Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google hijacked and redirected by something


  • This topic is locked This topic is locked
2 replies to this topic

#1 wpsvideo

wpsvideo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 29 March 2009 - 03:13 AM

it started when we'd downloaded a movie from the net via utorrent and the file was a wmv file so i assumed it would open with windows media player so i double clicked and it said it need to download a condec from teh web to play so i foolishly said yep and then ran it (what an idiot) - it was called hog plum or something and one it inserted something in my computer all my trouble started happening begining with everything slowing down could get a search engine up although interesting i could open othe websites i knew the names of found you forum and followed the stories of others who had had similar troubles - even initially had to go in to the registry to carry out some changes so i could turn the automatic restore off and run my antivirus. that said this highjacking of google and redirecting to about.blank seems to resonably common but i cant find a solution - i've turned off restore in xp run my antivirus, registary cleaner but couldnt run spybot - did the sd fix and followed all the admin advice from here - when i put google in to the address line i get redirected to knowwhere in particular - if i try windows update it navigates to http://windowsupdate.microsoft.com/ and gives me the google home page instead -this is really weird - tried to redownload spybot and install but it wouldnt let me - i get error sending request the server name or address could not be resolved. please advise
mark :-)
heres my sdfix

SDFix: Version 1.240
Run by Administrator on Sun 03/29/2009 at 04:05 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 16:25:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Mark\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"F:\\CDS\\Nero\\Installation\\SetupX.exe"="F:\\CDS\\Nero\\Installation\\SetupX.exe:*:Enabled:Nero ProductSetup"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Mark\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Mark\\Desktop\\utorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe"="C:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe:*:Enabled:Contribute"
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Pinnacle\\Edition 5\\Program\\studiou.mod"="C:\\Program Files\\Pinnacle\\Edition 5\\Program\\studiou.mod:*:Enabled:Desktop"
"C:\\Program Files\\Pinnacle\\Edition 5\\Program\\RM.exe"="C:\\Program Files\\Pinnacle\\Edition 5\\Program\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Documents and Settings\\Mark\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Mark\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Sat 28 Mar 2009 101,888 ..SHR --- "C:\RECYCLER\S-3-5-49-100011711-100029521-100005357-7175.com"
Sat 28 Mar 2009 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 28 Feb 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

heres my DDS.txt

DDS (Ver_09-03-16.01) - NTFSx86
Run by Mark at 16:40:01.09 on Sun 03/29/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2921 [GMT 11:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Panasonic\SD-JukeboxV3\sdjbmgr.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TuneClone\TuneClone.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Demonoid Toolbar: {35b675b9-7f34-40df-8f49-5fab6b7e4aef} - c:\program files\demonoid\tbDem0.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Demonoid Toolbar: {35b675b9-7f34-40df-8f49-5fab6b7e4aef} - c:\program files\demonoid\tbDem0.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Demonoid Toolbar: {35b675b9-7f34-40df-8f49-5fab6b7e4aef} - c:\program files\demonoid\tbDem0.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
mRun: [nwiz] nwiz.exe /install
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TuneClone] c:\program files\tuneclone\TuneClone.exe /silence
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
StartupFolder: c:\documents and settings\mark\start menu\programs\startup\Adobe Gamma.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Image Zone Fast Start.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\TabUserW.exe.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Windows Search.lnk.disabled
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235804799406
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.121,85.255.112.123
TCP: {9AE800E7-B3C0-42C9-8D19-85D656C884AE} = 85.255.112.121,85.255.112.123
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-28 64160]
R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [2009-3-23 20352]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R1 SSHDRV5C;SSHDRV5C;c:\windows\system32\drivers\SSHDRV5C.sys [2009-3-5 34816]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 SDPASVC;SDPAUMS server service;c:\windows\system32\sdpasvc.exe -service --> c:\windows\system32\sdpasvc.exe -service [?]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R3 CW50;CW50 Device;c:\windows\system32\drivers\CW50.sys [2009-3-3 24059]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090327.005\naveng.sys [2009-3-28 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090327.005\navex15.sys [2009-3-28 876144]
S1 sdjbsys;sdjbsys;c:\windows\system32\drivers\sdjbsys.sys --> c:\windows\system32\drivers\sdjbsys.sys [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-19 951632]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\drivers\SmartpenBus.sys [2009-2-27 38528]
S3 SmartpenCom;Smartpen Communications;c:\windows\system32\drivers\SmartpenCom.sys [2009-2-27 35328]

=============== Created Last 30 ================

2009-03-29 15:31 <DIR> --d----- c:\windows\system32\NtmsData
2009-03-29 15:30 360,002 a------- C:\dds.scr
2009-03-29 14:58 <DIR> --d----- C:\SDFix
2009-03-29 02:00 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-03-29 01:56 <DIR> --d----- c:\windows\ERUNT
2009-03-29 01:50 <DIR> --d----- C:\SDFix111
2009-03-29 00:23 <DIR> --d----- c:\program files\TrojanHunter 4.2
2009-03-29 00:15 <DIR> --d----- c:\program files\ACW
2009-03-23 22:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-03-23 19:12 <DIR> --d----- c:\program files\common files\Livescribe
2009-03-23 19:11 <DIR> --d----- c:\program files\Livescribe
2009-03-23 19:08 20,352 a------- c:\windows\system32\drivers\tclondrv.sys
2009-03-23 19:08 <DIR> --d----- c:\program files\TuneClone
2009-03-21 17:08 <DIR> --d----- c:\program files\iPod
2009-03-21 17:08 <DIR> --d----- c:\program files\iTunes
2009-03-21 17:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-21 17:07 <DIR> --d----- c:\program files\Bonjour
2009-03-21 17:05 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-21 12:32 <DIR> --d----- c:\docume~1\mark\applic~1\Windows Search
2009-03-21 12:24 <DIR> --d----- c:\docume~1\mark\applic~1\Windows Desktop Search
2009-03-21 12:24 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-03-21 12:24 <DIR> --d----- c:\program files\Windows Desktop Search
2009-03-21 12:24 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-03-21 12:24 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-03-21 12:24 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-03-21 11:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-03-20 07:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ALM
2009-03-20 07:37 45,392 a----r-- c:\windows\system32\AdobePDF.dll
2009-03-20 07:37 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-03-20 06:02 <DIR> --d----- c:\program files\AdorageI-GfxDatas
2009-03-20 05:53 51 a------- c:\windows\system32\blue.SITENAME
2009-03-20 05:53 1,208 a------- c:\windows\VFO.INI
2009-03-20 05:53 455 a------- c:\windows\VFO.VST
2009-03-17 21:09 <DIR> --d----- c:\program files\LooksBuilderSE
2009-03-17 21:08 237,568 a----r-- c:\windows\system32\qtmlClient.dll
2009-03-17 21:08 69,632 a------- c:\windows\system32\MtxPreview.dll
2009-03-17 21:08 49,152 a------- c:\windows\system32\MtxParhBFXPreview.dll
2009-03-17 21:08 49,152 a------- c:\windows\system32\CvoAPI.dll
2009-03-17 21:08 45,056 a------- c:\windows\system32\BFXSrcFilter.ax
2009-03-17 21:08 0 a------- c:\windows\Graffiti5.2Pin.ini
2009-03-17 21:08 <DIR> --d----- c:\program files\Boris FX, Inc
2009-03-17 21:03 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-03-17 21:03 <DIR> --d----- c:\program files\SureThing Express Labeler
2009-03-17 21:01 <DIR> --d----- c:\program files\common files\Pinnacle
2009-03-17 21:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pinnacle Studio Ultimate
2009-03-17 20:58 <DIR> --d----- c:\program files\common files\Yahoo!
2009-03-17 20:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Studio 12
2009-03-17 20:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pinnacle Studio Plus
2009-03-15 19:24 <DIR> --d----- c:\docume~1\mark\applic~1\ZoomBrowser EX
2009-03-15 19:23 <DIR> --d----- c:\docume~1\mark\applic~1\CameraWindowDC
2009-03-15 19:23 <DIR> --d----- c:\docume~1\mark\applic~1\CANON INC
2009-03-15 19:23 5,632 a------- c:\windows\system32\ptpusb.dll
2009-03-15 19:23 159,232 a------- c:\windows\system32\ptpusd.dll
2009-03-11 18:25 <DIR> --d----- C:\DVD
2009-03-10 00:15 <DIR> --d----- c:\windows\system32\Adobe
2009-03-09 21:39 <DIR> --d----- C:\email saves
2009-03-06 19:16 <DIR> --d----- c:\windows\system32\appmgmt
2009-03-06 19:08 520,192 a------- c:\windows\system32\prodad-codec.dll
2009-03-06 19:08 321,088 a------- c:\windows\system32\proDAD-PA-Support.dll
2009-03-06 19:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\proDAD
2009-03-06 07:49 201,050 a------- c:\windows\system32\nvapps.nvb
2009-03-06 07:02 <DIR> --d-h--- c:\windows\PIF
2009-03-06 00:01 <DIR> --d----- c:\docume~1\mark\applic~1\Jasc
2009-03-05 23:59 107,864 a------- c:\windows\system32\tsccvid.dll
2009-03-05 23:19 <DIR> --d----- c:\windows\DC10plus.drv
2009-03-05 18:38 89 a------- c:\windows\ULead32.ini
2009-03-05 18:38 <DIR> --d----- c:\windows\Ulead.dat
2009-03-05 18:37 34,816 a------- c:\windows\system32\drivers\SSHDRV5C.sys
2009-03-05 18:31 212,480 -------- c:\windows\system32\PCDLIB32.DLL
2009-03-05 18:21 544,768 a------- c:\windows\system32\CSCnvrtX.dll
2009-03-05 18:18 2,653,888 a------- c:\windows\system32\LTRDG13n.OCX
2009-03-05 18:18 94,964 a------- c:\windows\system32\drivers\Hlp.sys
2009-03-05 16:50 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-05 08:00 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-05 08:00 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-05 08:00 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-05 08:00 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-05 08:00 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-05 08:00 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-05 08:00 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-05 08:00 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-05 00:28 <DIR> --d----- c:\windows\system32\scripting
2009-03-05 00:28 <DIR> --d----- c:\windows\system32\en
2009-03-05 00:28 <DIR> --d----- c:\windows\l2schemas
2009-03-05 00:28 <DIR> --d----- c:\windows\system32\bits
2009-03-05 00:26 <DIR> --d----- c:\windows\ServicePackFiles
2009-03-04 22:24 286,720 a------- c:\windows\iun506.exe
2009-03-04 22:24 <DIR> --d----- c:\program files\Magic Flare
2009-03-03 22:56 <DIR> --d----- c:\program files\RADVideo
2009-03-03 07:47 24,126 a------- c:\windows\system32\drivers\CGY043B.sys
2009-03-03 07:47 24,093 a------- c:\windows\system32\drivers\CGY013.sys
2009-03-03 07:47 24,093 a------- c:\windows\system32\drivers\CGY012.sys
2009-03-03 07:47 24,059 a------- c:\windows\system32\drivers\Cw75.sys
2009-03-03 07:47 24,059 a------- c:\windows\system32\drivers\CW50.sys
2009-03-03 07:47 <DIR> --d----- c:\program files\CASIO
2009-03-03 02:45 60,032 a------- c:\windows\system32\drivers\usbaudio.sys
2009-03-03 02:32 <DIR> --d----- c:\docume~1\mark\applic~1\proDAD
2009-03-03 00:57 401,408 a------- c:\windows\system32\pvmjpg30.dll
2009-03-03 00:57 1,772,032 a------- c:\windows\system32\LTCLR13s.dll
2009-03-03 00:57 930,992 -------- c:\windows\system32\Ltr13n.dll
2009-03-03 00:57 306,352 -------- c:\windows\system32\Ltrio13n.dll
2009-03-03 00:57 409,600 -------- c:\windows\system32\LFCMP13s.DLL
2009-03-03 00:57 110,080 -------- c:\windows\system32\lfpsd13s.dll
2009-03-03 00:57 70,144 -------- c:\windows\system32\lfbmp13s.dll
2009-03-03 00:57 64,512 -------- c:\windows\system32\lftga13s.dll
2009-03-03 00:55 196,096 a------- c:\windows\system32\macd32.dll
2009-03-03 00:55 138,752 a------- c:\windows\system32\mase32.dll
2009-03-03 00:55 136,192 a------- c:\windows\system32\mamc32.dll
2009-03-03 00:55 57,856 a------- c:\windows\system32\masd32.dll
2009-03-03 00:55 27,648 a------- c:\windows\system32\ma32.dll
2009-03-03 00:54 41,219 a------- c:\windows\RSETPATH.exe
2009-03-03 00:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pinnacle Studio
2009-03-03 00:20 17 a------- c:\windows\MovingPicture.ini
2009-03-03 00:11 <DIR> --d----- c:\windows\Cache
2009-03-03 00:04 <DIR> --d----- c:\program files\proDAD
2009-03-02 23:57 <DIR> --d----- c:\program files\AdorageI-SAL
2009-03-02 23:18 171,520 a------- c:\windows\system32\drivers\MarvinBus.sys
2009-03-02 23:13 <DIR> --d----- c:\program files\DivX
2009-03-02 22:59 <DIR> --d----- c:\program files\SmartSound Software
2009-03-02 22:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SmartSound Software Inc
2009-03-02 22:39 90,112 a------- c:\windows\unvise32.exe
2009-03-02 22:32 <DIR> --d----- c:\program files\Pinnacle
2009-03-02 22:31 14,165 a------- c:\windows\system32\drivers\Pclepci.sys
2009-03-02 22:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-03-02 22:12 <DIR> --d----- c:\program files\common files\Canon
2009-03-02 21:52 86,016 a------- c:\windows\system32\CNMCP61.exe
2009-03-02 21:50 <DIR> --d----- c:\windows\IP4000,3000
2009-03-02 21:50 <DIR> --d----- c:\windows\StartHtmico
2009-03-02 21:45 <DIR> --d----- C:\Panasonic
2009-03-02 21:44 <DIR> --d----- c:\program files\common files\Panasonic
2009-03-02 21:43 40,960 a------- c:\windows\system32\sdsrvctl.exe
2009-03-02 21:43 36,864 a------- c:\windows\system32\SDDEVMGR.dll
2009-03-02 21:43 <DIR> --d----- c:\windows\system32\sda
2009-03-02 21:43 49,152 -------- c:\windows\system32\sdpasvc.exe
2009-03-02 21:35 <DIR> --d----- c:\program files\DVD to iPod Converter
2009-03-02 21:22 <DIR> --d----- c:\program files\Demonoid
2009-03-02 21:22 <DIR> --d----- c:\program files\Conduit
2009-03-02 20:58 <DIR> --d----- c:\program files\Jasc Software Inc
2009-03-02 00:29 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-01 23:00 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-01 23:00 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-03-01 22:59 1,846,784 -c------ c:\windows\system32\dllcache\win32k.sys
2009-03-01 22:59 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-01 22:59 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-01 22:59 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-01 22:59 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-01 22:56 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-03-01 22:56 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-01 22:56 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-03-01 22:55 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-03-01 22:53 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-03-01 22:26 1,056,768 -------- c:\windows\system32\ROBOEX32.DLL
2009-03-01 22:26 49,152 -------- c:\windows\system32\INETWH32.dll
2009-03-01 22:26 <DIR> --d----- c:\program files\common files\Ulead Systems
2009-03-01 22:26 <DIR> --d----- c:\program files\Ulead Systems
2009-03-01 21:30 2,463,976 a------- c:\windows\system32\NPSWF32.dll
2009-03-01 21:30 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe
2009-03-01 20:38 <DIR> --d----- c:\program files\common files\Corel
2009-03-01 20:28 <DIR> --d----- c:\program files\Avanquest update
2009-03-01 20:28 26,112 a------- c:\windows\system32\drivers\usbser.sys
2009-03-01 20:27 5,936 -------- c:\documents and settings\mark\mqdmwhnt.sys
2009-03-01 20:27 25,600 a------- c:\windows\system32\drivers\usbsermptxp.sys
2009-03-01 20:27 92,064 -------- c:\documents and settings\mark\mqdmmdm.sys
2009-03-01 20:27 79,328 -------- c:\documents and settings\mark\mqdmserd.sys
2009-03-01 20:27 66,656 -------- c:\documents and settings\mark\mqdmbus.sys
2009-03-01 20:27 25,600 -------- c:\documents and settings\mark\usbsermptxp.sys
2009-03-01 20:27 22,768 -------- c:\documents and settings\mark\usbsermpt.sys
2009-03-01 20:27 9,232 -------- c:\documents and settings\mark\mqdmmdfl.sys
2009-03-01 20:27 6,208 -------- c:\documents and settings\mark\mqdmcmnt.sys
2009-03-01 20:27 4,048 -------- c:\documents and settings\mark\mqdmcr.sys
2009-03-01 20:27 <DIR> --d----- c:\program files\Motorola Phone Tools
2009-03-01 20:19 <DIR> --d-h--- C:\BJPrinter
2009-03-01 20:19 7,680 a------- c:\windows\system32\CNMVS61.DLL
2009-03-01 20:19 116,736 a------- c:\windows\system32\CNMLM61.DLL
2009-03-01 19:41 <DIR> --d----- c:\program files\common files\HP
2009-03-01 19:32 278,584 a------- c:\windows\system32\HPZidr12.dll
2009-03-01 19:32 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-03-01 19:32 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-03-01 19:32 69,632 a------- c:\windows\system32\HPZipm12.exe
2009-03-01 19:32 61,440 a------- c:\windows\system32\HPZinw12.exe
2009-03-01 19:32 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-03-01 19:30 <DIR> --d----- c:\program files\HP
2009-03-01 19:27 48,967 a------- c:\windows\HPHins07.dat
2009-03-01 19:27 1,111 -------- c:\windows\hphmdl07.dat
2009-03-01 19:27 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-03-01 19:27 51,120 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-03-01 19:27 274,432 a----r-- c:\windows\system32\HPZc3212.dll
2009-03-01 19:27 21,744 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-03-01 19:25 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-03-01 19:25 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-03-01 19:23 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-03-01 19:19 <DIR> --d----- c:\program files\Canon
2009-03-01 19:18 <DIR> --d----- c:\documents and settings\mark\WINDOWS
2009-03-01 19:17 11,776 a------- c:\windows\system32\pmsbfn32.dll
2009-03-01 19:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SSScanWizard
2009-03-01 19:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SSScanAppDataDir
2009-03-01 19:13 525 a------- c:\windows\MAXLINK.INI
2009-03-01 19:13 <DIR> --d----- c:\program files\common files\ScanSoft Shared
2009-03-01 19:13 <DIR> --d----- c:\program files\ScanSoft
2009-03-01 19:11 757,760 a------- c:\windows\system32\CNQA2404.dll
2009-03-01 19:11 389,180 a------- c:\windows\system32\UCS32P.DLL
2009-03-01 19:11 360,448 a------- c:\windows\system32\CNQL2404.dll
2009-03-01 19:11 40,960 a------- c:\windows\system32\CNQU80.DLL
2009-03-01 19:11 <DIR> --d-h--- C:\CanoScan
2009-03-01 18:29 <DIR> --d----- c:\program files\Corel
2009-03-01 18:23 306,688 a------- c:\windows\IsUninst.exe
2009-03-01 18:17 337 a------- c:\windows\system32\tablet.dat
2009-03-01 18:17 <DIR> --d----- c:\program files\Tablet
2009-03-01 18:17 <DIR> --d----- c:\windows\system32\Wtablet
2009-03-01 01:49 <DIR> --d----- c:\program files\AviSynth 2.5
2009-03-01 01:49 <DIR> --d----- c:\program files\Avi2Dvd
2009-03-01 01:47 77,824 a------- c:\windows\system32\xvid.ax
2009-03-01 01:47 <DIR> --d----- c:\program files\Xvid
2009-03-01 01:05 <DIR> --d----- c:\program files\uTorrent
2009-03-01 01:05 <DIR> --d----- c:\docume~1\mark\applic~1\uTorrent
2009-03-01 00:42 3,077,416 a------- c:\windows\system32\AdvrCntr2D6E0B790.dll
2009-03-01 00:41 1,000,744 a------- c:\windows\system32\ShellManager10E2D762.dll
2009-03-01 00:41 642,048 a------- c:\windows\system32\NEROINSTAEC43759.DB
2009-02-28 21:24 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-28 19:16 <DIR> --d----- c:\windows\network diagnostic
2009-02-28 19:00 <DIR> --d----- c:\program files\Eusing Free Registry Cleaner
2009-02-28 18:55 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-02-28 18:55 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-28 18:55 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-02-28 18:55 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-28 18:55 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-02-28 18:55 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-02-28 18:55 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-02-28 18:55 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-02-28 18:55 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-02-28 18:17 <DIR> --d----- c:\windows\system32\PreInstall
2009-02-28 18:09 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-02-28 18:09 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-02-28 18:09 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-02-28 18:09 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-02-28 18:09 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-02-28 17:55 102 a------- c:\windows\webica.ini
2009-02-28 17:42 <DIR> --dsh--- c:\documents and settings\mark\UserData
2009-02-28 17:15 <DIR> --d----- c:\program files\VideoLAN
2009-02-28 17:13 <DIR> --d----- c:\windows\system32\custom matrices
2009-02-28 17:13 <DIR> --d----- c:\windows\system32\QuickTime
2009-02-28 17:13 <DIR> --d----- c:\windows\system32\C2MP
2009-02-28 17:08 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-02-28 17:07 <DIR> --d----- c:\windows\system32\LogFiles
2009-02-28 16:51 69 a------- c:\windows\NeroDigital.ini
2009-02-28 01:08 <DIR> --d----- c:\program files\DVD Decrypter
2009-02-28 01:08 <DIR> --d----- c:\program files\DVD Shrink
2009-02-28 00:26 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-28 00:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-28 00:10 <DIR> --d----- c:\program files\Lavasoft
2009-02-28 00:08 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-28 00:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-27 19:41 1,324 a------- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2009-03-05 23:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-05 00:29 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-27 01:28 110,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-27 01:28 48,768 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-27 01:28 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-27 01:28 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-27 01:18 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SmartpenCom_01007.Wdf
2009-02-27 01:18 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SmartpenBus_01007.Wdf
2009-02-27 01:18 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-26 14:13 319,488 a------- c:\windows\HideWin.exe
2009-02-26 13:08 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-26 12:16 121,856 a------- c:\windows\system32\drivers\Rtenicxp.sys
2009-02-09 22:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-16 14:45 73,728 a------- c:\windows\system32\RtNicProp32.dll

============= FINISH: 16:40:30.32 ===============

and finally my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:12 PM, on 3/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Panasonic\SD-JukeboxV3\sdjbmgr.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TuneClone\TuneClone.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Mark\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Demonoid Toolbar - {35b675b9-7f34-40df-8f49-5fab6b7e4aef} - C:\Program Files\Demonoid\tbDem0.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Demonoid Toolbar - {35b675b9-7f34-40df-8f49-5fab6b7e4aef} - C:\Program Files\Demonoid\tbDem0.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Demonoid Toolbar - {35b675b9-7f34-40df-8f49-5fab6b7e4aef} - C:\Program Files\Demonoid\tbDem0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk.disabled (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk.disabled (User 'Default user')
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: HP Image Zone Fast Start.lnk.disabled
O4 - Global Startup: TabUserW.exe.lnk.disabled
O4 - Global Startup: Windows Search.lnk.disabled
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1235804799406
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AE800E7-B3C0-42C9-8D19-85D656C884AE}: NameServer = 85.255.112.121,85.255.112.123
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.121,85.255.112.123
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.121,85.255.112.123
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SDJB Manager - ?????????? - C:\Program Files\Panasonic\SD-JukeboxV3\sdjbmgr.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsubleepa Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 11173 bytes

hope you can help me

Mark

BC AdBot (Login to Remove)

 


#2 wpsvideo

wpsvideo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 30 March 2009 - 05:57 PM

All fixed it would seem - thanks for listening
Mark

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:08:24 PM

Posted 04 April 2009 - 06:05 PM

Thanks for informing us.

Good luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users