Free Malware Removal Forum

[Toon49]

Windows defender has shown I have this virus but can't remove it. No other anti virus or anti spyware can locate it or remove it. I am on Vista and don't know how to get rid of it. It redirects my seaches on google to different websites which I haven't clicked on. Here is my log:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:05, on 19/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.tescophoto.com/wpp/tesco/app ... oader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://maxspielmann.uk.photo-online.com ... oader4.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10023 bytes

[MWR 3 day Mod]

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

[jmw3]

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is posted is ticked on the POST A REPLY page.

In the meantime please note the following:

• Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
• Any recommendations made are for your computer problems only and should NOT be used on any other computer.
• Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
  1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
  2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
• If you get stuck or are unsure of something please ask for a further explanation, do not guess.
• It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2

• Double-Click on dds.scr and a command window will appear. This is normal
• Shortly after two logs will appear, DDS.txt & Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

Gmer
Download GMER Rootkit Scanner from here.

• Right click the .exe file then choose Run as Adminstrator. If asked to allow gmer.sys driver to load, please consent
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
• Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log

[Toon49]

dds log:

DDS (Ver_09-10-24.01) - NTFSx86
Run by Jade at 17:56:04.72 on 24/10/2009
Internet Explorer: 8.0.6001.18828

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.tescophoto.com/wpp/tesco/app ... oader5.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resourc ... oscan8.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/softwa ... Plugin.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://maxspielmann.uk.photo-online.com ... oader4.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-19 18:34:02 0 d-----w- c:\users\jade\appdata\roaming\Malwarebytes
2009-10-19 18:32:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 18:31:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 18:31:21 0 d-----w- c:\programdata\Malwarebytes
2009-10-19 18:31:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 18:11:58 0 d-----w- c:\program files\Trend Micro
2009-10-18 19:34:18 0 d-----w- c:\programdata\Comodo
2009-10-18 19:34:15 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-10-18 19:34:15 179792 ----a-w- c:\windows\system32\guard32.dll
2009-10-18 19:34:15 128888 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-10-18 19:34:13 0 d-----w- c:\program files\COMODO
2009-10-18 19:21:34 0 d---a-w- c:\programdata\TEMP
2009-10-18 19:21:25 0 d-----w- c:\program files\SpywareBlaster
2009-10-18 18:56:27 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-18 18:56:25 0 d-----w- c:\programdata\Avira
2009-10-18 18:56:25 0 d-----w- c:\program files\Avira
2009-10-18 16:16:41 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-18 16:16:06 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-18 16:16:05 0 d-----w- c:\users\jade\appdata\roaming\SUPERAntiSpyware.com
2009-10-18 16:15:16 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-17 19:44:11 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-17 19:43:32 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-17 19:43:31 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-17 19:37:35 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-17 19:36:26 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-17 19:36:02 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-15 19:26:41 0 d-----w- c:\program files\iPod(242)
2009-10-15 19:26:37 0 d-----w- c:\program files\iTunes(243)
2009-10-06 19:22:40 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-06 19:22:40 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-06 19:20:54 0 d-----w- c:\program files\iPod(153)
2009-10-06 19:20:54 0 d-----w- c:\program files\iPod
2009-10-06 19:20:47 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-06 19:20:47 0 d-----w- c:\program files\iTunes(154)
2009-10-06 19:20:47 0 d-----w- c:\program files\iTunes
2009-10-03 10:34:04 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 09:04:30 0 d-----w- c:\programdata\Office Genuine Advantage
2009-09-29 13:36:16 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-29 13:36:14 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-29 13:36:10 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-29 13:36:07 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-29 13:36:06 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-29 13:36:05 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-29 13:36:05 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-27 10:26:46 0 d-----w- c:\windows\system32\eu-ES
2009-09-27 10:26:46 0 d-----w- c:\windows\system32\ca-ES
2009-09-27 10:26:42 0 d-----w- c:\windows\system32\vi-VN
2009-09-27 09:09:15 0 d-----w- c:\windows\system32\EventProviders
2009-09-25 15:49:22 0 d-----w- c:\program files\DivX
2009-09-25 15:49:22 0 d-----w- c:\program files\common files\DivX Shared
2009-09-24 17:51:59 324608 ----a-w- c:\windows\system32\sdohlp.dll
2009-09-24 17:50:59 856064 ----a-w- c:\windows\system32\mswdat10.dll
2009-09-24 17:49:59 85504 ----a-w- c:\windows\system32\msctfui.dll
2009-09-24 17:48:51 247808 ----a-w- c:\windows\system32\drvstore.dll

==================== Find3M ====================

2009-10-18 19:37:21 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-18 19:37:21 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-18 19:37:20 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-27 10:26:26 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-27 09:30:19 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-17 22:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 16:41:17 27240 ----a-w- c:\users\jade\appdata\roaming\nvModes.dat
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 14:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2008-10-27 17:27:29 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-13 14:38:47 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 17:59:55.54 ===============


Attach log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-24.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 24/04/2008 21:13:44
System Uptime: 24/10/2009 17:25:53 (1 hours ago)

Motherboard: Quanta | | 30DA
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket S1 | 800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 221 GiB total, 111.16 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.045 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player
Adobe Shockwave Player 11
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
µTorrent
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Bonjour
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
Derby Day
DivX Web Player
DVD Suite
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.9.0
EA Link
ESU for Microsoft Vista
Football Manager 2008
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Total Care Advisor
HP Update
HP User Guides 0088
HP Wireless Assistant
HPNetworkAssistant
iTunes
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 7
LabelPrint
LG PC Suite III
LG USB Modem Drivers
LightScribe System Software 1.10.13.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MobileMe Control Panel
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
My HP Games
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PeerGuardian 2.0
Power2Go
PowerDirector
QuickPlay SlingPlayer 0.4.4
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Sibelius Scorch (ActiveX Only)
Spelling Dictionaries Support For Adobe Reader 8
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
The Sims 2
The Sims 2 Nightlife
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
The Sims™ Life Stories
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
Vega$ Make It Big 1.0
VideoLAN VLC media player 0.8.6d
Videora iPod Converter 3.08
Viewpoint Media Player
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
WinRAR archiver
XP Codec Pack

==== End Of File ===========================


Gmer log:

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-24 18:21:02
Windows 6.0.6002 Service Pack 2
Running: 6l4xibmt.exe; Driver: C:\Users\Jade\AppData\Local\Temp\kglcypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8F70EF32]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8F710182]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8F70F118]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8F70E292]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8F70EAD6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8F70E174]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8F70E92C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8F70FE3C]
SSDT 9AFF3CBC ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x8F70DA9C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8F70FABE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8F70E516]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8F70ED1A]
SSDT 9AFF3CA8 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8F70E7A6]
SSDT 9AFF3CAD ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8F70F5D8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8F70F85A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8F70FC6C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8F70E4B0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8F70E69A]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8FCB00B0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8F70DF0C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8F70F224]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 [8291E9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 [8291E9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort0 [8291E9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort1 [8291E9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort2 [8291E9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort3 [8291E9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

[jmw3]

MRU P2P Policy
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent

I'd like you to read the MRU policy for P2P Programs.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) & any other P2P programs.

Re-run DDS & post the contents of both logs please.

[Toon49]

dds log :



DDS (Ver_09-10-24.01) - NTFSx86
Run by Jade at 18:56:48.93 on 24/10/2009
Internet Explorer: 8.0.6001.18828

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.tescophoto.com/wpp/tesco/app ... oader5.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resourc ... oscan8.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/softwa ... Plugin.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://maxspielmann.uk.photo-online.com ... oader4.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-19 18:34:02 0 d-----w- c:\users\jade\appdata\roaming\Malwarebytes
2009-10-19 18:32:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 18:31:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 18:31:21 0 d-----w- c:\programdata\Malwarebytes
2009-10-19 18:31:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 18:11:58 0 d-----w- c:\program files\Trend Micro
2009-10-18 19:34:18 0 d-----w- c:\programdata\Comodo
2009-10-18 19:34:15 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-10-18 19:34:15 179792 ----a-w- c:\windows\system32\guard32.dll
2009-10-18 19:34:15 128888 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-10-18 19:34:13 0 d-----w- c:\program files\COMODO
2009-10-18 19:21:34 0 d---a-w- c:\programdata\TEMP
2009-10-18 19:21:25 0 d-----w- c:\program files\SpywareBlaster
2009-10-18 18:56:27 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-18 18:56:25 0 d-----w- c:\programdata\Avira
2009-10-18 18:56:25 0 d-----w- c:\program files\Avira
2009-10-18 16:16:41 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-18 16:16:06 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-18 16:16:05 0 d-----w- c:\users\jade\appdata\roaming\SUPERAntiSpyware.com
2009-10-18 16:15:16 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-17 19:44:11 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-17 19:43:32 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-17 19:43:31 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-17 19:37:35 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-17 19:36:26 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-17 19:36:02 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-15 19:26:41 0 d-----w- c:\program files\iPod(242)
2009-10-15 19:26:37 0 d-----w- c:\program files\iTunes(243)
2009-10-06 19:22:40 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-06 19:22:40 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-06 19:20:54 0 d-----w- c:\program files\iPod(153)
2009-10-06 19:20:54 0 d-----w- c:\program files\iPod
2009-10-06 19:20:47 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-06 19:20:47 0 d-----w- c:\program files\iTunes(154)
2009-10-06 19:20:47 0 d-----w- c:\program files\iTunes
2009-10-03 10:34:04 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 09:04:30 0 d-----w- c:\programdata\Office Genuine Advantage
2009-09-29 13:36:16 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-29 13:36:14 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-29 13:36:10 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-29 13:36:07 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-29 13:36:06 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-29 13:36:05 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-29 13:36:05 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-27 10:26:46 0 d-----w- c:\windows\system32\eu-ES
2009-09-27 10:26:46 0 d-----w- c:\windows\system32\ca-ES
2009-09-27 10:26:42 0 d-----w- c:\windows\system32\vi-VN
2009-09-27 09:09:15 0 d-----w- c:\windows\system32\EventProviders
2009-09-25 15:49:22 0 d-----w- c:\program files\DivX
2009-09-25 15:49:22 0 d-----w- c:\program files\common files\DivX Shared

==================== Find3M ====================

2009-10-18 19:37:21 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-18 19:37:21 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-18 19:37:20 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-27 10:26:26 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-27 09:30:19 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-17 22:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 16:41:17 27240 ----a-w- c:\users\jade\appdata\roaming\nvModes.dat
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 14:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2008-10-27 17:27:29 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-13 14:38:47 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 18:59:20.16 ===============


Attach log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-24.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 24/04/2008 21:13:44
System Uptime: 24/10/2009 17:38:33 (1 hours ago)

Motherboard: Quanta | | 30DA
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket S1 | 800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 221 GiB total, 111.138 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.045 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP316: 16/10/2009 17:25:20 - Windows Update
RP317: 17/10/2009 10:09:56 - Windows Update
RP319: 17/10/2009 12:50:16 - Avg8 Update
RP321: 17/10/2009 16:16:28 - Windows Defender Checkpoint
RP322: 17/10/2009 20:06:09 - Restore Operation
RP323: 17/10/2009 20:41:58 - Windows Update
RP325: 18/10/2009 10:13:43 - Windows Defender Checkpoint
RP326: 18/10/2009 10:15:54 - Windows Update
RP328: 18/10/2009 10:47:03 - Avg8 Update
RP329: 18/10/2009 17:15:37 - Installed SUPERAntiSpyware Free Edition
RP330: 18/10/2009 19:41:33 - Removed AVG Free 8.5
RP331: 18/10/2009 19:42:59 - Installed AVG Free 8.5
RP333: 18/10/2009 19:50:46 - Windows Defender Checkpoint
RP335: 18/10/2009 19:54:46 - Avira AntiVir Personal - 18/10/2009 19:54
RP336: 18/10/2009 20:36:55 - Device Driver Package Install: COMODO Network Service
RP337: 19/10/2009 15:54:58 - Windows Update
RP338: 19/10/2009 16:15:47 - Windows Update
RP340: 19/10/2009 18:29:03 - Windows Defender Checkpoint
RP341: 20/10/2009 19:57:31 - Scheduled Checkpoint
RP343: 20/10/2009 20:52:23 - Windows Defender Checkpoint
RP344: 21/10/2009 17:49:09 - Scheduled Checkpoint
RP345: 22/10/2009 15:50:44 - Windows Update
RP347: 22/10/2009 21:00:54 - Windows Defender Checkpoint

==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player
Adobe Shockwave Player 11
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Bonjour
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
Derby Day
DivX Web Player
DVD Suite
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.9.0
EA Link
ESU for Microsoft Vista
Football Manager 2008
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Total Care Advisor
HP Update
HP User Guides 0088
HP Wireless Assistant
HPNetworkAssistant
iTunes
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 7
LabelPrint
LG PC Suite III
LG USB Modem Drivers
LightScribe System Software 1.10.13.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MobileMe Control Panel
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
My HP Games
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PeerGuardian 2.0
Power2Go
PowerDirector
QuickPlay SlingPlayer 0.4.4
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Sibelius Scorch (ActiveX Only)
Spelling Dictionaries Support For Adobe Reader 8
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
The Sims 2
The Sims 2 Nightlife
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
The Sims™ Life Stories
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
Vega$ Make It Big 1.0
VideoLAN VLC media player 0.8.6d
Videora iPod Converter 3.08
Viewpoint Media Player
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
WinRAR archiver
XP Codec Pack

==== End Of File ===========================

[jmw3]

Hi

Multiple Anti-virus Programs
You are operating your computer with multiple Anti-virus programs running in memory at once:
Avira AntiVir Personal - Free Antivirus | COMODO Internet Security
Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them NOW.

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

Java(TM) 6 Update 2
Java(TM) 6 Update 7

If some programs listed are not present, please do not panic

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  A guide to do this can be found here
• Right-click on ComboFix.exe then choose Run as Administrator & follow the prompts
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

To post in next reply:
ComboFix log
New HijackThis log

[Toon49]

ComboFix 09-10-24.01 - Jade 25/10/2009 10:04.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1842 [GMT 0:00]
Running from: c:\users\Jade\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2637195379-3788091734-1524753686-500
c:\$recycle.bin\S-1-5-21-3154062678-3582439290-3180834714-500
c:\users\Jade\AppData\Roaming\inst.exe
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-25 10:21 . 2009-10-25 10:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-24 18:04 . 2009-10-24 18:25 -------- d-----w- c:\users\Jade\AppData\Roaming\GetRightToGo
2009-10-19 18:34 . 2009-10-19 18:34 -------- d-----w- c:\users\Jade\AppData\Roaming\Malwarebytes
2009-10-19 18:32 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 18:31 . 2009-10-19 18:31 -------- d-----w- c:\programdata\Malwarebytes
2009-10-19 18:31 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 18:31 . 2009-10-19 18:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 18:11 . 2009-10-19 18:11 -------- d-----w- c:\program files\Trend Micro
2009-10-19 17:28 . 2009-10-19 17:28 -------- d-----w- c:\windows\BDOSCAN8
2009-10-18 19:34 . 2009-10-18 19:34 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-10-18 19:34 . 2009-10-25 08:47 -------- d-----w- c:\program files\COMODO
2009-10-18 19:21 . 2009-10-19 15:02 -------- d-----w- c:\program files\SpywareBlaster
2009-10-18 18:56 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-18 18:56 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-18 18:56 . 2009-10-18 18:56 -------- d-----w- c:\programdata\Avira
2009-10-18 18:56 . 2009-10-18 18:56 -------- d-----w- c:\program files\Avira
2009-10-18 16:16 . 2009-10-18 16:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-18 16:16 . 2009-10-18 16:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-18 16:16 . 2009-10-18 16:16 -------- d-----w- c:\users\Jade\AppData\Roaming\SUPERAntiSpyware.com
2009-10-18 16:15 . 2009-10-18 16:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-17 19:44 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-17 19:43 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-17 19:43 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-17 19:37 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-17 19:36 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-17 19:36 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-15 19:26 . 2009-10-15 19:26 -------- d-----w- c:\program files\iPod(242)
2009-10-15 19:26 . 2009-10-15 19:28 -------- d-----w- c:\program files\iTunes(243)
2009-10-13 14:37 . 2009-10-13 14:46 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-06 19:22 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-06 19:22 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-06 19:20 . 2009-10-17 19:20 -------- d-----w- c:\program files\iPod
2009-10-06 19:20 . 2009-10-06 19:20 -------- d-----w- c:\program files\iPod(153)
2009-10-06 19:20 . 2009-10-17 19:20 -------- d-----w- c:\program files\iTunes
2009-10-06 19:20 . 2009-10-06 19:22 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-06 19:20 . 2009-10-06 19:22 -------- d-----w- c:\program files\iTunes(154)
2009-10-03 10:34 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 09:04 . 2009-09-30 09:04 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-29 13:36 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-29 13:36 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-29 13:36 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-29 13:36 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-29 13:36 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-29 13:36 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-29 13:36 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-27 10:26 . 2009-09-27 10:30 -------- d-----w- c:\windows\system32\ca-ES
2009-09-27 10:26 . 2009-09-27 10:30 -------- d-----w- c:\windows\system32\eu-ES
2009-09-27 10:26 . 2009-09-27 10:30 -------- d-----w- c:\windows\system32\vi-VN
2009-09-27 09:09 . 2009-09-27 09:09 -------- d-----w- c:\windows\system32\EventProviders
2009-09-25 15:49 . 2009-09-25 15:49 -------- d-----w- c:\program files\DivX
2009-09-25 15:49 . 2009-09-25 15:49 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 08:18 . 2007-10-24 17:27 -------- d-----w- c:\program files\Java
2009-10-24 18:37 . 2008-08-23 17:40 121968 ----a-w- c:\users\Jade\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-24 18:35 . 2007-10-24 17:01 -------- d-----w- c:\programdata\Microsoft Help
2009-10-23 22:36 . 2008-09-18 17:29 680 ----a-w- c:\users\Jade\AppData\Local\d3d9caps.dat
2009-10-18 09:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-17 19:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-17 19:20 . 2008-08-24 13:23 -------- d-----w- c:\users\Jade\AppData\Roaming\uTorrent
2009-10-17 19:20 . 2009-06-29 20:08 -------- d-----w- c:\program files\QuickTime
2009-10-17 19:20 . 2008-08-25 09:40 -------- d-----w- c:\program files\Common Files\Apple
2009-10-10 13:38 . 2009-01-13 20:22 -------- d-----w- c:\program files\PeerGuardian2
2009-10-10 10:22 . 2008-08-25 09:52 -------- d-----w- c:\users\Jade\AppData\Roaming\Apple Computer
2009-09-27 10:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-27 10:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-27 10:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-27 10:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-27 10:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-10 19:28 . 2008-09-21 17:04 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-29 00:27 . 2009-09-05 15:40 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-05 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-17 19:40 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-17 19:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-17 19:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-17 19:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 16:41 . 2008-08-24 12:57 27240 ----a-w- c:\users\Jade\AppData\Roaming\nvModes.dat
2009-08-14 16:27 . 2009-09-09 10:22 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 10:22 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 10:22 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 10:22 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 10:22 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 10:22 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 10:22 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 10:22 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 10:22 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 10:22 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 10:22 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\users\Jade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):74,71,49,0f,89,3f,ca,01

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 20:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 20:24 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18/10/2009 18:56 108289]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 20:24 7408]
S3 UsbSagCom;Mobile Device Full USB Driver;c:\windows\System32\drivers\UsbSagCom.sys [29/06/2007 13:20 51712]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 10:21
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-25 10:25
ComboFix-quarantined-files.txt 2009-10-25 10:25

Pre-Run: 115,690,954,752 bytes free
Post-Run: 115,861,401,600 bytes free

- - End Of File - - 5CDFD0D2850B70A3311ACDD1FD1CB235




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:33, on 25/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.tescophoto.com/wpp/tesco/app ... oader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://maxspielmann.uk.photo-online.com ... oader4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8916 bytes

[jmw3]

Hi

Fix HiJackThis Entries

• Open HiJackThis
• Click on Do a system scan only
• Place a checkmark next to these lines(if still present):

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

• Close all windows except Hijackthis and click Fix Checked
• Click Yes when prompted
• Close HijackThis.

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all

SecCenter::
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
Folder::
c:\users\Jade\AppData\Roaming\uTorrent
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.

• Save any unsaved work. TFC Cleaner will close all open application windows
• Double-click TFC.exe to run the program, your desktop will temporarily disappear
• If prompted, click Yes to reboot

Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

Kaspersky Online Scan
Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it
Go to Kaspersky website and perform an online antivirus scan

• Read through the requirements and privacy statement and click on Accept button
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
• When the downloads have finished, click on Settings
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
• Click on My Computer under Scan
• Once the scan is complete, it will display the results. Click on View Scan Report
• You will see a list of infected items there. Click on Save Report As...
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply

Pictured tutorial if required.

To post in next reply:
ComboFix log
Kaspersky Scan log
New HijackThis log
Update on how the computer is running / problems

[Toon49]

ComboFix 09-10-24.01 - Jade 25/10/2009 22:05.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.2150 [GMT 0:00]
Running from: c:\users\Jade\Desktop\ComboFix.exe
Command switches used :: c:\users\Jade\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jade\AppData\Roaming\uTorrent
c:\users\Jade\AppData\Roaming\uTorrent\01-eminem-crack_a_bottle_(ft._dr_dre_&_50_cent).cds.dbs.mp3.torrent
c:\users\Jade\AppData\Roaming\uTorrent\17 Again[2009]DvDrip[Eng]-FXG.torrent
c:\users\Jade\AppData\Roaming\uTorrent\2pac - Juice dvd - 2pac juice film.avi.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Above.The.Rim.1994.DVDRip.XviD-SaM.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Alexandra_Burke_-_Hallelujah.mp3.torrent
c:\users\Jade\AppData\Roaming\uTorrent\All Quiet on the Western Front (1979) DVDRip (SiRiUs sHaRe).torrent
c:\users\Jade\AppData\Roaming\uTorrent\All The Kings Men KLAXXON.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Antwone Fisher.torrent
c:\users\Jade\AppData\Roaming\uTorrent\ATL.2006.DVDRip.xVID-LRC.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Baby.Boy.SWESUB.DVDRip.XviD.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Before Sunrise.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Beyonce.[2008]If I Were A Boy.Single.MP3@256.NeRoZ.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Beyonce.I Am Sasha Fierce(Deluxe Edition)[2008]MP3@320kbs.NeRoZ.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Bill Haley & His Comets - Rock Around The Clock.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Boyz N the Hood[DVDRIP]XVID,AC3(KNIGHTY1973).avi.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Brown Sugar.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Can't Hardly Wait[KonzillaRG][ENG][DVDrip].torrent
c:\users\Jade\AppData\Roaming\uTorrent\cant buy me love.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Cheryl Cole - Fight For This Love [www.getsometunes.co.uk].mp3.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Chipmunk_-_Oopsy_Daisy_-_[getsometunes.co.uk].mp3.torrent
c:\users\Jade\AppData\Roaming\uTorrent\David Guetta & Akon - Sexy Bitch [2156].mp3.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Dead Poets Society[1989]DvDrip[Eng]-FXG.torrent
c:\users\Jade\AppData\Roaming\uTorrent\dht.dat
c:\users\Jade\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Jade\AppData\Roaming\uTorrent\Dizzee Rascal - Dance Wiv Me.mp3.torrent
c:\users\Jade\AppData\Roaming\uTorrent\dizzee rascal armand van helden - bonkers.mp3.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Dreamgirls[2006]DvDrip[Eng]-aXXo.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Eminem-Relapse-2009.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Eminem-Whats_Your_Nem_(Presented_By_DJ_Whoo_Kid)-2009-MiiiX.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Eminem - Crack A Bottle Remix Ft. Bobby Creekwater Cashis Dr. Dre [Remix][CDQ-NODJ-DIRTY].torrent
c:\users\Jade\AppData\Roaming\uTorrent\Fast Times At Ridgemont High DVDRip Occor avi.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Fighting.2009.DVDRip.XviD-DASH.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Friday Night Lights.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Girls Aloud - Out Of Control [2008][CD+SkidVid_XviD+Cov].torrent
c:\users\Jade\AppData\Roaming\uTorrent\Green_Day-21st_Century_Breakdown-(Retail)-2009-H3X.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Hancock[2008]DvDrip-aXXo.torrent
c:\users\Jade\AppData\Roaming\uTorrent\He_Got_Game_ (1998)_DivX.avi.torrent
c:\users\Jade\AppData\Roaming\uTorrent\HEATHERS 1989 WS ENG DVDrip (DARKTIGER).avi.torrent
c:\users\Jade\AppData\Roaming\uTorrent\High School Musical DVDrip Occor.avi.torrent
c:\users\Jade\AppData\Roaming\uTorrent\high school musical 1, avi.torrent
c:\users\Jade\AppData\Roaming\uTorrent\High School Musical 2 Extended Edition [2007]DvDrip AC3 6ch[Eng]-DizRip.torrent
c:\users\Jade\AppData\Roaming\uTorrent\high school musical 2.avi.torrent
c:\users\Jade\AppData\Roaming\uTorrent\High School Musical 3 TS.torrent
c:\users\Jade\AppData\Roaming\uTorrent\High.School.Musical.3.CAM.XVID-WannBpreVail.torrent
c:\users\Jade\AppData\Roaming\uTorrent\High.School.Musical.DVDRip.XviD-KiT.torrent
c:\users\Jade\AppData\Roaming\uTorrent\HighSchoolMusical3.SeniorYear~CAM~THS(1-1).torrent
c:\users\Jade\AppData\Roaming\uTorrent\HSM 3.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Hustle and Flow.avi.torrent
c:\users\Jade\AppData\Roaming\uTorrent\James Morrison-Songs For You..[2008][CD+2 SkidVid_XviD+Cov].torrent
c:\users\Jade\AppData\Roaming\uTorrent\Jay-Z feat. Rihanna & Kanye West - Run This Town [2156].mp3.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Jay-Z Ft Alicia Keys - Empire State Of Mind [-2009-].zip.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Jeff Buckley - Hallelujah.mp3.torrent
c:\users\Jade\AppData\Roaming\uTorrent\JLS.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Lady GaGa - The Fame [2008][CD+SkidVid_XviD+Cov]320Kbps.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Lemar - The Reason (2008) [tRg music release].torrent
c:\users\Jade\AppData\Roaming\uTorrent\Lemar Discography - 3 Albums - [HUSSEY].torrent
c:\users\Jade\AppData\Roaming\uTorrent\Little Richard-4 cd.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Love & Basketball[Eng] [DvDrip.AC3].avi.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Lucas 1986 DvDrip[Eng]-greenbud1969.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Make.It.Happen[2008]DvDrip-aXXo.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Mama Mia CAM {Kvcd} (Canus RG).torrent
c:\users\Jade\AppData\Roaming\uTorrent\Mama Mia CAM XVID - STG.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Maximo Park - Quicken The Heart [mp3-vbr-2009].torrent
c:\users\Jade\AppData\Roaming\uTorrent\Menace 2 society[DVDRIP]XVID,MPEG(KNIGHTY1973)1993.avi.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Motown 50 Yesterday Today Forever 3CD 2008 ResourceRG Music TheReids.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Music And Lyrics.torrent
c:\users\Jade\AppData\Roaming\uTorrent\N-Dubz-Uncle_B-2008-P0w3rp0t1.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Never Been Kissed[1998]DvDrip-AC3[Eng]-MrFix.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Nickleback - All The Right Reasons.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Notorious[2009]DvDrip[Eng]-FXG.torrent
c:\users\Jade\AppData\Roaming\uTorrent\One Crazy Summer 1986 DvDrip[Eng]-greenbud1969.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Poetic Justice.avi.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Pretty In Pink 1986 DvDrip[Eng]-greenbud1969.torrent
c:\users\Jade\AppData\Roaming\uTorrent\resume.dat
c:\users\Jade\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Jade\AppData\Roaming\uTorrent\Right Round - Flo Rida.mp3.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Rihanna - Acapella 2009[www.dutchdawn.com].torrent
c:\users\Jade\AppData\Roaming\uTorrent\Risky Business 1983 DvDrip[Eng]-greenbud1969.torrent
c:\users\Jade\AppData\Roaming\uTorrent\rss.dat
c:\users\Jade\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Jade\AppData\Roaming\uTorrent\Rushmore [1998].avi.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Saturday.Night.Live.S34E20.Zac.Efron.HDTV.XviD-2HD.avi.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Say Anything Special Edition 1989 DvDrip[Eng]-greenbud1969.torrent
c:\users\Jade\AppData\Roaming\uTorrent\settings.dat
c:\users\Jade\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Jade\AppData\Roaming\uTorrent\Sex and The City (2008) DVDSCR Occor.avi.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Sex.And.The.City-The.Movie[2008][Extended.Cut]DvDrip-aXXo.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Shakira - She Wolf [2009].torrent
c:\users\Jade\AppData\Roaming\uTorrent\She's All That [1999][DvdRip][Eng] - Saiyanwarrior.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Sixteen Candles [1984] DvdRip [Eng] - Thizz.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Sleepless in Seattle.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Slumdog.Millionaire.2008.DVDSCR.XViD.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Some Kind Of Wonderful Special Collector's Edition 1987 DvDrip[Eng]-greenbud1969.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Stand.And.Deliver.1987.INTERNAL.DVDRip.XviD-VH-PROD.torrent
c:\users\Jade\AppData\Roaming\uTorrent\T.I. (Ft. Justin Timberlake) - Dead and Gone.mp3.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Taio Cruz - Break Your Heart.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Taylor Swift - Fearless [2008][CD+SkidVid_XviD+Cov]320Kbps.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Taylor Swift - Love Story.mp3.torrent
c:\users\Jade\AppData\Roaming\uTorrent\The Black Eyed Peas - Boom Boom Pow.MP3.torrent
c:\users\Jade\AppData\Roaming\uTorrent\The Enemy - Music For The People Mp3 320Kbps.torrent
c:\users\Jade\AppData\Roaming\uTorrent\The Saturdays - Chasing Lights [2008][CD+2 SkidVid_XviD+Cov].torrent
c:\users\Jade\AppData\Roaming\uTorrent\The Sims 2 FreeTime-vitality [btarena.org].torrent
c:\users\Jade\AppData\Roaming\uTorrent\The Sure Thing 1985 DvDrip[Eng]-greenbud1969.torrent
c:\users\Jade\AppData\Roaming\uTorrent\The.Girl.Next.Door.Unrated.DVDRiP.XViD-DEiTY.torrent
c:\users\Jade\AppData\Roaming\uTorrent\The_Black_Eyed_Peas-I_Gotta_Feeling_(AU_CDS)-2009-WRE.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Tinchy Stryder - Take me Back.mp3.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Tinchy Stryder ft. Amelle Berrabah - Never leave you [B0nzo] (-192kbs-) [UK] (( New )).zip.torrent
c:\users\Jade\AppData\Roaming\uTorrent\Tinchy Stryder Ft. N -Dubz - Number 1.mp3.torrent
c:\users\Jade\AppData\Roaming\uTorrent\To Sir, With Love (1967) DVDRip (SiRiUs sHaRe).torrent
c:\users\Jade\AppData\Roaming\uTorrent\Twilight.[2008.English].TS.HQ.DivX-LTT.torrent
c:\users\Jade\AppData\Roaming\uTorrent\U2 - No Line On The Horizon [mp3-vbr-2009].torrent
c:\users\Jade\AppData\Roaming\uTorrent\utorrent.lng
c:\users\Jade\AppData\Roaming\uTorrent\VA - Dreamgirls (2006) - Soundtrack By FEFE2003.rar.torrent

.
((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-25 22:23 . 2009-10-25 22:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-25 22:23 . 2009-10-25 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-24 18:04 . 2009-10-24 18:25 -------- d-----w- c:\users\Jade\AppData\Roaming\GetRightToGo
2009-10-19 18:34 . 2009-10-19 18:34 -------- d-----w- c:\users\Jade\AppData\Roaming\Malwarebytes
2009-10-19 18:32 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 18:31 . 2009-10-19 18:31 -------- d-----w- c:\programdata\Malwarebytes
2009-10-19 18:31 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 18:31 . 2009-10-19 18:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 18:11 . 2009-10-19 18:11 -------- d-----w- c:\program files\Trend Micro
2009-10-19 17:28 . 2009-10-19 17:28 -------- d-----w- c:\windows\BDOSCAN8
2009-10-18 19:34 . 2009-10-18 19:34 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-10-18 19:34 . 2009-10-25 08:47 -------- d-----w- c:\program files\COMODO
2009-10-18 19:21 . 2009-10-19 15:02 -------- d-----w- c:\program files\SpywareBlaster
2009-10-18 18:56 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-18 18:56 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-18 18:56 . 2009-10-18 18:56 -------- d-----w- c:\programdata\Avira
2009-10-18 18:56 . 2009-10-18 18:56 -------- d-----w- c:\program files\Avira
2009-10-18 16:16 . 2009-10-18 16:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-18 16:16 . 2009-10-18 16:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-18 16:16 . 2009-10-18 16:16 -------- d-----w- c:\users\Jade\AppData\Roaming\SUPERAntiSpyware.com
2009-10-18 16:15 . 2009-10-18 16:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-17 19:44 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-17 19:43 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-17 19:43 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-17 19:37 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-17 19:36 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-17 19:36 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-15 19:26 . 2009-10-15 19:26 -------- d-----w- c:\program files\iPod(242)
2009-10-15 19:26 . 2009-10-15 19:28 -------- d-----w- c:\program files\iTunes(243)
2009-10-13 14:37 . 2009-10-13 14:46 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-06 19:22 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-06 19:22 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-06 19:20 . 2009-10-17 19:20 -------- d-----w- c:\program files\iPod
2009-10-06 19:20 . 2009-10-06 19:20 -------- d-----w- c:\program files\iPod(153)
2009-10-06 19:20 . 2009-10-17 19:20 -------- d-----w- c:\program files\iTunes
2009-10-06 19:20 . 2009-10-06 19:22 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-06 19:20 . 2009-10-06 19:22 -------- d-----w- c:\program files\iTunes(154)
2009-10-03 10:34 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 09:04 . 2009-09-30 09:04 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-29 13:36 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-29 13:36 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-29 13:36 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-29 13:36 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-29 13:36 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-29 13:36 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-29 13:36 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-27 10:26 . 2009-09-27 10:30 -------- d-----w- c:\windows\system32\ca-ES
2009-09-27 10:26 . 2009-09-27 10:30 -------- d-----w- c:\windows\system32\eu-ES
2009-09-27 10:26 . 2009-09-27 10:30 -------- d-----w- c:\windows\system32\vi-VN
2009-09-27 09:09 . 2009-09-27 09:09 -------- d-----w- c:\windows\system32\EventProviders

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 08:18 . 2007-10-24 17:27 -------- d-----w- c:\program files\Java
2009-10-24 18:37 . 2008-08-23 17:40 121968 ----a-w- c:\users\Jade\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-24 18:35 . 2007-10-24 17:01 -------- d-----w- c:\programdata\Microsoft Help
2009-10-23 22:36 . 2008-09-18 17:29 680 ----a-w- c:\users\Jade\AppData\Local\d3d9caps.dat
2009-10-18 09:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-17 19:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-17 19:20 . 2009-06-29 20:08 -------- d-----w- c:\program files\QuickTime
2009-10-17 19:20 . 2008-08-25 09:40 -------- d-----w- c:\program files\Common Files\Apple
2009-10-10 13:38 . 2009-01-13 20:22 -------- d-----w- c:\program files\PeerGuardian2
2009-10-10 10:22 . 2008-08-25 09:52 -------- d-----w- c:\users\Jade\AppData\Roaming\Apple Computer
2009-09-27 10:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-27 10:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-27 10:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-27 10:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-27 10:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-25 15:49 . 2009-09-25 15:49 -------- d-----w- c:\program files\DivX
2009-09-25 15:49 . 2009-09-25 15:49 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-10 19:28 . 2008-09-21 17:04 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-29 00:27 . 2009-09-05 15:40 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-05 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-17 19:40 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-17 19:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-17 19:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-17 19:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 16:41 . 2008-08-24 12:57 27240 ----a-w- c:\users\Jade\AppData\Roaming\nvModes.dat
2009-08-14 16:27 . 2009-09-09 10:22 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 10:22 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 10:22 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 10:22 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 10:22 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 10:22 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 10:22 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 10:22 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 10:22 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 10:22 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 10:22 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-25_10.22.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-24 15:21 . 2009-10-25 09:15 46626 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-10-24 15:21 . 2009-10-25 21:30 46626 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-25 21:30 71906 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-23 17:24 . 2009-10-25 21:30 11360 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3154062678-3582439290-3180834714-1000_UserData.bin
+ 2008-04-24 20:17 . 2009-10-25 21:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-24 20:17 . 2009-10-25 08:47 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-24 20:17 . 2009-10-25 08:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-24 20:17 . 2009-10-25 21:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-24 20:17 . 2009-10-25 21:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-24 20:17 . 2009-10-25 08:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-25 09:13 . 2009-10-25 09:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-25 21:28 . 2009-10-25 21:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-25 09:13 . 2009-10-25 09:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-25 21:28 . 2009-10-25 21:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-10-25 21:35 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-25 09:20 600378 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-25 21:35 105852 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-10-25 09:20 105852 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\users\Jade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):74,71,49,0f,89,3f,ca,01

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 20:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 20:24 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18/10/2009 18:56 108289]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 20:24 7408]
S3 UsbSagCom;Mobile Device Full USB Driver;c:\windows\System32\drivers\UsbSagCom.sys [29/06/2007 13:20 51712]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 22:24
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-10-25 22:27
ComboFix-quarantined-files.txt 2009-10-25 22:27
ComboFix2.txt 2009-10-25 10:25

Pre-Run: 115,649,499,136 bytes free
Post-Run: 115,649,511,424 bytes free

- - End Of File - - 3808F64C70646BB19A172DA1BF2C8DEE



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, October 26, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, October 26, 2009 06:11:20
Records in database: 3078354
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 198393
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 06:39:34


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Windows\System32\drivers\atapi.sys.vir Infected: Rootkit.Win32.TDSS.u 1

Selected area has been scanned.



hyLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:25, on 26/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.tescophoto.com/wpp/tesco/app ... oader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://maxspielmann.uk.photo-online.com ... oader4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9188 bytes


The compter seems to be running faster also google has not redirected me to another page in the past day or so.

[jmw3]

Hi

Looks good.

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version: Adobe Reader 9.1
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed Uncheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Adobe 9 is a large program and if you prefer a smaller program you can get Foxit 3 instead from http://www.foxitsoftware.com/pdf/rd_intro.php
Note: Do not install anything dealing with AskBar... presented as an installation option.

Fix HiJackThis Entries

• Open HiJackThis
• Click on Do a system scan only
• Place a checkmark next to these lines(if still present):

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

• Close all windows except Hijackthis and click Fix Checked
• Click Yes when prompted
• Close HijackThis.

Reboot your computer.

Clean Up
Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
Remove ComboFix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run then copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
OTC
Download OTC by Old Timer here & save it to your desktop.
Double click on OTC.exe. Click on CleanUp!.
You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.
You can delete the following from your desktop:
DDS.scr
The Gmer.exe file (it will be randomly named .exe file)
TFC.exe
Any logs that may have been saved to your desktop
You should also remove HijackThis. You can do this by going to C:\Program Files\Trend Micro\HijackThis

• Double click HijackThis.exe
• From the Main menu click Open the Misc Tools section
• Using the scroll bar, scroll down to Uninstall HijackThis
• Click Uninstall HijackThis & exit then click Yes at the prompt

Any problems before we wrap this up?

[Toon49]

No everything seems to be working fine.
Thank you very very much
I really appreciate it

[jmw3]

Hi

Thank you very very much

No problem at all... Glad I could help

All Clean
Congratulations, good work, your system is now clean. Now that your system is safe we would like you to keep it that way.
Take the time to follow these recommendations & it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Create a Clean System Restore Point
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and click OK
Ensure the boxes for Temporary Files & Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore click Clean up... and click Yes to the prompt
Click OK and Yes to confirm.

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates

Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
You can find a tutorial here. Keep it updated & run it regularly.

SpywareBlaster
I see you have this installed already. Good Work.
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

Download BlueTack's HOSTS Manager here, using Internet Explorer (Firefox won't work) & save hosts20setup.exe to your desktop:

• Double click Hosts20setup.exe on your desktop and let it Install the Hosts Manager
• After the installation is complete, click on the Hosts Manager icon on your desktop. (You can delete the other Hosts Switch icon from your desktop)
• When the Hosts Manager comes up, click the small down arrows on the right side of the bar labeled Options and Tools,
• Click Disable DNS Service. This is important
• In the Left Pane, click Download
• It will load 80,000 lines or more. When it finishes, also in the left pane, click Replace, and then click Save

You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.
If you have a separate party firewall or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

Web of Trust
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
• Yellow for caution
• Red to stop

WOT has an addon available for both Firefox and Internet Explorer.

Install WinPatrol
Download it here
You can find information about how WinPatrol works here

Read some information here on how to prevent Malware.

Hopefully these steps will help keep your computer clean.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

If there are any other questions then feel free to ask or in future do not hesitate to contact us here at The Malware Removal Forums

[Toon49]

When I try to download the HOSTS file it says illegal download. What do do?

[jmw3]

Hi

Try this link: http://blocklistpro.com/download-center ... p.exe.html
Click on Download & save the file to your desktop. Then follow the instructions I posted.

let me know how you get on