0

Had a problem during the week where webpages were being redirected. None of my tools would run (Spybot Search & Destroy, HijackThis etc) any website I tried to visit for updates to AV also failed. I checked Hosts file and nothing strange there. I finally changed the Spybot exe to a new name and added an IP entry in Hosts for their site to get updates, Spybot started and found Zlob DNSChanger entries in the Registry but could not remove. Microsoft Malicious Software Removal Tool refused to run regardless on exe name change etc. Below is the logs from the remaining tools run as advised on the main post.

HIJACKTHIS LOG
*************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:55, on 28/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\emMON.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\1HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.248.228.166:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;;*.local;;;;;;;;;;;;;;;;;;;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [STICAP] C:\Program Files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [emMON] C:\WINDOWS\emmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.broadband.o2.co.uk
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {01232355-5C70-455B-B33E-A62433F3B77F} (WebCamX Control) - http://cctv.nolanseafoods.co.uk/WebCamX.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://www.cardsmadeeasy.com/403.html
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {AA25A56C-B654-4356-B390-DC3594B75C63} (HCNetActiveX Control) - http://192.168.1.67/codebase/HCNetVideoActiveX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c99066d7f1b4b5) (gupdate1c99066d7f1b4b5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: TunerFreeMCEService - Unknown owner - C:\Program Files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe

--
End of file - 13588 bytes


UNINSTALL LIST
***************************************************
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Bridge 1.0
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Alien DVR
Apple Mobile Device Support
Apple Software Update
ASUSUpdate
BBC iPlayer Download Manager
Bonjour
CA eTrustITM Agent
CA iTechnology iGateway
Choice Guard
Cisco Systems VPN Client 5.0.02.0090
C-Media CM6501 Like Sound Driver
Combined Community Codec Pack 2007-02-22
ConvertXtoDVD 3.6.12.174c
Cool & Quiet
DameWare Mini Remote Control
dBpoweramp FLAC Codec
dBpoweramp Music Converter
Dual-Core Optimizer
EPSON Scan
ESET Online Scanner v3
EVEREST Home Edition v2.20
File Shredder 2.0
Garmin MapSource
Garmin WebUpdater
Google Earth
Google Pinyin IME
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hard Disk Low Level Format Tool 2.36 build 1181
HijackThis 2.0.2
I.I.I. Home Inventory 3.08
iEnhance
ieSpell
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Junk Mail filter update
KWorld USB 2860 Device Driver
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
MediaFACE 5.0
Memory-Map OS Edition 2004
Memory-Map OS Edition Version 5
Microsoft Flight Simulator X
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MozyHome Remote Backup
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Premium
neroxml
NetOp Guest
Nikon RAW Codec
NVIDIA Drivers
O2 Broadband Assistant
PhotoNow! 1.0
PowerProducer
QuickPar 0.9
QuickTime
RealPlayer
Rosetta Stone Version 3
Samsung CLP-300 Series
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Visio 2007 (KB947590)
Serif WebPlus 10
Serif WebPlus 10 Resources
SimpleDivX
Spybot - Search & Destroy
Super GSM Reader
The Rosetta Stone
Trust WB-3500T USB2 Webcam
TunerFree MCE
TweetDeck
Uninstall 1.0.0.1
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update Service
VideoLAN VLC media player 0.8.6h
Vivia
Web Tools
WinAVI Video Converter
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Movie Maker 2.6
WinRAR archiver

ESET LOG
**********************************************
C:\Program Files\Spybot - Search & Destroy\YRLFUPEB.scr probably unknown NewHeur_PE virus
C:\ProgramData\Rosetta Stone\Content\data\c1\e\c1ec7b5667f02421f7ac037a9247a19ed4959bcf SWF/Exploit.CVE-2007-0071 trojan
C:\Users\All Users\Rosetta Stone\Content\data\c1\e\c1ec7b5667f02421f7ac037a9247a19ed4959bcf SWF/Exploit.CVE-2007-0071 trojan
C:\Windows\Downloaded Program Files\VideoEggPublisher.exe probably a variant of Win32/TrojanDownloader.Agent trojan
C:\Windows\Downloaded Program Files\CONFLICT.1\VideoEggPublisher.exe probably a variant of Win32/TrojanDownloader.Agent trojan
C:\Windows\Downloaded Program Files\CONFLICT.2\VideoEggPublisher.exe probably a variant of Win32/TrojanDownloader.Agent trojan

**********************************************

Thanks to all in advance for any assistance ;-)

4
Contributors
41
Replies
42
Views
8 Years
Discussion Span
Last Post by jholland1964
Featured Replies
  • Both logs look pretty good to me :). Read More

  • Thanks Crunchie! aharrold, first of all you need to [B]Uninstall Combofix[/B] as it won't be needed anymore. [B]To do this do the following:[/B] * Click START then RUN * Now type Combofix /u in the runbox and click OK. [B]The space between the combofix and the /u, it must be … Read More

0

Just realised Word Wrap was on my logs - I've re attached them below (Doesnt look any better :-().

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:55, on 28/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\emMON.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\1HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.248.228.166:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;;*.local;;;;;;;;;;;;;;;;;;;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [STICAP] C:\Program Files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [emMON] C:\WINDOWS\emmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.broadband.o2.co.uk
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {01232355-5C70-455B-B33E-A62433F3B77F} (WebCamX Control) - http://cctv.nolanseafoods.co.uk/WebCamX.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://www.cardsmadeeasy.com/403.html
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {AA25A56C-B654-4356-B390-DC3594B75C63} (HCNetActiveX Control) - http://192.168.1.67/codebase/HCNetVideoActiveX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c99066d7f1b4b5) (gupdate1c99066d7f1b4b5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: TunerFreeMCEService - Unknown owner - C:\Program Files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe

--
End of file - 13588 bytes


C:\Program Files\Spybot - Search & Destroy\YRLFUPEB.scr probably unknown NewHeur_PE virus
C:\ProgramData\Rosetta Stone\Content\data\c1\e\c1ec7b5667f02421f7ac037a9247a19ed4959bcf SWF/Exploit.CVE-2007-0071 trojan
C:\Users\All Users\Rosetta Stone\Content\data\c1\e\c1ec7b5667f02421f7ac037a9247a19ed4959bcf SWF/Exploit.CVE-2007-0071 trojan
C:\Windows\Downloaded Program Files\VideoEggPublisher.exe probably a variant of Win32/TrojanDownloader.Agent trojan
C:\Windows\Downloaded Program Files\CONFLICT.1\VideoEggPublisher.exe probably a variant of Win32/TrojanDownloader.Agent trojan
C:\Windows\Downloaded Program Files\CONFLICT.2\VideoEggPublisher.exe probably a variant of Win32/TrojanDownloader.Agent trojan

0

I would recommend that you Uninstall The Rosetta Stone, that is where some of the infected files are located.
You need to run ESET again and be sure that Remove found threats is checked and the option to Scan unwanted applications is Checked.
Reboot the computer
Update MBA-M and run a Full System Scan with it.
Be sure that everything is checked, and click Remove Selected
Reboot the computer
Run a new HJT scan and save the log. Post back with those three logs.

0

ESET Log (not the exact log but cutr and paste from a file within ESET as forgot to save original log!)
C:\Windows\DownloadedProgramFiles\VideoEggPublisher.exeprobablyavariantofWin32/TrojanDownloader.Agenttrojan8NAME=Win32/TrojanDownloader.Agent@TYPE=Trojan@SUSP=susp
C:\Windows\DownloadedProgramFiles\VideoEggPublisher.exe
C:\Windows\DownloadedProgramFiles\CONFLICT.1\VideoEggPublisher.exeprobablyavariantofWin32/TrojanDownloader.Agenttrojan8NAME=Win32/TrojanDownloader.Agent@TYPE=Trojan@SUSP=susp
C:\Windows\DownloadedProgramFiles\CONFLICT.1\VideoEggPublisher.exe
C:\Windows\DownloadedProgramFiles\CONFLICT.2\VideoEggPublisher.exeprobablyavariantofWin32/TrojanDownloader.Agenttrojan8@NAME=Win32/TrojanDownloader.Agent@TYPE=Trojan@SUSP=susp
C:\Windows\DownloadedProgramFiles\CONFLICT.2\VideoEggPublisher.exe

Malwarebytes' Anti-Malware 1.38
Database version: 2347
Windows 6.0.6002 Service Pack 2

29/06/2009 03:57:40
mbam-log-2009-06-29 (03-57-40).txt

Scan type: Full Scan (C:\|J:\|)
Objects scanned: 336082
Time elapsed: 1 hour(s), 6 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\VideoLAN\VLC\plugins\libmux_mpjpeg_plugin.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Andy\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\MLTJRXHQ\wmv_v3[1].exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\MSIVXcount (Trojan.Agent) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:04:33, on 29/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Windows\emMON.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Trend Micro\HijackThis\1HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.248.228.166:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;;*.local;;;;;;;;;;;;;;;;;;;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [STICAP] C:\Program Files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [emMON] C:\WINDOWS\emmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.broadband.o2.co.uk
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {01232355-5C70-455B-B33E-A62433F3B77F} (WebCamX Control) - http://cctv.nolanseafoods.co.uk/WebCamX.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://www.cardsmadeeasy.com/403.html
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {AA25A56C-B654-4356-B390-DC3594B75C63} (HCNetActiveX Control) - http://192.168.1.67/codebase/HCNetVideoActiveX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c99066d7f1b4b5) (gupdate1c99066d7f1b4b5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: TunerFreeMCEService - Unknown owner - C:\Program Files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe

--
End of file - 13546 bytes


Thanks for your help.

0

First of all you need to TURN OFF the Spybot TeaTimer as it can interfere with fixes done.
Disable Spybot's TeaTimer

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Next run HiJackThis again and place check marks next to the following entries:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;;*.local;;;;;;;;;;;;;;;;;;;;<local>
O15 - Trusted Zone: http://*.broadband.o2.co.uk
O16 - DPF: {01232355-5C70-455B-B33E-A62433F3B77F} (WebCamX Control) - http://cctv.nolanseafoods.co.uk/WebCamX.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://www.cardsmadeeasy.com/403.html
O16 - DPF: {AA25A56C-B654-4356-B390-DC3594B75C63} (HCNetActiveX Control) - http://192.168.1.67/codebase/HCNetVideoActiveX.cab

Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Next do the following: download the latest version of Java which is version 6 Update 14 choose the Offline Install and save it to the desktop for easy access.
Next close all browsers and go to Add/Remove. Uninstall the following programs:
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Once you have done those uninstalls then double click the new Java install file on the desktop to install the new version. When the install is complete go back to the download page and on the right side click Verify Now to go to the verification page to check that your install was successful.
Judy

0

First of all you need to TURN OFF the Spybot TeaTimer as it can interfere with fixes done.
Disable Spybot's TeaTimer

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Next run HiJackThis again and place check marks next to the following entries:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;;*.local;;;;;;;;;;;;;;;;;;;;<local>
O15 - Trusted Zone: http://*.broadband.o2.co.uk
O16 - DPF: {01232355-5C70-455B-B33E-A62433F3B77F} (WebCamX Control) - http://cctv.nolanseafoods.co.uk/WebCamX.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://www.cardsmadeeasy.com/403.html
O16 - DPF: {AA25A56C-B654-4356-B390-DC3594B75C63} (HCNetActiveX Control) - http://192.168.1.67/codebase/HCNetVideoActiveX.cab

Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Next do the following: download the latest version of Java which is version 6 Update 14 choose the Offline Install and save it to the desktop for easy access.
Next close all browsers and go to Add/Remove. Uninstall the following programs:
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Once you have done those uninstalls then double click the new Java install file on the desktop to install the new version. When the install is complete go back to the download page and on the right side click Verify Now to go to the verification page to check that your install was successful.
Judy

Done the above, bit reluctant to remove the following 2 lines
O15 - Trusted Zone: http://*.broadband.o2.co.uk
O16 - DPF: {01232355-5C70-455B-B33E-A62433F3B77F} (WebCamX Control) - http://cctv.nolanseafoods.co.uk/WebCamX.cab

015 - is my ISP
016 - is a know system I installed remotely

I have selected and deleted them and 016 is now reinstalled as I've used it again.
All Java versions removed and latest installed.

Did my HijackThis log look clear now?

Thanks for all your help!!!

0

I won't know the log is clean until you post a new one. If you yourself added that O15 Trusted site then it is ok, however, when I tried it then it would not come up. That is why I told you to remove it. It generally wouldn't be needed there if this is your regular ISP site.
The O16 is also ok as long as you personally know what it is. I could find no information for it.
Please run HJT again and I can check the log.

0

I won't know the log is clean until you post a new one. If you yourself added that O15 Trusted site then it is ok, however, when I tried it then it would not come up. That is why I told you to remove it. It generally wouldn't be needed there if this is your regular ISP site.
The O16 is also ok as long as you personally know what it is. I could find no information for it.
Please run HJT again and I can check the log.

Hi, just been using my PC as normal and still think there's something lurking and hijacking my pages. Using IE8 and you can type pages and get there ok, however if for instance you do a Google search and the results appear and you right click and select open in new Tab it appears to be hijacked and taken to a random page. I've just check all my DNS seettings on my PC and router and they all appear ok and pointing at the offical ISP approved IP's. I'm just off to run another HJT log and will post up as soon as its finished.

0

Just done a ipconfig /flushdns checked with ipconfig /showdns and all was clear. Done a search using Google and my selected result was hijacked, done another ipconfig /showdns and these were the results (Also pasted HJT log below).

Windows IP Configuration

img.youtube.com
----------------------------------------
Record Name . . . . . : img.youtube.com
Record Type . . . . . : 5
Time To Live . . . . : 90
Data Length . . . . . : 4
Section . . . . . . . : Answer
CNAME Record . . . . : ytimg.l.google.com


1.0.0.127.in-addr.arpa
----------------------------------------
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : localhost


adunit.namiflow.com
----------------------------------------
Record Name . . . . . : adunit.namiflow.com
Record Type . . . . . : 1
Time To Live . . . . : 410
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 67.201.36.19


Record Name . . . . . : ns1.zerolag.com
Record Type . . . . . : 1
Time To Live . . . . : 410
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 67.201.32.9


Record Name . . . . . : ns2.zerolag.com
Record Type . . . . . : 1
Time To Live . . . . : 410
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 67.201.32.10


itunes.apple.com
----------------------------------------
Record Name . . . . . : itunes.apple.com
Record Type . . . . . : 1
Time To Live . . . . : 296
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 17.250.237.16


Record Name . . . . . : nserver.apple.com
Record Type . . . . . : 1
Time To Live . . . . : 296
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 17.254.0.50


Record Name . . . . . : nserver2.apple.com
Record Type . . . . . : 1
Time To Live . . . . : 296
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 17.254.0.59


Record Name . . . . . : nserver3.apple.com
Record Type . . . . . : 1
Time To Live . . . . : 296
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 17.112.144.50


Record Name . . . . . : nserver4.apple.com
Record Type . . . . . : 1
Time To Live . . . . : 296
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 17.112.144.59


ad.adserverplus.com
----------------------------------------
Record Name . . . . . : ad.adserverplus.com
Record Type . . . . . : 5
Time To Live . . . . : 167
Data Length . . . . . : 4
Section . . . . . . . : Answer
CNAME Record . . . . : ad.yieldmanager.com


www.bytetips.com
----------------------------------------
Record Name . . . . . : www.bytetips.com
Record Type . . . . . : 5
Time To Live . . . . : 10158
Data Length . . . . . : 4
Section . . . . . . . : Answer
CNAME Record . . . . : bytetips.com


ads.right-ads.com
----------------------------------------
Record Name . . . . . : ads.right-ads.com
Record Type . . . . . : 1
Time To Live . . . . : 2616
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 174.36.23.216


Record Name . . . . . : ns1.softlayer.com
Record Type . . . . . : 1
Time To Live . . . . : 2616
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 67.228.254.4


Record Name . . . . . : ns1.softlayer.com
Record Type . . . . . : 28
Time To Live . . . . : 2616
Data Length . . . . . : 16
Section . . . . . . . : Additional
AAAA Record . . . . . : 2607:f0d0:0:f:1::1


Record Name . . . . . : ns2.softlayer.com
Record Type . . . . . : 1
Time To Live . . . . : 2616
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 67.228.255.5


Record Name . . . . . : ns2.softlayer.com
Record Type . . . . . : 28
Time To Live . . . . : 2616
Data Length . . . . . : 16
Section . . . . . . . : Additional
AAAA Record . . . . . : 2607:f0d0:0:f:2::1


iplaykdms45.telhc.bbc.co.uk
----------------------------------------
Record Name . . . . . : iplaykdms45.telhc.bbc.co.uk
Record Type . . . . . : 1
Time To Live . . . . : 132
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 212.58.250.75


Record Name . . . . . : ns.bbc.co.uk
Record Type . . . . . : 1
Time To Live . . . . : 132
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 212.58.228.21


Record Name . . . . . : ns1.bbc.co.uk
Record Type . . . . . : 1
Time To Live . . . . : 132
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 132.185.132.21


Record Name . . . . . : ns1.thdo.bbc.co.uk
Record Type . . . . . : 1
Time To Live . . . . : 132
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 212.58.224.21


Record Name . . . . . : ns1.rbsov.bbc.co.uk
Record Type . . . . . : 1
Time To Live . . . . : 132
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 212.58.227.48


10538.2642.filter.oridianppc.com
----------------------------------------
Record Name . . . . . : 10538.2642.filter.oridianppc.com
Record Type . . . . . : 1
Time To Live . . . . : 3404
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 67.201.36.16


Record Name . . . . . : ns51.domaincontrol.com
Record Type . . . . . : 1
Time To Live . . . . : 3404
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 216.69.185.26


Record Name . . . . . : ns52.domaincontrol.com
Record Type . . . . . : 1
Time To Live . . . . : 3404
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 208.109.255.26


urs.microsoft.com
----------------------------------------
Record Name . . . . . : urs.microsoft.com
Record Type . . . . . : 5
Time To Live . . . . : 267
Data Length . . . . . : 4
Section . . . . . . . : Answer
CNAME Record . . . . : urs.microsoft.com.nsatc.net


sqm.microsoft.com
----------------------------------------
Record Name . . . . . : sqm.microsoft.com
Record Type . . . . . : 5
Time To Live . . . . : 273
Data Length . . . . . : 4
Section . . . . . . . : Answer
CNAME Record . . . . : sqm.msn.com


localhost
----------------------------------------
Record Name . . . . . : localhost
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


localhost
----------------------------------------
No records of type AAAA


HIJACK THIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:30, on 29/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\emMON.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Malwarebytes' Anti-Malware\1mbam.exe
C:\Program Files\Memory-Map\OS-5\MMNav.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\O2\agent\bin\bcont.exe
C:\Windows\system32\cmd.exe
C:\Windows\System32\notepad.exe
C:\Windows\System32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Trend Micro\HijackThis\1HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.248.228.166:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;;*.local;;;;;;;;;;;;;;;;;;;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [STICAP] C:\Program Files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [emMON] C:\WINDOWS\emmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {01232355-5C70-455B-B33E-A62433F3B77F} (WebCamX Control) - http://cctv.nolanseafoods.co.uk/WebCamX.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c99066d7f1b4b5) (gupdate1c99066d7f1b4b5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: TunerFreeMCEService - Unknown owner - C:\Program Files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe

--
End of file - 13695 bytes

0

Ok, I am going to refer this to crunchie to take a look. Some tools don't run well in Vista and don't want to cause more problems.
I do have two concerns and hope you can answer immediately:
Why does SpywareBlaster show as running? It DOES NOT run in the background, it is not supposed to run in the background but it clearly shows as running on your machine.
You also show SpywareGuard as running on your computer. This is considered a Work In Progress by the developer Javacool and has NOT been tested on Vista, it's most recent updates were in 2004 and they DO NOT recommend it be installed on a Vista Machine. I would recommend it's immediate UNINSTALL.
Also why is Malwarebytes' running in the background?

0

Run HJT again and put check marks next to these two entries:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.248.228.166:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;;*.local;;;;;;;;;;;;;;;;;;;;<local>
Click the Fix Checked button.
Exit HJT.
Reboot the computer.
Check to see if you are still being re-directed.
Run an new HJT log and post it here.

0

Run HJT again and put check marks next to these two entries:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.248.228.166:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;;*.local;;;;;;;;;;;;;;;;;;;;<local>
Click the Fix Checked button.
Exit HJT.
Reboot the computer.
Check to see if you are still being re-directed.
Run an new HJT log and post it here.

Ok deleted both entries, rebooted and tested - same problem, still getting re-directed. Remembered that at the beginning I could not get Microsoft Malicious removal tool to run, I tried again and it still refuses to do anything (works fine on laptop). I downloaded Trend Micro Rootbuster kit, although it ran the PC Blue Screened before completion.
I've run a new HJT log and pasted it below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:58, on 29/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\emMON.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\1HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [STICAP] C:\Program Files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [emMON] C:\WINDOWS\emmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {01232355-5C70-455B-B33E-A62433F3B77F} (WebCamX Control) - http://cctv.nolanseafoods.co.uk/WebCamX.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c99066d7f1b4b5) (gupdate1c99066d7f1b4b5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: TunerFreeMCEService - Unknown owner - C:\Program Files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe

--
End of file - 13134 bytes

0

Think I might have found part of the problem. Went and checked Trend RootkitBuster logs and it had entries even though it Blue Screened while running -
C:\Avenger\MSIVXcount
Remember seeing this in the MalwareByte's log and it had apparently quarantined and deleted the file. Folder is there and appears empty though it wont allow you to delete it advising 'Error 0x80070091: The Directory is not Empty'. I have show hidden files and folders ticked and the hide protected operating system files removed.

0

I am going to advise that you hold off running any more removal tools, until crunchie can take a look at this. Vista can be very "squirly" with some removals, you don't want to mess anything up, ok?
There obviously is "something" there and I have an idea of what crunchie may recommend but since I am hesitant with the Vista OS I want to wait. He will check this out I assure you.
Judy

0

I am going to advise that you hold off running any more removal tools, until crunchie can take a look at this. Vista can be very "squirly" with some removals, you don't want to mess anything up, ok?
There obviously is "something" there and I have an idea of what crunchie may recommend but since I am hesitant with the Vista OS I want to wait. He will check this out I assure you.
Judy

Cheers -On hold awaiting crunchie's instructions :)

0

I have no idea of your location, I believe crunchie's is Australia, I am in the US so take into consideration possible time differences.

0

Ok, here's crunchie's recommendation:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

* Double-click GooredFix.exe to run it.
* Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
* A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.

Judy

0

Ok, here's crunchie's recommendation:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

* Double-click GooredFix.exe to run it.
* Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
* A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.

Judy

Thanks for the quick help - I'm in UK...so truly global effort here :)
Here's log requested....

GooredFix v1.92 by jpshortstuff
Log created at 22:58 on 29/06/2009 running Option #1
Firefox version [Unable to determine]

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord"

0

You should print these instructions because all FireFox browsers MUST be closed before running the fix.

* Please double-click Goored.exe on your Desktop to run it.
o Select 2. Fix Goored by typing 2 and pressing Enter.
o Make sure all instances of Firefox are closed at this point.
o Type y at the prompt and press Enter again.
o A log will open which you can just close. The log file is named Goored.txt and is on your Desktop.
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

* Now rerun FireFox and please attach the new Goored.txt log to your next reply

0

You should print these instructions because all FireFox browsers MUST be closed before running the fix.

** Please double-click Goored.exe on your Desktop to run it.**
o Select 2. Fix Goored by typing 2 and pressing Enter.
o Make sure all instances of Firefox are closed at this point.
o Type y at the prompt and press Enter again.
o A log will open which you can just close. The log file is named Goored.txt and is on your Desktop.
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

** Now rerun FireFox and please attach the new Goored.txt log to your next reply**

Hi, Dont have Firefox installed, using IE8 ?? Re run Goored and selected option 2 anyways, here's the log file.

GooredFix v1.92 by jpshortstuff
Log created at 06:37 on 30/06/2009 running Option #2
Firefox version [Unable to determine]

=====Goored Deletions=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINESOFTWAREMozillaFirefoxextensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:Program FilesRealRealPlayerbrowserrecord"

Edited by Reverend Jim: Fixed formatting

0

Hi, Dont have Firefox installed,

Have seen cases where running it though has fixed the re-directs in IE.

====

Whilst Judy is offline, please do the following;

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

Have seen cases where running it though has fixed the re-directs in IE.

====

Whilst Judy is offline, please do the following;

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Thanks Crunchie, will get that run tonight when I get home (10 - 11 hrs from now). Will post requested logs.

Cheers

0

The registry value
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord"
was still there after running option 2, should this have been removed by the program?

0

No, that's fine :).

I should be leaving for work as you are getting home :).

Donloaded nd tried to run but wouldnt run normally or as administrator - Does it work on Vista 32bit?
All Spyware programs were removed, Antivirus services were set to manual and PC rebooted. Program downloaded to Desktop and run from there :(

0

Yes it works on Vista 32bit, not 64.
Correct, it should be run from the desktop.
What happens when you try to run it?

Antivirus services were set to manual

not good enough, they need to actually be turned OFF, same goes for Windows Defender, MBA-M, SpywareGuard (which shouldn't be on this machine at all because it has never been tested on Vista and is considered a program in development, uninstall it), Spybot if any of it is still running. All of those, including Firewall, should be OFF. If you prefer go totally off line when these are disabled and try to run combofix.
Let us know what happens and what if any error messages you receive.

0

Yes it works on Vista 32bit, not 64.
Correct, it should be run from the desktop.
What happens when you try to run it?

not good enough, they need to actually be turned OFF, same goes for Windows Defender, MBA-M, SpywareGuard (which shouldn't be on this machine at all because it has never been tested on Vista and is considered a program in development, uninstall it), Spybot if any of it is still running. All of those, including Firewall, should be OFF. If you prefer go totally off line when these are disabled and try to run combofix.
Let us know what happens and what if any error messages you receive.

Bascaly appears to crash but only when run as an administrator, running normally gives no errors..
Services for Antivirus were set to manual and then PC rebooted so Antivirus services did not startup. Spyguard has been removed before running too....

0

Does combofix even begin to run? Did you give it time, it isn't a fast scan, it takes awhile.

You seen it flash up and then dissapear, left it for ages and nothing. Went through Services and set all Antivirus/Malware/Firewall services to Manual and rebooted - Still no luck. Renamed exe file with a 1 in front and off it went working fine..... Program is currently running on PC (i'm now on the laptop), once log is available i'll post it up - it appears to have found 3 entries running in the Root area, and eleted loads of files.

Fingers Crossed....

Program's just finnished, i'll got back on PC and get things done and post log.

0

ComboFix 09-06-29.07 - Andy 30/06/2009 21:27.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.2046.1383 [GMT 1:00]
Running from: c:\users\Andy\Desktop\1ComboFix.exe
AV: eTrust ITM *On-access scanning disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
SP: eTrust ITM *disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C99}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Andy\AppData\Roaming\inst.exe
c:\users\Public\Google
c:\users\Public\Google\Google Pinyin\10000.lib
c:\users\Public\Google\Google Pinyin\bihua.bin
c:\users\Public\Google\Google Pinyin\english.bin
c:\users\Public\Google\Google Pinyin\model.bin
c:\users\Public\Google\Google Pinyin\special.lib
c:\windows\emMON.exe
c:\windows\struct~.ini
c:\windows\system32\drivers\MSIVXgxbqncveuvprlvspsiqvtijffvtxfbqt.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXepopjpobvocieeeixdwrmatdtmxnoywr.dll
c:\windows\system32\MSIVXmcpfdxeboodkywvxxtigvwhrkadqsypi.dll
c:\windows\system32\player.dll

----- BITS: Possible infected sites -----

hxxp://sync.broadband.o2.co.uk:8080
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-30 20:36 . 2009-06-30 20:39 -------- d-----w- c:\users\Andy\AppData\Local\temp
2009-06-30 20:36 . 2009-06-30 20:36 -------- d-----w- c:\users\Jake\AppData\Local\temp
2009-06-29 18:42 . 2009-06-29 18:42 -------- d-----w- c:\program files\Sophos
2009-06-29 17:39 . 2009-06-30 19:28 -------- d-----w- c:\program files\SpywareGuard
2009-06-28 15:24 . 2009-06-28 15:24 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-27 21:32 . 2009-06-27 21:32 -------- d-----w- c:\program files\ESET
2009-06-27 20:02 . 2009-06-27 20:02 -------- d-----w- c:\users\Andy\AppData\Roaming\Malwarebytes
2009-06-27 19:59 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-27 19:59 . 2009-06-27 20:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-27 19:59 . 2009-06-27 19:59 -------- d-----w- c:\programdata\Malwarebytes
2009-06-27 19:59 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-27 09:26 . 2009-06-27 09:26 -------- d-----w- c:\users\Andy\AppData\Local\Apple Computer
2009-06-26 22:28 . 2009-06-26 22:28 -------- d-----w- c:\program files\Trend Micro
2009-06-24 16:32 . 2009-06-24 16:32 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-06-24 16:32 . 2009-06-24 16:32 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-06-24 16:31 . 2009-06-24 16:31 -------- d-----w- c:\users\Andy\AppData\Local\Sony Ericsson
2009-06-24 16:31 . 2009-06-24 16:31 -------- d-----w- c:\programdata\BVRP Software
2009-06-14 21:07 . 2009-06-14 21:07 -------- d-----w- c:\program files\iPod
2009-06-14 21:07 . 2009-06-14 21:08 -------- d-----w- c:\program files\iTunes
2009-06-14 21:05 . 2009-06-14 21:06 -------- d-----w- c:\program files\QuickTime
2009-06-14 20:48 . 2009-06-14 20:48 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-12 15:29 . 2009-06-12 15:30 -------- d-----w- c:\users\Andy\.WMS
2009-06-11 00:03 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 00:03 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-11 00:02 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-11 00:02 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-11 00:02 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-10 17:33 . 2009-06-10 17:33 -------- d-----w- c:\users\Andy\AppData\Roaming\CyberLink
2009-06-10 17:33 . 2009-06-10 17:33 -------- d-----w- c:\programdata\CyberLink
2009-06-10 17:33 . 2009-06-10 17:33 -------- d-----w- c:\users\Public\CyberLink
2009-06-10 17:31 . 2009-06-10 17:33 -------- d-----w- c:\program files\CyberLink
2009-06-10 17:22 . 2007-01-18 04:51 49152 ----a-w- c:\windows\emunist.exe
2009-06-10 17:21 . 2007-01-29 12:20 361728 ----a-w- c:\windows\system32\drivers\emBDA.sys
2009-06-10 17:21 . 2007-01-29 12:19 39680 ----a-w- c:\windows\system32\drivers\emOEM.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 20:39 . 2008-07-13 20:24 -------- d-----w- c:\programdata\Kontiki
2009-06-30 15:24 . 2007-12-03 20:53 -------- d-----w- c:\programdata\Google Updater
2009-06-29 18:49 . 2009-01-08 22:19 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-29 06:14 . 2009-01-10 19:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-29 06:09 . 2007-09-15 13:28 -------- d-----w- c:\program files\Java
2009-06-28 20:15 . 2009-01-23 19:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-28 19:52 . 2009-02-21 15:56 -------- d-----w- c:\programdata\FLEXnet
2009-06-28 19:52 . 2009-02-21 15:40 -------- d-----w- c:\programdata\Rosetta Stone
2009-06-28 19:45 . 2007-07-08 21:21 -------- d-----w- c:\program files\The Rosetta Stone
2009-06-27 09:13 . 2007-09-15 12:50 680 ----a-w- c:\users\Andy\AppData\Local\d3d9caps.dat
2009-06-26 22:26 . 2009-01-07 19:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-26 21:58 . 2009-06-26 21:58 292117 ----a-w- c:\windows\system32\drivers\hosts
2009-06-25 05:33 . 2009-02-14 11:11 -------- d-----w- c:\users\Andy\AppData\Roaming\Vso
2009-06-24 16:32 . 2009-01-17 23:18 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-06-20 20:39 . 2009-06-20 20:39 148736 ----a-w- c:\programdata\hpeA924.dll
2009-06-20 20:39 . 2009-06-20 20:39 148736 ----a-w- c:\programdata\hpeA924.dll
2009-06-20 20:39 . 2009-06-20 20:39 -------- d-----w- c:\programdata\Sony Ericsson
2009-06-20 20:39 . 2009-01-17 23:18 -------- d-----w- c:\program files\Sony Ericsson
2009-06-20 20:39 . 2007-04-28 13:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-14 21:07 . 2007-08-25 20:41 -------- d-----w- c:\program files\Common Files\Apple
2009-06-14 02:02 . 2007-04-28 12:35 -------- d-----w- c:\programdata\Microsoft Help
2009-05-29 19:01 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-05-29 19:01 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-05-29 19:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-29 19:01 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-29 19:01 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-05-29 19:01 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-05-29 19:01 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-05-29 19:00 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-20 18:14 . 2009-05-15 22:07 -------- d-----w- c:\program files\Norton Security Scan
2009-05-20 18:14 . 2009-05-17 17:21 -------- d-----w- c:\programdata\Symantec
2009-05-16 18:03 . 2009-05-16 18:03 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-16 00:45 . 2007-11-04 14:40 -------- d-----w- c:\program files\Google
2009-05-01 22:08 . 2008-07-04 14:08 -------- d-----w- c:\program files\remoteAP
2009-04-16 18:43 . 2009-04-15 21:16 45 ----a-w- c:\windows\hiktemp.tmp
2009-04-14 17:30 . 2009-04-14 17:24 428714 ----a-w- c:\windows\1201.zip
2009-04-10 22:33 . 2009-05-29 18:38 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-10 22:33 . 2009-05-29 18:38 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-10 22:33 . 2009-05-29 18:39 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-10 22:33 . 2009-05-29 18:38 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-10 22:33 . 2009-05-29 18:38 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-10 22:28 . 2009-05-29 18:38 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-10 22:27 . 2009-05-29 18:39 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-04-10 22:22 . 2009-05-29 18:39 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-10 22:21 . 2009-05-29 18:39 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-10 21:42 . 2009-05-29 18:39 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-10 21:03 . 2009-05-29 18:39 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-10 21:03 . 2009-05-29 18:39 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 20:57 . 2009-05-29 18:38 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-10 20:55 . 2009-05-29 18:38 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-10 20:52 . 2009-05-29 18:39 248320 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-04-10 20:51 . 2009-05-29 18:39 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-10 20:47 . 2009-05-29 18:39 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-10 20:46 . 2009-05-29 18:39 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-10 20:46 . 2009-05-29 18:38 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-10 20:46 . 2009-05-29 18:39 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-10 20:46 . 2009-05-29 18:38 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-10 20:46 . 2009-05-29 18:39 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-10 20:46 . 2009-05-29 18:38 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-10 20:45 . 2009-05-29 18:38 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-10 20:45 . 2009-05-29 18:39 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-10 20:45 . 2009-05-29 18:38 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-10 20:45 . 2009-05-29 18:39 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-10 20:45 . 2009-05-29 18:39 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-10 20:45 . 2009-05-29 18:38 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-10 20:43 . 2009-05-29 18:39 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-10 20:43 . 2009-05-29 18:38 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-10 20:43 . 2009-05-29 18:39 62208 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2009-04-10 20:42 . 2009-05-29 18:38 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-10 20:42 . 2009-05-29 18:38 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-10 20:42 . 2009-05-29 18:38 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-10 20:42 . 2009-05-29 18:38 73216 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-04-10 20:42 . 2009-05-29 18:38 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-04-10 20:42 . 2009-05-29 18:38 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-10 20:42 . 2009-05-29 18:39 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-10 20:42 . 2009-05-29 18:39 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-10 20:42 . 2009-05-29 18:39 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-10 20:42 . 2009-05-29 18:38 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-10 20:39 . 2009-05-29 18:38 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-10 20:39 . 2009-05-29 18:39 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-10 20:39 . 2009-05-29 18:39 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-10 20:38 . 2009-05-29 18:38 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-10 20:38 . 2009-05-29 18:38 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-04-10 20:27 . 2009-05-29 18:38 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-10 20:23 . 2009-05-29 18:39 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-10 20:23 . 2009-05-29 18:39 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-10 20:23 . 2009-05-29 18:39 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-10 20:22 . 2009-05-29 18:38 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-10 20:15 . 2009-05-29 18:38 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-10 20:15 . 2009-05-29 18:38 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-10 20:15 . 2009-05-29 18:38 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-10 20:14 . 2009-05-29 18:39 351744 ----a-w- c:\windows\system32\drivers\csc.sys
2009-04-10 20:14 . 2009-05-29 18:38 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-10 20:14 . 2009-05-29 18:38 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-10 20:14 . 2009-05-29 18:39 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-10 20:14 . 2009-05-29 18:38 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-10 20:14 . 2009-05-29 18:38 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-10 20:14 . 2009-05-29 18:39 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-10 20:14 . 2009-05-29 18:39 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-10 20:14 . 2009-05-29 18:38 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-10 22:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2008-10-24 15:52 3044664 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2008-10-24 15:52 3044664 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-04-01 405504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-03-14 520192]
"STICAP"="c:\program files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe" [2004-11-05 155648]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2008-02-08 407368]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Google IME Autoupdater"="c:\program files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-10-17 308720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"O2"="c:\program files\O2\bin\sprtcmd.exe" [2008-03-28 198184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-29 148888]

c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-1-15 575488]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2008-10-24 2954552]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-4-8 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):de,46,bb,b9,90,e0,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"UDP Query User{9883DBDB-2275-46D2-8689-6194E3115E6C}c:\\program files\\danware data\\netop remote control\\guest\\ngstw32.exe"= TCP:c:\program files\danware data\netop remote control\guest\ngstw32.exe:NetOp 32 Guest Application - Copyright © 1995, 2000. All Rights Reserved.
"TCP Query User{BF6D8BB9-3D63-4AE0-B184-BBADF2B772B2}c:\\program files\\danware data\\netop remote control\\guest\\ngstw32.exe"= UDP:c:\program files\danware data\netop remote control\guest\ngstw32.exe:NetOp 32 Guest Application - Copyright © 1995, 2000. All Rights Reserved.
"UDP Query User{47DF459C-BFB2-480C-9FE6-2534D9607293}c:\\program files\\danware data\\netop remote control\\guest\\ngstw32.exe"= TCP:c:\program files\danware data\netop remote control\guest\ngstw32.exe:NetOp 32 Guest Application - Copyright © 1995, 2000. All Rights Reserved.
"TCP Query User{2D28074F-4BBE-446E-9F2A-F43807E62AB2}c:\\program files\\danware data\\netop remote control\\guest\\ngstw32.exe"= UDP:c:\program files\danware data\netop remote control\guest\ngstw32.exe:NetOp 32 Guest Application - Copyright © 1995, 2000. All Rights Reserved.
"UDP Query User{B59F1696-39B2-4011-A8AA-0F73A4906CA0}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{04E653DC-B907-40AF-8297-457DACE5193D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{FF312233-D485-4730-96BB-EDD64A4C7CEE}"= c:\program files\CheckPoint\SecuRemote\bin\SR_SERVICE.EXE:VPN-1 SecuRemote/SecureClient service
"{2D4CDC13-2872-4B72-9CC4-CD93B9B555E5}"= c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.EXE:VPN-1 SecuRemote/SecureClient application
"{C67B7C76-882E-4921-BF72-5CA7D3A5069A}"= c:\program files\CheckPoint\SecuRemote\bin\SCC.EXE:VPN-1 SecuRemote/SecureClient command line
"{E1AFF607-9A0F-4907-B696-8D339D3F958F}"= c:\program files\CheckPoint\SecuRemote\bin\SR_DIAGNOSTICS.EXE:VPN-1 SecuRemote/SecureClient diagnostics
"TCP Query User{3959AF35-0179-453C-91CA-429119620A42}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{8B131231-8589-49C8-A656-6E16BCA2C4D2}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{9082EBC2-BC2C-43F2-BD6A-B1BC8736BF24}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{30975FE3-EB07-4889-B440-28A1CE9B4C19}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"UDP Query User{BB965BD2-692B-4EBC-A06F-A7EEA9103E37}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"{D90AE615-0969-4670-861B-E609F0A32A3D}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{943A2BF7-2CB3-4777-8D37-351524685795}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{5E6122BC-1B55-41E4-95D4-263E7C5C9AAF}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{C7B10EEE-9802-4488-BA5F-FE8C25CC00E8}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{1E08F14C-BC3A-4F64-BB23-60EA8119114C}c:\\program files\\ca\\etrustitm\\inotask.exe"= UDP:c:\program files\ca\etrustitm\inotask.exe:InoTask
"UDP Query User{1C19AC51-4765-415A-9365-31E86275EE82}c:\\program files\\ca\\etrustitm\\inotask.exe"= TCP:c:\program files\ca\etrustitm\inotask.exe:InoTask
"{E7FBE6A6-4ABD-401F-9388-B80EE1D44B92}"= UDP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{DB9D381E-1505-4247-A39C-C33E73D145E7}"= TCP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{D1DE92CA-F3B8-46AD-BBC8-C69DC71B7D3D}"= UDP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{7CC11BC0-1991-4712-9F11-829FE1D7B180}"= TCP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{320D089F-8249-4B9A-AF80-987CB97439B4}"= UDP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{7E5EA7F7-86ED-4750-A955-F6CBC196A1AC}"= TCP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"TCP Query User{342FAB90-7239-4CD8-9A54-33F83A856EDF}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{55EE46C8-D202-41DC-ABE6-B43EB37C34F4}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"TCP Query User{51EC91F0-ED09-4256-A614-04D9CD35BD00}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{62D95FCA-78F5-4C17-97D2-15A3C89A99CE}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{3862D61C-3FAE-453A-A6A3-51C45C3BC947}c:\\proxy stream\\charon.exe"= UDP:c:\proxy stream\charon.exe:Charon - A proxy checking / scanning program.
"UDP Query User{1F1DEAFE-FDC2-4805-A49C-2BD5BDF1F7EB}c:\\proxy stream\\charon.exe"= TCP:c:\proxy stream\charon.exe:Charon - A proxy checking / scanning program.
"TCP Query User{872A865C-60C0-4060-BAEF-167930500EE9}c:\\program files\\ppmate\\ppamnet.exe"= UDP:c:\program files\ppmate\ppamnet.exe:ppmnet Module
"UDP Query User{7C994C93-78BF-410A-8AB6-9CCC7F9F2FC6}c:\\program files\\ppmate\\ppamnet.exe"= TCP:c:\program files\ppmate\ppamnet.exe:ppmnet Module
"TCP Query User{B3FD061E-C572-420E-BE79-E5032245D7FC}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{44B2575F-54BD-4F33-93FE-9319E9685398}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{C6819347-D457-4A89-96A1-24BB463ADCB7}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{8FCDD57B-F95C-4D37-B5CF-341117EA1429}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{A5F8486F-1CEA-4A4E-85FE-CD6EC97F8D89}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{05D50496-ED12-41A7-99E3-728C2EFBDECF}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C3E5EA14-C2BD-4140-B426-D36DF6CDAF01}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{638634E1-6720-4DA1-8592-C619DC851731}"= UDP:c:\program files\O2\bin\wificfg.exe:sprtcmd.exe
"{30035821-27A3-46BB-8D67-A47D72450332}"= TCP:c:\program files\O2\bin\wificfg.exe:sprtcmd.exe
"{AD6D2256-598D-4684-A18D-E7AEFF65BA0B}"= UDP:c:\program files\O2\agent\bin\bcont.exe:bcont.exe
"{A9271257-853E-4750-98D3-AE223597BBF8}"= TCP:c:\program files\O2\agent\bin\bcont.exe:bcont.exe
"{DB95CCBE-A0BF-438E-9127-BE6B8CE3B0F8}"= UDP:c:\program files\Common Files\SupportSoft\bin\ssrc.exe:ssrc.exe
"{A91A24B1-A6E1-419D-A6E4-B7BB6C406C24}"= TCP:c:\program files\Common Files\SupportSoft\bin\ssrc.exe:ssrc.exe
"{7780730D-89DE-4628-8536-28C2B4B8461A}"= UDP:c:\program files\O2\agent\bin\bcont_nm.exe:bcont_nm.exe
"{8749DE07-77FD-458B-86F1-B505E1718FA4}"= TCP:c:\program files\O2\agent\bin\bcont_nm.exe:bcont_nm.exe
"TCP Query User{2B608DE4-BEFB-4F35-B3F7-21CC65CB7DCA}c:\\program files\\alien dvr\\netappsoft.exe"= UDP:c:\program files\alien dvr\netappsoft.exe:NetAPPSoft Microsoft ???????
"UDP Query User{B1128CAF-05A5-47B1-B4CE-2CDEBBAD2D83}c:\\program files\\alien dvr\\netappsoft.exe"= TCP:c:\program files\alien dvr\netappsoft.exe:NetAPPSoft Microsoft ???????
"{FC12A0DB-BA09-467E-B59C-60988F464562}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2EECE81F-ECB3-4C2E-8BD0-FC63CD3FFF67}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\PPMate\\ppmate.exe"= c:\program files\PPMate\ppmate.exe:*:Enabled:PPMate
"c:\\Program Files\\PPMate\\ppamnet.exe"= c:\program files\PPMate\ppamnet.exe:*:Enabled:PPMate
"c:\\Program Files\\uusee\\UUSeePlayer.exe"= c:\program files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer

R0 amacpi;Microsoft Away Mode System;c:\windows\System32\drivers\null.sys [26/06/2008 03:21 4608]
R1 mozyFilter;mozyFilter;c:\windows\System32\drivers\mozy.sys [07/11/2008 23:20 53752]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [23/01/2009 20:21 1153368]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 16:19 202280]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [28/04/2007 14:29 5120]
R2 TunerFreeMCEService;TunerFreeMCEService;c:\program files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe [12/03/2009 09:36 8704]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\System32\drivers\c6501.sys [03/09/2008 21:06 1298944]
S2 gupdate1c99066d7f1b4b5;Google Update Service (gupdate1c99066d7f1b4b5);c:\program files\Google\Update\GoogleUpdate.exe [16/02/2009 19:46 133104]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [26/03/2009 18:37 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [24/06/2009 17:32 13224]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\System32\drivers\s1018bus.sys [20/06/2009 21:39 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\System32\drivers\s1018mdfl.sys [20/06/2009 21:39 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\System32\drivers\s1018mdm.sys [20/06/2009 21:39 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s1018mgmt.sys [20/06/2009 21:39 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\System32\drivers\s1018nd5.sys [20/06/2009 21:39 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\System32\drivers\s1018obex.sys [20/06/2009 21:39 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\System32\drivers\s1018unic.sys [20/06/2009 21:39 109736]
S3 SQTECH930B;Trust WB-3500T USB2 Webcam;c:\windows\System32\drivers\Capt930b.sys [28/04/2007 14:59 273982]

--- Other Services/Drivers In Memory ---

*Deregistered* - VPN-1

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-03 18:10]

2009-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 18:46]

2009-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 18:46]

2009-06-30 c:\windows\Tasks\User_Feed_Synchronization-{502914E0-3D52-4E59-A5E3-A0DE09ACBF36}.job
- c:\windows\system32\msfeedssync.exe [2009-03-25 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-emMON - c:\windows\emmon.exe
HKLM-Run-C6501Sound - c6501.cpl


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
Trusted Zone: aberdeenshire.gov.uk\webvpn
Trusted Zone: o2.co.uk\*.broadband
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {01232355-5C70-455B-B33E-A62433F3B77F} - hxxp://cctv.nolanseafoods.co.uk/WebCamX.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 21:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll
.
Completion time: 2009-06-30 21:42
ComboFix-quarantined-files.txt 2009-06-30 20:42

Pre-Run: 76,281,106,432 bytes free
Post-Run: 76,616,495,104 bytes free

372 --- E O F --- 2009-06-30 07:04

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.