
2008-11-01 19:36 --------- d-----w c:\program files\HyCam2
2008-11-01 18:47 --------- d-----w c:\program files\Screen Recorder Gold
2008-11-01 17:53 --------- d-----w c:\program files\RealWorld Cursor Editor
2008-11-01 17:53 --------- d-----w c:\documents and settings\H Spragg\Application Data\RealWorld
2008-11-01 17:20 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro 3
2008-11-01 17:15 --------- d-----w c:\program files\Hitman Pro 3
2008-11-01 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro
2008-11-01 15:36 --------- d-----w c:\program files\VistaExperience.org
2008-11-01 13:55 --------- d-----w c:\documents and settings\H Spragg\Application Data\ViStart
2008-11-01 13:45 --------- d-----w c:\program files\WinFlip
2008-11-01 13:45 --------- d-----w c:\program files\TrueTransparency
2008-11-01 13:45 --------- d-----w c:\documents and settings\H Spragg\Application Data\Styler
2008-10-31 21:37 --------- d-----w c:\program files\Stardock
2008-10-27 12:54 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-27 12:47 --------- d-----w c:\program files\NOS
2008-10-27 12:47 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-26 13:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-26 13:08 --------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution
2008-10-26 13:03 --------- d-----w c:\program files\RapidSolution
2008-10-22 16:27 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 16:27 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-19 11:48 --------- d-----w c:\program files\MyXOFT
2008-10-18 13:27 --------- d-----w c:\program files\GE Express
2008-10-18 11:26 --------- d-----w c:\program files\SCAR 3.12
2008-10-15 16:19 43,552 ----a-w c:\windows\system32\drivers\tbhsd.sys
2008-10-08 20:01 47,667 ----a-w c:\program files\RBS (480 x 480).jpg
2008-09-25 21:04 58,904 ----a-w c:\windows\system32\sysfolderazipcnt.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-08-26 18:43 0 ----a-w c:\documents and settings\children\jagex_runescape_preferences.dat
.

------- Sigcheck -------

2008-04-14 00:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2008-05-12 15:50 16896 35de7705f9fb23992740523b5c9fdac5 c:\windows\system32\svchost.exe

2008-04-14 00:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2008-05-12 15:50 505856 481addbb21037489eacfcb308b1be2b0 c:\windows\system32\winlogon.exe

2008-05-12 15:50 1035264 666c5d9dbced0cdfd48285103f8e2808 c:\windows\explorer.exe
2007-06-13 11:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 12:00 1032192 a0732187050030ae399b241436565e64 c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 00:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

2008-04-14 00:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2008-05-12 15:50 110080 77f48ea251a503aae5fc0e7af4a425d7 c:\windows\system32\services.exe

2008-04-14 00:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
2008-05-12 15:50 14336 d1320ba74a3866c2859b0518080cf84c c:\windows\system32\lsass.exe

2005-06-11 00:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 12:00 57856 7435b108b935e42ea92ca94f59c8e717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 00:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
2008-05-12 15:50 58368 e1f9dbda12cbef81cf3d771d45c7dea5 c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot@2008-12-01_19.41.44.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-28 17:24:50 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2008-12-13 18:43:54 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2008-11-28 17:24:50 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-13 18:43:54 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
- 2008-08-12 11:41:10 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-12-04 20:11:49 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-08-12 11:41:11 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-12-04 20:11:49 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-08-12 11:41:11 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-12-04 20:11:49 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-08-12 11:40:57 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-04 20:11:42 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-08-12 11:41:03 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-04 20:11:43 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-08-12 11:41:05 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-04 20:11:44 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-08-12 11:41:05 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-04 20:11:45 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-08-12 11:41:06 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-04 20:11:46 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-08-12 11:41:07 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-04 20:11:46 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-08-12 11:41:07 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-04 20:11:47 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-08-12 11:41:08 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-04 20:11:49 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-08-12 11:41:12 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-12-04 20:11:50 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-08-12 11:41:12 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-12-04 20:11:50 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-08-12 11:41:12 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-12-04 20:11:50 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-08-12 11:41:13 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-12-04 20:11:51 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-08-12 11:41:09 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-12-04 20:11:48 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-12-04 18:03:00 135,168 ----a-r c:\windows\Installer\{896D642C-7125-44F0-AC49-A23ABF82209C}\ARPPRODUCTICON.exe
+ 2008-12-04 18:03:00 135,168 ----a-r c:\windows\Installer\{896D642C-7125-44F0-AC49-A23ABF82209C}\cdbxp.exe_A2B8C891E8B94C26975E193A62033974.exe
+ 2008-12-04 18:03:00 135,168 ----a-r c:\windows\Installer\{896D642C-7125-44F0-AC49-A23ABF82209C}\cdbxp.exe1_A2B8C891E8B94C26975E193A62033974.exe
+ 2008-12-04 18:03:00 69,632 ----a-r c:\windows\Installer\{896D642C-7125-44F0-AC49-A23ABF82209C}\Uninstall_CDBurnerXP_A2B8C891E8B94C26975E193A62033974.exe
- 2004-09-29 11:38:58 2,676,224 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2004-09-29 12:38:58 2,676,224 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
- 2004-12-01 14:53:06 2,846,720 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2004-12-01 15:53:06 2,846,720 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
- 2005-02-05 18:32:54 563,712 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-05 19:32:54 563,712 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
- 2005-03-18 16:23:14 567,296 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 17:23:14 567,296 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
- 2005-05-26 14:15:56 576,000 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 15:15:56 576,000 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
- 2005-07-22 16:21:34 577,024 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 17:21:34 577,024 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
- 2005-09-28 13:11:52 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 14:11:52 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
- 2005-12-05 16:20:50 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 17:20:50 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2007-05-15 18:12:24 196,973 ----a-w c:\windows\system32\AGEIA\AG1011\app.bin
+ 2007-05-15 18:12:24 122,249 ----a-w c:\windows\system32\AGEIA\AG1011\diag.bin
+ 2007-05-15 18:12:24 203,717 ----a-w c:\windows\system32\AGEIA\AG1021\app.bin
+ 2007-05-15 18:12:24 105,981 ----a-w c:\windows\system32\AGEIA\AG1021\diag.bin
- 2005-02-05 18:45:26 2,222,800 ----a-w c:\windows\system32\d3dx9_24.dll
+ 2005-02-05 19:45:26 2,222,800 ----a-w c:\windows\system32\d3dx9_24.dll
- 2005-03-18 16:19:58 2,337,488 ----a-w c:\windows\system32\d3dx9_25.dll
+ 2005-03-18 17:19:58 2,337,488 ----a-w c:\windows\system32\d3dx9_25.dll
- 2005-05-26 14:34:52 2,297,552 ----a-w c:\windows\system32\d3dx9_26.dll
+ 2005-05-26 15:34:52 2,297,552 ----a-w c:\windows\system32\d3dx9_26.dll
- 2005-07-22 18:59:04 2,319,568 ----a-w c:\windows\system32\d3dx9_27.dll
+ 2005-07-22 19:59:04 2,319,568 ----a-w c:\windows\system32\d3dx9_27.dll
- 2005-12-05 17:09:18 2,323,664 ----a-w c:\windows\system32\d3dx9_28.dll
+ 2005-12-05 18:09:18 2,323,664 ----a-w c:\windows\system32\d3dx9_28.dll
+ 2007-04-14 14:10:40 113,536 -c--a-w c:\windows\system32\DRVSTORE\PhysX32_AF7F37E9A9915C11C74CCDC4D0974682050F02B7\physX32.sys
+ 2004-06-02 02:24:40 622,592 ----a-w c:\windows\system32\DVDProX2.dll
- 2007-04-16 15:52:53 218,771 ----a-w c:\windows\system32\maxipmin32.dll
+ 2007-04-16 15:52:53 218,849 ----a-w c:\windows\system32\maxipmin32.dll
- 2000-05-23 21:45:58 118,784 ----a-w c:\windows\system32\MSSTDFMT.DLL
+ 2000-04-03 20:05:58 118,784 ----a-w c:\windows\system32\msstdfmt.dll
+ 2001-06-27 18:29:52 1,134,592 ----a-w c:\windows\system32\ntbackup.exe
- 2007-03-26 09:45:18 71,208 ----a-w c:\windows\system32\PhysXLoader.dll
+ 2007-05-15 19:06:58 71,208 ----a-w c:\windows\system32\PhysXLoader.dll
+ 2003-10-19 15:51:16 299,008 ----a-w c:\windows\system32\vbwFunctionsVB6.dll
- 2005-12-05 17:07:30 61,136 ----a-w c:\windows\system32\xinput9_1_0.dll
+ 2005-12-05 18:07:30 61,136 ----a-w c:\windows\system32\xinput9_1_0.dll
+ 2008-12-11 16:48:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_570.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949} "= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-09-15 06:47 1784856 --a------ c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949} "= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949} "= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-11 68856]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"BitTorrent DNA "= "c:\program files\DNA\btdna.exe" [2008-11-15 342336]
"AlcoholAutomount "= "c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"McAfeeUpdaterUI "= "c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray "= "c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]
"EM_EXEC "= "c:\mouse\system\em_exec.exe" [1998-06-12 35840]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-11-23 136600]
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"NapsterShell "= "c:\program files\Napster\napster.exe" [2007-01-12 323216]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"00saskda "= "c:\program files\1st Security Agent\newlock.exe" [2008-07-06 1453056]
"atwtusb "= "atwtusb.exe" [2005-09-21 c:\windows\system32\ATWTUSB.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\H Spragg\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-05-28 145736]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-12-05 1690824]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-04-28 415072]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation "= 0 (0x0)
"RestrictCpl "= 0 (0x0)
"DisallowCpl "= 0 (0x0)
"NoViewOnDrive "= 0 (0x0)
"RestrictRun "= 0 (0x0)
"NoRecycleFiles "= 0 (0x0)
"ForceRecycleBinSize "= 0 (0x0)
"NoCustomizeWebView "= 0 (0x0)
"NoFileAssociate "= 0 (0x0)
"NoDFSTab "= 0 (0x0)
"NoCustomizeThisFolder "= 0 (0x0)
"NoWebView "= 0 (0x0)
"DontShowSuperHidden "= 0 (0x0)
"NoOnlinePrintsWizard "= 0 (0x0)
"NoPublishingWizard "= 0 (0x0)
"NoSetTaskbar "= 1 (0x1)
"NoSMConfigurePrograms "= 0 (0x0)
"NoSMMyPictures "= 0 (0x0)
"NoStartMenuMyMusic "= 0 (0x0)
"NoHelp "= 0 (0x0)
"NoCommonGroups "= 0 (0x0)
"NoStartMenuEjectPC "= 0 (0x0)
"NoSimpleStartMenu "= 0 (0x0)
"NoStartMenuSubFolders "= 0 (0x0)
"NoDisconnect "= 0 (0x0)
"NoNtSecurity "= 0 (0x0)
"GreyMSIAds "= 0 (0x0)
"ForceMaxRecentDocs "= 0 (0x0)
"NoSMBalloonTip "= 0 (0x0)
"NoSMBalloonTips "= 0 (0x0)
"HideSCAVolume "= 0 (0x0)
"HideSCANetwork "= 0 (0x0)
"HideSCAPower "= 0 (0x0)
"NoTaskGrouping "= 0 (0x0)
"NoWebServices "= 0 (0x0)
"NoFileUrl "= 0 (0x0)
"SpecifyDefaultButtons "= 0 (0x0)
"NoRecentDocsNetHood "= 0 (0x0)
"PromptRunasInstallNetPath "= 1 (0x1)
"NoResolveTrack "= 0 (0x0)
"NoDevMgrUpdate "= 0 (0x0)
"NoThumbnailCache "= 0 (0x0)
"ForceCopyAclwithFile "= 0 (0x0)
"StartRunNoHOMEPATH "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-17 08:05 210168 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Documents and Settings\\H Spragg\\My Documents\\rune_free.exe "=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe "=
"c:\\Documents and Settings\\H Spragg\\My Documents\\installer-37498-19en-RollerCoaster-Tycoon-English.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\WINDOWS\\system32\\java.exe "=
"c:\\Program Files\\Sierra Entertainment\\Empire Earth III Public Demo\\EE3.exe "=
"c:\\Program Files\\Graffiti Studio 2.0\\Graffiti Studio.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon Demo\\rct.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe "=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe "=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe "=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP "= 9420:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface
"43594:TCP "= 43594:TCP:runescape

R1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys [2008-10-01 22272]
R1 SolDisk;SolDisk;\??\c:\windows\system32\drivers\soldisk.sys [2008-09-11 38856]
R1 SolFS;SolFS;\??\c:\windows\system32\drivers\solfs.sys [2008-09-11 288584]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 16896]
R2 DeskSaverService;DeskSaverService;c:\program files\1st Security Agent\newlock.exe [2008-12-05 1453056]
R2 WinDefend;Windows Defender; "c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-05 99376]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-27 33752]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys []
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\DRIVERS\s125bus.sys [2008-09-01 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s125mdfl.sys [2008-09-01 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s125mdm.sys [2008-09-01 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s125mgmt.sys [2008-09-01 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s125obex.sys [2008-09-01 98696]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2008-10-01 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2008-10-01 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2008-10-01 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2008-10-01 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2008-10-01 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2008-10-01 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2008-10-01 110120]
S3 savroam;SAVRoam; "c:\program files\Symantec AntiVirus\SavRoam.exe" [2007-10-07 116664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-12-13 c:\windows\Tasks\User_Feed_Synchronization-{22210015-A78F-4D65-96C3-2A6AC459DD75}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-zzsecagent - (no file)
SSODL-Midusx32-{3E2028DA-48FB-4ADE-99A2-629FA6BE98A9} - c:\windows\system32\artewuri.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\H Spragg\Application Data\Mozilla\Firefox\Profiles\jgnl6q09.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\DNA\plugins\npbtdna.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 19:06:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll
.
Completion time: 2008-12-13 19:08:00
ComboFix-quarantined-files.txt 2008-12-13 19:07:00
ComboFix2.txt 2008-12-01 19:56:14
ComboFix3.txt 2008-12-01 19:42:54

Pre-Run: 9,040,130,048 bytes free
Post-Run: 9,218,355,200 bytes free

428 --- E O F --- 2008-11-13 17:02:44

the reason i havent got the recovery thing installed is because the virus wont let me access the server...

 

Please open Notepad (Start > Run > in the Open field type: notepad)
Click: OK

Copy/paste the text inside the code box below to Notepad:

Code:

File:: 
c:\windows\system32\drivers\msqpdxserv.sys
c:\windows\system32\drivers\msqpdxxxouktao.sys
c:\windows\system32\drivers\Ndisprot.sys

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 
“Midusx32“=-
[-HKEY_CLASSES_ROOT\clsid\{3E2028DA-48FB-4ADE-99A2-629FA6BE98A9}]

Save as CFScript.txt <<< Important!!
Change the Save as type to: All Files
Save it to the Desktop

Now, using the left mouse button, drag CFScript.txt and drop into >>> ComboFix.exe
ComboFix runs a scan on your system, and may reboot when it finishes. This is normal.

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

When finished, a log is produced: ComboFix.txt

~~~~
Run HijackThis once again, and Scan to obtain a new log.

~~~~
Please provide the contents of the new ComboFix.txt log, and the new HijackThis log in your reply.

 

wow usually other peoples redirect problems a fixed the first time they run combo fix! here are the two logs:

COMBO FIX:

ComboFix 08-12-12.05 - H Spragg 2008-12-14 19:50:56.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.472 [GMT 0:00]
Running from: c:\documents and settings\H Spragg\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\H Spragg\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\drivers\msqpdxserv.sys
c:\windows\system32\drivers\msqpdxxxouktao.sys
c:\windows\system32\drivers\Ndisprot.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\msqpdxserv.sys
c:\windows\system32\drivers\msqpdxxxouktao.sys
c:\windows\system32\drivers\Ndisprot.sys

.
((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.

2008-12-13 21:08 . 2008-12-13 21:16 <DIR> d-------- C:\java
2008-12-06 16:31 . 2008-12-06 16:31 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\GrabPro
2008-12-06 16:27 . 2008-12-06 16:27 <DIR> d-------- c:\program files\ZillaTube
2008-12-06 11:04 . 2008-12-14 19:45 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\Orbit
2008-12-05 20:59 . 2008-12-05 20:59 <DIR> d-------- c:\documents and settings\alistair new\Application Data\CyberLink
2008-12-05 20:19 . 2008-12-12 13:19 <DIR> d-------- c:\program files\Orbitdownloader
2008-12-05 20:19 . 2008-12-05 21:00 <DIR> d-------- c:\documents and settings\alistair new\Application Data\Orbit
2008-12-05 20:19 . 2008-12-05 20:19 <DIR> d-------- c:\documents and settings\alistair new\Application Data\GrabPro
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\program files\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\documents and settings\H Spragg\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\documents and settings\children\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\documents and settings\Alistair\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\documents and settings\alistair new\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\documents and settings\Administrator\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d--h----- C:\1st Security Agent
2008-12-04 21:11 . 2008-12-04 21:11 <DIR> d-------- c:\program files\CryptIt
2008-12-04 21:11 . 2008-12-04 21:11 <DIR> d-------- c:\program files\Common Files\InstallerA
2008-12-04 21:11 . 2008-12-04 21:11 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\Sinner
2008-12-04 21:11 . 2008-12-04 21:11 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\ACAPsoft
2008-12-04 20:01 . 2008-12-04 20:01 <DIR> d-------- c:\program files\UBISOFT
2008-12-04 18:02 . 2008-12-04 18:02 <DIR> d-------- c:\program files\CDBurnerXP Pro 3
2008-12-04 17:53 . 2008-12-04 17:53 <DIR> d-------- c:\program files\CDBurnerXP
2008-12-04 17:53 . 2008-12-04 17:53 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\Canneverbe_Limited
2008-12-04 17:51 . 2008-12-04 17:51 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\ImgBurn
2008-12-04 17:41 . 2008-12-04 17:41 <DIR> d-------- c:\program files\ImgBurn
2008-12-03 22:16 . 2008-12-03 22:16 <DIR> d-------- c:\program files\free-downloads.net
2008-12-03 22:16 . 2008-12-03 22:16 <DIR> d-------- c:\program files\Conduit
2008-12-03 22:16 . 2008-12-03 22:16 <DIR> d-------- c:\program files\Alcohol Soft
2008-12-03 20:05 . 2008-12-03 20:05 <DIR> d-------- c:\program files\MagicISO
2008-12-01 11:10 . 2008-12-01 11:10 <DIR> d-------- c:\program files\Lavasoft
2008-12-01 11:10 . 2008-12-01 11:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-30 15:36 . 2008-11-30 17:04 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\Hamachi
2008-11-30 15:36 . 2008-11-30 15:36 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2008-11-23 20:58 . 2008-11-23 20:58 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-11-23 20:58 . 2008-11-23 20:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2008-11-23 16:24 . 2008-11-23 16:27 <DIR> d-------- c:\documents and settings\H Spragg\.SunDownloadManager
2008-11-23 16:11 . 2008-11-23 16:10 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-22 21:43 . 2008-11-22 21:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-22 21:35 . 2008-11-22 21:35 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-20 13:55 . 2008-11-20 14:00 <DIR> d-------- c:\documents and settings\H Spragg\dodian.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 19:54 --------- d-----w c:\documents and settings\H Spragg\Application Data\DNA
2008-12-14 19:46 --------- d-----w c:\program files\Common Files\Akamai
2008-12-14 19:45 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-14 19:44 --------- d-----w c:\program files\DNA
2008-12-13 18:48 31 ----a-w c:\documents and settings\H Spragg\jagex_runescape_preferences.dat
2008-12-04 20:10 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-04 20:10 --------- d-----w c:\program files\AGEIA Technologies
2008-12-04 20:01 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-30 14:06 --------- d-----w c:\program files\No-IP
2008-11-30 10:19 --------- d-----w c:\program files\Napster
2008-11-30 10:19 --------- d-----w c:\documents and settings\All Users\Application Data\Napster
2008-11-23 21:00 --------- d-----w c:\program files\Common Files\Adobe
2008-11-23 20:57 --------- d-----w c:\documents and settings\H Spragg\Application Data\BitTorrent
2008-11-23 16:33 --------- d-----w c:\program files\Java
2008-11-21 16:21 --------- d-----w c:\program files\Paint.NET
2008-11-13 17:01 --------- d-----w c:\program files\Thoosje Vista Sidebar
2008-11-13 16:43 --------- d-----w c:\program files\Styler
2008-11-11 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-11 19:23 58,904 ----a-w c:\windows\system32\azipcontmn.dll
2008-11-02 11:22 --------- d-----w c:\program files\RSDemon
2008-11-01 21:51 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-01 21:51 --------- d-----w c:\documents and settings\H Spragg\Application Data\Malwarebytes
2008-11-01 21:51 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-01 21:17 --------- d-----w c:\program files\Trend Micro
2008-11-01 20:58 --------- d-----w c:\program files\Common Files\TechSmith Shared
2008-11-01 20:58 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2008-11-01 20:35 --------- d-----w c:\program files\TechSmith
2008-11-01 19:36 --------- d-----w c:\program files\HyCam2
2008-11-01 18:47 --------- d-----w c:\program files\Screen Recorder Gold
2008-11-01 17:53 --------- d-----w c:\program files\RealWorld Cursor Editor
2008-11-01 17:53 --------- d-----w c:\documents and settings\H Spragg\Application Data\RealWorld
2008-11-01 17:20 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro 3
2008-11-01 17:15 --------- d-----w c:\program files\Hitman Pro 3
2008-11-01 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro
2008-11-01 15:36 --------- d-----w c:\program files\VistaExperience.org
2008-11-01 13:55 --------- d-----w c:\documents and settings\H Spragg\Application Data\ViStart
2008-11-01 13:45 --------- d-----w c:\program files\WinFlip
2008-11-01 13:45 --------- d-----w c:\program files\TrueTransparency
2008-11-01 13:45 --------- d-----w c:\documents and settings\H Spragg\Application Data\Styler
2008-10-31 21:37 --------- d-----w c:\program files\Stardock
2008-10-27 12:54 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-27 12:47 --------- d-----w c:\program files\NOS
2008-10-27 12:47 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-26 13:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-26 13:08 --------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution
2008-10-26 13:03 --------- d-----w c:\program files\RapidSolution
2008-10-22 16:27 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 16:27 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-19 11:48 --------- d-----w c:\program files\MyXOFT
2008-10-18 13:27 --------- d-----w c:\program files\GE Express
2008-10-18 11:26 --------- d-----w c:\program files\SCAR 3.12
2008-10-15 16:19 43,552 ----a-w c:\windows\system32\drivers\tbhsd.sys
2008-10-08 20:01 47,667 ----a-w c:\program files\RBS (480 x 480).jpg
2008-09-25 21:04 58,904 ----a-w c:\windows\system32\sysfolderazipcnt.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-08-26 18:43 0 ----a-w c:\documents and settings\children\jagex_runescape_preferences.dat
.

------- Sigcheck -------

2008-04-14 00:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2008-05-12 15:50 16896 35de7705f9fb23992740523b5c9fdac5 c:\windows\system32\svchost.exe

2008-04-14 00:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2008-05-12 15:50 505856 481addbb21037489eacfcb308b1be2b0 c:\windows\system32\winlogon.exe

2008-05-12 15:50 1035264 666c5d9dbced0cdfd48285103f8e2808 c:\windows\explorer.exe
2007-06-13 11:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 12:00 1032192 a0732187050030ae399b241436565e64 c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 00:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

2008-04-14 00:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2008-05-12 15:50 110080 77f48ea251a503aae5fc0e7af4a425d7 c:\windows\system32\services.exe

2008-04-14 00:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
2008-05-12 15:50 14336 d1320ba74a3866c2859b0518080cf84c c:\windows\system32\lsass.exe

2005-06-11 00:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 12:00 57856 7435b108b935e42ea92ca94f59c8e717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 00:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
2008-05-12 15:50 58368 e1f9dbda12cbef81cf3d771d45c7dea5 c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot_2008-12-13_19.06.32.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-14 19:44:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_944.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949} "= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-09-15 06:47 1784856 --a------ c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949} "= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949} "= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-11 68856]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"BitTorrent DNA "= "c:\program files\DNA\btdna.exe" [2008-11-15 342336]
"AlcoholAutomount "= "c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"McAfeeUpdaterUI "= "c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray "= "c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]
"EM_EXEC "= "c:\mouse\system\em_exec.exe" [1998-06-12 35840]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-11-23 136600]
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"NapsterShell "= "c:\program files\Napster\napster.exe" [2007-01-12 323216]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"00saskda "= "c:\program files\1st Security Agent\newlock.exe" [2008-07-06 1453056]
"atwtusb "= "atwtusb.exe" [2005-09-21 c:\windows\system32\ATWTUSB.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\H Spragg\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-05-28 145736]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-12-05 1690824]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-04-28 415072]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation "= 0 (0x0)
"RestrictCpl "= 0 (0x0)
"DisallowCpl "= 0 (0x0)
"NoViewOnDrive "= 0 (0x0)
"RestrictRun "= 0 (0x0)
"NoRecycleFiles "= 0 (0x0)
"ForceRecycleBinSize "= 0 (0x0)
"NoCustomizeWebView "= 0 (0x0)
"NoFileAssociate "= 0 (0x0)
"NoDFSTab "= 0 (0x0)
"NoCustomizeThisFolder "= 0 (0x0)
"NoWebView "= 0 (0x0)
"DontShowSuperHidden "= 0 (0x0)
"NoOnlinePrintsWizard "= 0 (0x0)
"NoPublishingWizard "= 0 (0x0)
"NoSetTaskbar "= 1 (0x1)
"NoSMConfigurePrograms "= 0 (0x0)
"NoSMMyPictures "= 0 (0x0)
"NoStartMenuMyMusic "= 0 (0x0)
"NoHelp "= 0 (0x0)
"NoCommonGroups "= 0 (0x0)
"NoStartMenuEjectPC "= 0 (0x0)
"NoSimpleStartMenu "= 0 (0x0)
"NoStartMenuSubFolders "= 0 (0x0)
"NoDisconnect "= 0 (0x0)
"NoNtSecurity "= 0 (0x0)
"GreyMSIAds "= 0 (0x0)
"ForceMaxRecentDocs "= 0 (0x0)
"NoSMBalloonTip "= 0 (0x0)
"NoSMBalloonTips "= 0 (0x0)
"HideSCAVolume "= 0 (0x0)
"HideSCANetwork "= 0 (0x0)
"HideSCAPower "= 0 (0x0)
"NoTaskGrouping "= 0 (0x0)
"NoWebServices "= 0 (0x0)
"NoFileUrl "= 0 (0x0)
"SpecifyDefaultButtons "= 0 (0x0)
"NoRecentDocsNetHood "= 0 (0x0)
"PromptRunasInstallNetPath "= 1 (0x1)
"NoResolveTrack "= 0 (0x0)
"NoDevMgrUpdate "= 0 (0x0)
"NoThumbnailCache "= 0 (0x0)
"ForceCopyAclwithFile "= 0 (0x0)
"StartRunNoHOMEPATH "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-17 08:05 210168 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Documents and Settings\\H Spragg\\My Documents\\rune_free.exe "=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe "=
"c:\\Documents and Settings\\H Spragg\\My Documents\\installer-37498-19en-RollerCoaster-Tycoon-English.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\WINDOWS\\system32\\java.exe "=
"c:\\Program Files\\Sierra Entertainment\\Empire Earth III Public Demo\\EE3.exe "=
"c:\\Program Files\\Graffiti Studio 2.0\\Graffiti Studio.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon Demo\\rct.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe "=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe "=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe "=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP "= 9420:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface
"43594:TCP "= 43594:TCP:runescape

R1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys [2008-10-01 22272]
R1 SolDisk;SolDisk;\??\c:\windows\system32\drivers\soldisk.sys [2008-09-11 38856]
R1 SolFS;SolFS;\??\c:\windows\system32\drivers\solfs.sys [2008-09-11 288584]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 16896]
R2 DeskSaverService;DeskSaverService;c:\program files\1st Security Agent\newlock.exe [2008-12-05 1453056]
R2 WinDefend;Windows Defender; "c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-05 99376]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-27 33752]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys []
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\DRIVERS\s125bus.sys [2008-09-01 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s125mdfl.sys [2008-09-01 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s125mdm.sys [2008-09-01 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s125mgmt.sys [2008-09-01 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s125obex.sys [2008-09-01 98696]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2008-10-01 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2008-10-01 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2008-10-01 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2008-10-01 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2008-10-01 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2008-10-01 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2008-10-01 110120]
S3 savroam;SAVRoam; "c:\program files\Symantec AntiVirus\SavRoam.exe" [2007-10-07 116664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-12-14 c:\windows\Tasks\User_Feed_Synchronization-{22210015-A78F-4D65-96C3-2A6AC459DD75}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\H Spragg\Application Data\Mozilla\Firefox\Profiles\jgnl6q09.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\DNA\plugins\npbtdna.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 19:55:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll
.
Completion time: 2008-12-14 19:57:37
ComboFix-quarantined-files.txt 2008-12-14 19:56:55
ComboFix2.txt 2008-12-13 19:08:01
ComboFix3.txt 2008-12-01 19:56:14
ComboFix4.txt 2008-12-01 19:42:54

Pre-Run: 9,300,946,944 bytes free
Post-Run: 9,287,122,944 bytes free

340 --- E O F --- 2008-11-13 17:02:44

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:18, on 14/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\1st Security Agent\newlock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\1st Security Agent\newlock.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:/Documents and Settings/H Spragg/My Documents/My Music/Temp/Tunebite/.downloading/profile/rrproxy_ie_49046c44.pac
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [00saskda] "C:\Program Files\1st Security Agent\newlock.exe" saskda
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccevtmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccsetmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (defwatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DeskSaverService - Unknown owner - C:\Program Files\1st Security Agent\newlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate (liveupdate) - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SAVRoam (savroam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (sndsrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (spbbcsvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus (symantec antivirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11877 bytes

 

Sorry for the delay. My own computer developed a display driver problem and kept going black...

Please open Notepad (Start > Run > in the Open field type: notepad)
Click: OK

Copy/paste the text inside the code box below to Notepad:

Code:

File:: 
c:\windows\system32\drivers\msqpdxserv.sys
c:\windows\system32\drivers\msqpdxxxouktao.sys
c:\windows\system32\drivers\Ndisprot.sys

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 
“Midusx32“=-
[-HKEY_CLASSES_ROOT\clsid\{3E2028DA-48FB-4ADE-99A2-629FA6BE98A9}]

Save as CFScript.txt <<< Important!!
Change the Save as type to: All Files
Save it to the Desktop

Now, using the left mouse button, drag CFScript.txt and drop into >>> ComboFix.exe
ComboFix runs a scan on your system, and may reboot when it finishes. This is normal.

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

When finished, a log is produced: ComboFix.txt

~~~~
Run HijackThis once again, and Scan to obtain a new log.

~~~~
Please provide the contents of the new ComboFix.txt log, and the new HijackThis log in your reply.

 

logs

Combo log

ComboFix 08-12-12.05 - H Spragg 2008-12-15 16:56:11.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.383 [GMT 0:00]
Running from: c:\documents and settings\H Spragg\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\H Spragg\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\drivers\msqpdxserv.sys
c:\windows\system32\drivers\msqpdxxxouktao.sys
c:\windows\system32\drivers\Ndisprot.sys
.

((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.

2008-12-14 20:37 . 2008-12-14 20:37 <DIR> d-------- c:\program files\Infogrames
2008-12-14 20:24 . 2008-12-14 20:24 <DIR> d-------- c:\program files\WON
2008-12-14 20:23 . 2008-12-14 20:23 <DIR> d-------- c:\windows\solcache
2008-12-14 20:22 . 1998-10-23 17:49 558,592 --a------ c:\windows\system32\sierranw.dll
2008-12-14 20:22 . 1998-10-23 17:49 227,840 --a------ c:\windows\system32\snwvalid.dll
2008-12-14 20:22 . 1999-08-09 10:04 44,648 --a------ c:\windows\system32\gif89.dll
2008-12-14 20:22 . 1998-10-23 17:49 11,104 --a------ c:\windows\system32\snwvalid.hlp
2008-12-14 20:20 . 1998-10-06 14:36 1,984 --a------ c:\windows\system32\drivers\PAPYCPU.SYS
2008-12-14 20:20 . 1998-10-06 14:36 1,888 --a------ c:\windows\system32\drivers\PAPYJOY.SYS
2008-12-14 20:19 . 2008-12-14 20:22 <DIR> d-------- c:\program files\Sierra On-Line
2008-12-14 20:19 . 2008-12-14 20:19 <DIR> d-------- C:\Papyrus
2008-12-14 20:19 . 2008-12-14 20:19 <DIR> d-------- c:\documents and settings\H Spragg\WINDOWS
2008-12-14 20:19 . 2008-12-14 20:22 223 --a------ c:\windows\SIERRA.INI
2008-12-14 20:18 . 2004-08-03 23:08 59,136 --a------ c:\windows\system32\drivers\GcKernel.sys
2008-12-14 20:18 . 2004-08-03 23:08 59,136 --a--c--- c:\windows\system32\dllcache\gckernel.sys
2008-12-14 20:18 . 2001-08-17 22:36 10,240 --a------ c:\windows\system32\SWPIDFLT.DLL
2008-12-14 20:18 . 2001-08-17 22:36 10,240 --a--c--- c:\windows\system32\dllcache\swpidflt.dll
2008-12-14 20:18 . 2001-08-17 14:02 2,688 --a------ c:\windows\system32\drivers\HIDSwvd.sys
2008-12-14 20:18 . 2001-08-17 14:02 2,688 --a--c--- c:\windows\system32\dllcache\hidswvd.sys
2008-12-14 20:11 . 2008-12-14 20:11 <DIR> d-------- c:\windows\Profiles
2008-12-14 20:11 . 2008-12-14 20:11 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\InterTrust
2008-12-14 20:11 . 1998-10-29 14:45 306,688 --a------ c:\windows\IsUninst.exe
2008-12-13 21:08 . 2008-12-13 21:16 <DIR> d-------- C:\java
2008-12-06 16:31 . 2008-12-06 16:31 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\GrabPro
2008-12-06 16:27 . 2008-12-06 16:27 <DIR> d-------- c:\program files\ZillaTube
2008-12-06 11:04 . 2008-12-14 20:03 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\Orbit
2008-12-05 20:59 . 2008-12-05 20:59 <DIR> d-------- c:\documents and settings\alistair new\Application Data\CyberLink
2008-12-05 20:19 . 2008-12-12 13:19 <DIR> d-------- c:\program files\Orbitdownloader
2008-12-05 20:19 . 2008-12-05 21:00 <DIR> d-------- c:\documents and settings\alistair new\Application Data\Orbit
2008-12-05 20:19 . 2008-12-05 20:19 <DIR> d-------- c:\documents and settings\alistair new\Application Data\GrabPro
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\program files\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\documents and settings\H Spragg\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\documents and settings\children\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\documents and settings\Alistair\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\documents and settings\alistair new\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d-------- c:\documents and settings\Administrator\1st Security Agent
2008-12-05 18:26 . 2008-12-05 18:26 <DIR> d--h----- C:\1st Security Agent
2008-12-04 21:11 . 2008-12-04 21:11 <DIR> d-------- c:\program files\CryptIt
2008-12-04 21:11 . 2008-12-04 21:11 <DIR> d-------- c:\program files\Common Files\InstallerA
2008-12-04 21:11 . 2008-12-04 21:11 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\Sinner
2008-12-04 21:11 . 2008-12-04 21:11 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\ACAPsoft
2008-12-04 20:01 . 2008-12-04 20:01 <DIR> d-------- c:\program files\UBISOFT
2008-12-04 18:02 . 2008-12-04 18:02 <DIR> d-------- c:\program files\CDBurnerXP Pro 3
2008-12-04 17:53 . 2008-12-04 17:53 <DIR> d-------- c:\program files\CDBurnerXP
2008-12-04 17:53 . 2008-12-04 17:53 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\Canneverbe_Limited
2008-12-04 17:51 . 2008-12-04 17:51 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\ImgBurn
2008-12-04 17:41 . 2008-12-04 17:41 <DIR> d-------- c:\program files\ImgBurn
2008-12-03 22:16 . 2008-12-03 22:16 <DIR> d-------- c:\program files\free-downloads.net
2008-12-03 22:16 . 2008-12-03 22:16 <DIR> d-------- c:\program files\Conduit
2008-12-03 22:16 . 2008-12-03 22:16 <DIR> d-------- c:\program files\Alcohol Soft
2008-12-03 20:05 . 2008-12-03 20:05 <DIR> d-------- c:\program files\MagicISO
2008-12-01 11:10 . 2008-12-01 11:10 <DIR> d-------- c:\program files\Lavasoft
2008-12-01 11:10 . 2008-12-01 11:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-30 15:36 . 2008-11-30 17:04 <DIR> d-------- c:\documents and settings\H Spragg\Application Data\Hamachi
2008-11-30 15:36 . 2008-11-30 15:36 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2008-11-23 20:58 . 2008-11-23 20:58 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-11-23 20:58 . 2008-11-23 20:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2008-11-23 16:24 . 2008-11-23 16:27 <DIR> d-------- c:\documents and settings\H Spragg\.SunDownloadManager
2008-11-23 16:11 . 2008-11-23 16:10 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-22 21:43 . 2008-11-22 21:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-22 21:35 . 2008-11-22 21:35 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-20 13:55 . 2008-11-20 14:00 <DIR> d-------- c:\documents and settings\H Spragg\dodian.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 16:54 --------- d-----w c:\documents and settings\H Spragg\Application Data\DNA
2008-12-15 16:47 --------- d-----w c:\program files\Common Files\Akamai
2008-12-14 20:11 --------- d-----w c:\program files\Common Files\Adobe
2008-12-14 20:03 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-14 20:02 --------- d-----w c:\program files\DNA
2008-12-13 18:48 31 ----a-w c:\documents and settings\H Spragg\jagex_runescape_preferences.dat
2008-12-04 20:10 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-04 20:10 --------- d-----w c:\program files\AGEIA Technologies
2008-12-04 20:01 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-30 14:06 --------- d-----w c:\program files\No-IP
2008-11-30 10:19 --------- d-----w c:\program files\Napster
2008-11-30 10:19 --------- d-----w c:\documents and settings\All Users\Application Data\Napster
2008-11-23 20:57 --------- d-----w c:\documents and settings\H Spragg\Application Data\BitTorrent
2008-11-23 16:33 --------- d-----w c:\program files\Java
2008-11-21 16:21 --------- d-----w c:\program files\Paint.NET
2008-11-13 17:01 --------- d-----w c:\program files\Thoosje Vista Sidebar
2008-11-13 16:43 --------- d-----w c:\program files\Styler
2008-11-11 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-11 19:23 58,904 ----a-w c:\windows\system32\azipcontmn.dll
2008-11-02 11:22 --------- d-----w c:\program files\RSDemon
2008-11-01 21:51 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-01 21:51 --------- d-----w c:\documents and settings\H Spragg\Application Data\Malwarebytes
2008-11-01 21:51 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-01 21:17 --------- d-----w c:\program files\Trend Micro
2008-11-01 20:58 --------- d-----w c:\program files\Common Files\TechSmith Shared
2008-11-01 20:58 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2008-11-01 20:35 --------- d-----w c:\program files\TechSmith
2008-11-01 19:36 --------- d-----w c:\program files\HyCam2
2008-11-01 18:47 --------- d-----w c:\program files\Screen Recorder Gold
2008-11-01 17:53 --------- d-----w c:\program files\RealWorld Cursor Editor
2008-11-01 17:53 --------- d-----w c:\documents and settings\H Spragg\Application Data\RealWorld
2008-11-01 17:20 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro 3
2008-11-01 17:15 --------- d-----w c:\program files\Hitman Pro 3
2008-11-01 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro
2008-11-01 15:36 --------- d-----w c:\program files\VistaExperience.org
2008-11-01 13:55 --------- d-----w c:\documents and settings\H Spragg\Application Data\ViStart
2008-11-01 13:45 --------- d-----w c:\program files\WinFlip
2008-11-01 13:45 --------- d-----w c:\program files\TrueTransparency
2008-11-01 13:45 --------- d-----w c:\documents and settings\H Spragg\Application Data\Styler
2008-10-31 21:37 --------- d-----w c:\program files\Stardock
2008-10-27 12:54 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-27 12:47 --------- d-----w c:\program files\NOS
2008-10-27 12:47 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-26 13:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-26 13:08 --------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution
2008-10-26 13:03 --------- d-----w c:\program files\RapidSolution
2008-10-22 16:27 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 16:27 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-19 11:48 --------- d-----w c:\program files\MyXOFT
2008-10-18 13:27 --------- d-----w c:\program files\GE Express
2008-10-18 11:26 --------- d-----w c:\program files\SCAR 3.12
2008-10-15 16:19 43,552 ----a-w c:\windows\system32\drivers\tbhsd.sys
2008-10-08 20:01 47,667 ----a-w c:\program files\RBS (480 x 480).jpg
2008-09-25 21:04 58,904 ----a-w c:\windows\system32\sysfolderazipcnt.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-08-26 18:43 0 ----a-w c:\documents and settings\children\jagex_runescape_preferences.dat
.

------- Sigcheck -------

2008-04-14 00:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2008-05-12 15:50 16896 35de7705f9fb23992740523b5c9fdac5 c:\windows\system32\svchost.exe

2008-04-14 00:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2008-05-12 15:50 505856 481addbb21037489eacfcb308b1be2b0 c:\windows\system32\winlogon.exe

2008-05-12 15:50 1035264 666c5d9dbced0cdfd48285103f8e2808 c:\windows\explorer.exe
2007-06-13 11:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 12:00 1032192 a0732187050030ae399b241436565e64 c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 00:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

2008-04-14 00:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2008-05-12 15:50 110080 77f48ea251a503aae5fc0e7af4a425d7 c:\windows\system32\services.exe

2008-04-14 00:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
2008-05-12 15:50 14336 d1320ba74a3866c2859b0518080cf84c c:\windows\system32\lsass.exe

2005-06-11 00:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 12:00 57856 7435b108b935e42ea92ca94f59c8e717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 00:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
2008-05-12 15:50 58368 e1f9dbda12cbef81cf3d771d45c7dea5 c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot_2008-12-13_19.06.32.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-02-28 08:29:36 397,312 ----a-w c:\windows\system32\Adobe\SVG Viewer\AceLite.dll
+ 2001-03-14 09:06:02 1,138,688 ----a-w c:\windows\system32\Adobe\SVG Viewer\Agm.dll
+ 2001-01-20 21:13:36 147,456 ----a-w c:\windows\system32\Adobe\SVG Viewer\Bib.dll
+ 2001-03-14 09:06:02 1,441,792 ----a-w c:\windows\system32\Adobe\SVG Viewer\CoolType.dll
+ 2001-03-14 13:10:56 299,059 ------w c:\windows\system32\Adobe\SVG Viewer\NPSVGVw.dll
+ 2001-03-14 13:14:00 491,574 ------w c:\windows\system32\Adobe\SVG Viewer\SVGControl.dll
+ 2001-03-14 13:06:24 12,288 ------w c:\windows\system32\Adobe\SVG Viewer\SVGRSRC.DLL
+ 2001-03-14 13:07:52 1,597,491 ------w c:\windows\system32\Adobe\SVG Viewer\SVGView.dll
+ 2000-03-17 06:56:26 49,152 ----a-w c:\windows\system32\Macromed\Director\SwDir.dll
+ 2000-03-17 06:56:18 536,576 ----a-w c:\windows\system32\Macromed\Shockwave 8\Control.dll
+ 2000-03-17 06:09:16 1,245,184 ----a-w c:\windows\system32\Macromed\Shockwave 8\dirapi.dll
+ 2000-03-17 06:56:22 24,576 ----a-w c:\windows\system32\Macromed\Shockwave 8\DynaPlayer.dll
+ 2000-03-17 06:03:30 552,960 ----a-w c:\windows\system32\Macromed\Shockwave 8\iml32.dll
+ 2000-03-17 06:53:42 253,952 ----a-w c:\windows\system32\Macromed\Shockwave 8\Plugin.dll
+ 2000-03-17 06:54:18 409,600 ----a-w c:\windows\system32\Macromed\Shockwave 8\PluginPing.dll
+ 2000-03-17 06:33:54 135,168 ----a-w c:\windows\system32\Macromed\Shockwave 8\Proj.dll
+ 2000-03-17 04:09:46 43,520 ----a-w c:\windows\system32\Macromed\Shockwave 8\QuitRemote.exe
+ 2000-03-17 07:18:02 86,016 ----a-w c:\windows\system32\Macromed\Shockwave 8\SwInit.exe
+ 2000-03-17 06:53:24 86,016 ----a-w c:\windows\system32\Macromed\Shockwave 8\SwMenu.dll
+ 2000-03-17 07:18:04 106,496 ----a-w c:\windows\system32\Macromed\Shockwave 8\SwOnce.dll
+ 1999-06-25 11:55:30 149,504 ----a-w c:\windows\system32\Macromed\Shockwave 8\UNWISE.EXE
+ 2008-12-14 20:02:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_9a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949} "= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-09-15 06:47 1784856 --a------ c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949} "= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949} "= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-11 68856]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"BitTorrent DNA "= "c:\program files\DNA\btdna.exe" [2008-11-15 342336]
"AlcoholAutomount "= "c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"McAfeeUpdaterUI "= "c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray "= "c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]
"EM_EXEC "= "c:\mouse\system\em_exec.exe" [1998-06-12 35840]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-11-23 136600]
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"NapsterShell "= "c:\program files\Napster\napster.exe" [2007-01-12 323216]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"00saskda "= "c:\program files\1st Security Agent\newlock.exe" [2008-07-06 1453056]
"atwtusb "= "atwtusb.exe" [2005-09-21 c:\windows\system32\ATWTUSB.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\H Spragg\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-05-28 145736]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-12-05 1690824]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-04-28 415072]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation "= 0 (0x0)
"RestrictCpl "= 0 (0x0)
"DisallowCpl "= 0 (0x0)
"NoViewOnDrive "= 0 (0x0)
"RestrictRun "= 0 (0x0)
"NoRecycleFiles "= 0 (0x0)
"ForceRecycleBinSize "= 0 (0x0)
"NoCustomizeWebView "= 0 (0x0)
"NoFileAssociate "= 0 (0x0)
"NoDFSTab "= 0 (0x0)
"NoCustomizeThisFolder "= 0 (0x0)
"NoWebView "= 0 (0x0)
"DontShowSuperHidden "= 0 (0x0)
"NoOnlinePrintsWizard "= 0 (0x0)
"NoPublishingWizard "= 0 (0x0)
"NoSetTaskbar "= 1 (0x1)
"NoSMConfigurePrograms "= 0 (0x0)
"NoSMMyPictures "= 0 (0x0)
"NoStartMenuMyMusic "= 0 (0x0)
"NoHelp "= 0 (0x0)
"NoCommonGroups "= 0 (0x0)
"NoStartMenuEjectPC "= 0 (0x0)
"NoSimpleStartMenu "= 0 (0x0)
"NoStartMenuSubFolders "= 0 (0x0)
"NoDisconnect "= 0 (0x0)
"NoNtSecurity "= 0 (0x0)
"GreyMSIAds "= 0 (0x0)
"ForceMaxRecentDocs "= 0 (0x0)
"NoSMBalloonTip "= 0 (0x0)
"NoSMBalloonTips "= 0 (0x0)
"HideSCAVolume "= 0 (0x0)
"HideSCANetwork "= 0 (0x0)
"HideSCAPower "= 0 (0x0)
"NoTaskGrouping "= 0 (0x0)
"NoWebServices "= 0 (0x0)
"NoFileUrl "= 0 (0x0)
"SpecifyDefaultButtons "= 0 (0x0)
"NoRecentDocsNetHood "= 0 (0x0)
"PromptRunasInstallNetPath "= 1 (0x1)
"NoResolveTrack "= 0 (0x0)
"NoDevMgrUpdate "= 0 (0x0)
"NoThumbnailCache "= 0 (0x0)
"ForceCopyAclwithFile "= 0 (0x0)
"StartRunNoHOMEPATH "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-17 08:05 210168 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Documents and Settings\\H Spragg\\My Documents\\rune_free.exe "=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe "=
"c:\\Documents and Settings\\H Spragg\\My Documents\\installer-37498-19en-RollerCoaster-Tycoon-English.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\WINDOWS\\system32\\java.exe "=
"c:\\Program Files\\Sierra Entertainment\\Empire Earth III Public Demo\\EE3.exe "=
"c:\\Program Files\\Graffiti Studio 2.0\\Graffiti Studio.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon Demo\\rct.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe "=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe "=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe "=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP "= 9420:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface
"43594:TCP "= 43594:TCP:runescape

R1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys [2008-10-01 22272]
R1 SolDisk;SolDisk;\??\c:\windows\system32\drivers\soldisk.sys [2008-09-11 38856]
R1 SolFS;SolFS;\??\c:\windows\system32\drivers\solfs.sys [2008-09-11 288584]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 16896]
R2 DeskSaverService;DeskSaverService;c:\program files\1st Security Agent\newlock.exe [2008-12-05 1453056]
R2 WinDefend;Windows Defender; "c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-05 99376]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-27 33752]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys []
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\DRIVERS\s125bus.sys [2008-09-01 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s125mdfl.sys [2008-09-01 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s125mdm.sys [2008-09-01 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s125mgmt.sys [2008-09-01 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s125obex.sys [2008-09-01 98696]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2008-10-01 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2008-10-01 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2008-10-01 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2008-10-01 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2008-10-01 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2008-10-01 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2008-10-01 110120]
S3 savroam;SAVRoam; "c:\program files\Symantec AntiVirus\SavRoam.exe" [2007-10-07 116664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

*Newly Created Service* - SECDRV
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-12-14 c:\windows\Tasks\User_Feed_Synchronization-{22210015-A78F-4D65-96C3-2A6AC459DD75}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\H Spragg\Application Data\Mozilla\Firefox\Profiles\jgnl6q09.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\DNA\plugins\npbtdna.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 17:00:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll
.
Completion time: 2008-12-15 17:03:04
ComboFix-quarantined-files.txt 2008-12-15 17:02:07
ComboFix2.txt 2008-12-14 19:57:39
ComboFix3.txt 2008-12-13 19:08:01
ComboFix4.txt 2008-12-01 19:56:14
ComboFix5.txt 2008-12-15 16:55:27

Pre-Run: 8,141,008,896 bytes free
Post-Run: 8,150,679,552 bytes free

380 --- E O F --- 2008-11-13 17:02:44

HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:02, on 15/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\1st Security Agent\newlock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\1st Security Agent\newlock.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:/Documents and Settings/H Spragg/My Documents/My Music/Temp/Tunebite/.downloading/profile/rrproxy_ie_49046c44.pac
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [00saskda] "C:\Program Files\1st Security Agent\newlock.exe" saskda
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccevtmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccsetmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (defwatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DeskSaverService - Unknown owner - C:\Program Files\1st Security Agent\newlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate (liveupdate) - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SAVRoam (savroam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (sndsrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (spbbcsvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus (symantec antivirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 12065 bytes

 

My apology, post #6 was a duplicate. My computer keeps going black every 10-15 minutes, and it Is difficult determining what was already done.

Are you still having redirection problems?

 

yes there hasn't been any change

 

Please download SmitfraudFix
Save to the Desktop
Right-click the file and select: Extract all…
Follow the prompts

~~~~
Boot to Safe Mode as follows:

• Restart the computer
• Before the Windows appears, tap F8
• The Windows XP Advanced Options menu appears
• Select the option for Safe Mode using the arrow keys.

Open SmitfraudFix

• Double-click smitfraudfix.cmd
• Select Option 2 - Clean by typing 2 and press Enter (Deletes infected files)
• You are prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

The tool also checks if a relevant file, wininet.dll, is infected.
You may be prompted to replace the infected file (if found).
Replace infected file? Answer Y (yes) and hit Enter to restore a clean file.

Restart the computer to complete the removal process.

~~~~
Next, download Malwarebytes' Anti-Malware (MBAM)
Save the program to the Desktop
Close all Windows, including this one.

On the Desktop, double-click mbam-setup.exe to install the program, and follow the prompts

• If an update is found, MBAM will download and install the latest.
• Click OK

At the main program window

• Make sure the following is checked: Perform Quick Scan
• Click: Scan (The scan may take some time to finish, so please be patient.)
• When the scan completes, a message box appears
• Click OK

At the main Scanner screen:

• Click on: Show Results
• A screen displaying the malware found shows
• Make sure everything found is checked, and click: Remove Selected
• When the disinfection is complete, you may be prompted to Restart. Please do so.
• When MBAM finishes removing the malware, a log opens in Notepad
• The log is automatically saved and can be viewed by clicking the Logs tab.

~~~~
Please provide the following in your reply:
The SmitFraudFix report located at C:\rapport.txt
The MBAM report

 

A new tool came out, if you use FireFox, and are getting redirected...

If you use FireFox, please download GooredFix
Save it to the Desktop.
Double-click Goored.exe to run it.
Select: 1. Find Goored (no fix) by typing 1 and pressing Enter.

When the tool is done, a log opens on your Desktop.

Please post the contents of the log in your reply

Note: Please do not run Option 2!!

 

not any time

sorry i havent had much time lately because ive been feeling a bit ill, but we recently signed up to AOL and when i use the AOL router i get no redirection problems, is it possible that the virus was gone from the computer but was in the router instead??

 

It is possible for a DNS Changer to infect a router. In a case of that nature, a router reset with a power recycle, and the use of a malware remover, may eliminate the undesirable from the router.


At this point, I gather you are using a new router and you are no longer having problems. Is this the case?

 

yes i have swapped the router and i am not having any of the problems that i used to have.

 

Thank you for letting us know.

If you are no longer having malware problems, we will close this topic.

Have a great holiday!!