Page 1 of 2 12 LastLast
Results 1 to 10 of 16
  1. #1
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default Prompt by Detective.

    Hi guys,

    Thanks for all of the help you give. It is immensely appreciated.

    I have had an issue with my computer being slow for a while but now I am also getting a pop up from my anti-virus software telling me that I have a virus.
    The virus is listed as Win32.Malware.jq1@aSzU4Qdi

    I have been through all of the processes outlined by you guys and now the Detective is telling me to post in here.
    Below are the required logs.

    I hope you can help me out.

    With much thanks.




    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 01/26/2011 at 00:29 AM

    Application Version : 4.48.1000

    Core Rules Database Version : 6269
    Trace Rules Database Version: 4081

    Scan type : Complete Scan
    Total Scan Time : 01:56:00

    Memory items scanned : 617
    Memory threats detected : 0
    Registry items scanned : 9589
    Registry threats detected : 0
    File items scanned : 36324
    File threats detected : 24

    Adware.Tracking Cookie
    .bs.serving-sys.com [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .liveperson.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    server.iad.liveperson.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .liveperson.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]

    Trojan.Agent/Gen-Haote
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1358\A0508038.EXE

    Trojan.Agent/Gen-Krpytik
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1358\A0508039.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1358\A0508040.EXE

    Trojan.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1358\A0508041.EXE




    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 01/26/2011 at 00:29 AM

    Application Version : 4.48.1000

    Core Rules Database Version : 6269
    Trace Rules Database Version: 4081

    Scan type : Complete Scan
    Total Scan Time : 01:56:00

    Memory items scanned : 617
    Memory threats detected : 0
    Registry items scanned : 9589
    Registry threats detected : 0
    File items scanned : 36324
    File threats detected : 24

    Adware.Tracking Cookie
    .bs.serving-sys.com [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .liveperson.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    server.iad.liveperson.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]
    .liveperson.net [ C:\Documents and Settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\cookies.sqlite ]

    Trojan.Agent/Gen-Haote
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1358\A0508038.EXE

    Trojan.Agent/Gen-Krpytik
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1358\A0508039.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1358\A0508040.EXE

    Trojan.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1358\A0508041.EXE



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:11:19 AM, on 26/01/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bluesocket MS IPSec Configuration Tool\BlueService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Optus Internet Security Suite\Common\FSMA32.EXE
    C:\Program Files\Optus Internet Security Suite\Anti-Virus\FSGK32.EXE
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files\Optus Internet Security Suite\Common\FSHDLL32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Optus Internet Security Suite\FWES\Program\fsdfwd.exe
    C:\Program Files\Optus Internet Security Suite\Anti-Virus\fssm32.exe
    C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsav32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Optus Internet Security Suite\Common\FSM32.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    H:\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://edsuite.decs.sa.edu.au/login.php?e=9&l=1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.decs.sa.edu.au:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo0.dll
    O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Optus Internet Security Suite\NRS\iescript\baselitmus.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Isohunt-vuze Toolbar - {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files\Isohunt-vuze\tbIsoh.dll (file missing)
    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Optus Internet Security Suite\NRS\iescript\baselitmus.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo0.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Optus Internet Security Suite\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Optus Internet Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "H:\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: &Lookup Meaning - res://C:\Program Files\ieSpell\iespell.dll/LOOKUPMEANING.HTM
    O8 - Extra context menu item: &Search - ?p=ZK
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} -
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Cu...ataManager.CAB
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - HouseCall - Free Online Virus Scan - Trend Micro USA
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - CA Threat Scanner
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1149685889609
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - Virus Information Center - CA Technologies
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - Free Antivirus Tools - Trend Micro USA
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
    O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluesocket IPSec Service (BlueService) - Bluesocket Inc. - C:\Program Files\Bluesocket MS IPSec Configuration Tool\BlueService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\ORSP Client\fsorsp.exe
    O23 - Service: Google Update Service (gupdate1ca61efcf367e96) (gupdate1ca61efcf367e96) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 15724 bytes

  2. #2
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Hello Haynzy.

    You posted the SAS log twice. Can you also post the MBAM log please. It's under the Logs tab in MBAM.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  3. #3
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    Oops sorry bout that...


    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes

    Database version: 5594

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    26/01/2011 9:56:39 AM
    mbam-log-2011-01-26 (09-56-39).txt

    Scan type: Quick scan
    Objects scanned: 279384
    Time elapsed: 24 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  4. #4
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Sorry for the delay.



    Disable SpywareGuard protection so it doesn't block the fix from HijackThis


    • Double-click on the red "SG" icon in the system tray.
    • In the SpywareGuard GUI click the Options button.
    • Under SpywareGuard Options click General
    • Uncheck the following General Protection Options:
      • Enable Real-Time Scanning
      • Enable Download Protection
      • Enable Browser Hijack Protection

    • Click the Save Settings button.
    • Then in the File menu select Exit



    ----------

    Open HijackThis and select Do a system scan only

    Place a check mark next to the following entries: (if there)


    • R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.decs.sa.edu.au:8080


    • R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)


    • O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com


    • O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} -
    • O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
    • O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -
    • O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
    • O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -


    Important: Close all open windows except for HijackThis and then click Fix checked.

    Once completed, exit HijackThis.

    ----------

    If you already have ComboFix be sure to delete it and download a new copy.

    Download ComboFix© by sUBs from one of the below links. Be sure to save it to the Desktop.

    Link #1
    Link #2

    **Note: It is important that it is saved directly to your Desktop

    Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

    Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    Double click combofix.exe & follow the prompts.

    When finished ComboFix will produce a log for you.
    Post the ComboFix log in your next reply.

    Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

    Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

    If you have problems with ComboFix usage, see How to use ComboFix
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  5. #5
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    No worries, thanks for your help.

    I've removed the entries as requested and downloaded and run Combofix. Below is the log.

    Thanks


    ComboFix 11-01-31.02 - Mike Haynes 01/02/2011 21:55:07.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2302.1650 [GMT 10.5:30]
    Running from: c:\documents and settings\Mike Haynes\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\AcrF2EC.tmp
    C:\AcrF2ED.tmp
    C:\AcrF2EE.tmp
    C:\AcrF2EF.tmp
    C:\AcrF2F0.tmp
    C:\AcrF2F1.tmp
    C:\AcrF2F2.tmp
    C:\AcrF2F3.tmp
    C:\AcrF2F4.tmp
    C:\AcrF2F5.tmp
    C:\AcrF2F6.tmp
    C:\AcrF2F7.tmp
    C:\AcrF2F8.tmp
    C:\AcrF2F9.tmp
    C:\AcrF2FA.tmp
    C:\AcrF2FB.tmp
    C:\AcrF2FC.tmp
    C:\AcrF2FF.tmp
    C:\AcrF300.tmp
    C:\AcrF301.tmp
    C:\AcrF302.tmp
    C:\AcrF303.tmp
    C:\AcrF304.tmp
    C:\AcrF305.tmp
    C:\AcrF306.tmp
    C:\AcrF307.tmp
    C:\AcrF308.tmp
    C:\AcrF309.tmp
    C:\AcrF30A.tmp
    C:\AcrF30B.tmp
    C:\AcrF30C.tmp
    C:\AcrF30D.tmp
    C:\AcrF30E.tmp
    C:\AcrF30F.tmp
    C:\AcrF310.tmp
    C:\AcrF311.tmp
    C:\AcrF312.tmp
    C:\AcrF313.tmp
    C:\AcrF314.tmp
    C:\AcrF315.tmp
    C:\AcrF316.tmp
    C:\AcrF317.tmp
    C:\AcrF318.tmp
    C:\AcrF319.tmp
    C:\AcrF31A.tmp
    C:\AcrF31B.tmp
    C:\AcrF31C.tmp
    C:\AcrF31D.tmp
    C:\AcrF31E.tmp
    C:\AcrF31F.tmp
    C:\AcrF320.tmp
    C:\AcrF321.tmp
    C:\AcrF322.tmp
    C:\AcrF323.tmp
    C:\AcrF324.tmp
    C:\AcrF325.tmp
    C:\Images
    C:\LOGC9.tmp
    c:\progra~1\COMMON~1\{50F9D~1
    c:\program files\Common Files\asks~1
    c:\program files\emusic toolbar
    c:\program files\emusic toolbar\affid.dat
    c:\program files\emusic toolbar\basis.xml
    c:\program files\emusic toolbar\emusicToolbar.crc
    c:\program files\emusic toolbar\icons.bmp
    c:\program files\emusic toolbar\logo.bmp
    c:\program files\emusic toolbar\msvcp60.dll
    c:\program files\emusic toolbar\msvcrt.dll
    c:\program files\emusic toolbar\newversion.txt
    c:\program files\emusic toolbar\Thumbs.db
    c:\program files\emusic toolbar\version.txt
    c:\program files\racle~1
    c:\program files\wnsxs~1
    c:\windows\Downloaded Program Files\Quarantine

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-01 to 2011-02-01 )))))))))))))))))))))))))))))))
    .

    2011-01-25 10:47 . 2011-01-25 10:47 388096 ----a-r- c:\documents and settings\Mike Haynes\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-25 10:04 . 2011-01-25 10:04 -------- d-----w- c:\documents and settings\Mike Haynes\Application Data\Malwarebytes
    2011-01-25 10:03 . 2010-12-20 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-25 10:03 . 2011-01-25 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-01-25 10:03 . 2010-12-20 07:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-25 10:03 . 2011-01-25 10:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-25 07:27 . 2011-01-25 07:27 -------- d-----w- c:\documents and settings\Mike Haynes\Application Data\SUPERAntiSpyware.com
    2011-01-25 07:27 . 2011-01-25 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-01-25 07:27 . 2011-01-25 07:28 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-01-25 06:40 . 2011-01-25 06:40 102400 ----a-w- c:\windows\RegBootClean.exe
    2011-01-25 06:22 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-01-24 09:47 . 2009-06-30 00:07 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2011-01-20 09:53 . 2011-01-20 09:53 -------- d-----w- c:\documents and settings\Mike Haynes\Local Settings\Application Data\Sunbelt Software
    2011-01-20 09:48 . 2011-01-20 09:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2011-01-18 01:26 . 2011-01-18 01:26 -------- d-----w- c:\program files\etax2010
    2011-01-12 20:51 . 2011-01-12 20:52 -------- d-----w- c:\documents and settings\Mike Haynes\Local Settings\Application Data\Zipeg
    2011-01-10 14:15 . 2011-01-10 14:15 -------- d-----w- c:\documents and settings\Mike Haynes\Local Settings\Application Data\uTorrentBar
    2011-01-10 14:15 . 2011-01-10 14:15 -------- d-----w- c:\documents and settings\Mike Haynes\Local Settings\Application Data\ConduitEngine
    2011-01-10 14:15 . 2011-01-10 14:15 -------- d-----w- c:\program files\ConduitEngine
    2011-01-10 14:15 . 2011-01-10 14:15 -------- d-----w- c:\program files\uTorrentBar

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-20 09:55 . 2009-11-10 11:10 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-01-20 09:55 . 2009-02-17 04:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-12-23 03:48 . 2008-08-02 13:34 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
    2010-12-15 20:48 . 2009-05-11 13:15 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2010-12-03 09:05 . 2009-02-17 00:10 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-11-29 07:08 . 2010-11-29 07:08 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 07:08 . 2010-11-29 07:08 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-18 18:12 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52 . 2004-08-04 08:00 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
    2007-06-13 05:37 . 2007-06-13 05:37 6276080 -c--a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2010-12-09 3911776]

    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2010-12-09 3911776]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-07-25 344064]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-30 122941]
    "F-Secure Manager"="c:\program files\Optus Internet Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
    "F-Secure TNB"="c:\program files\Optus Internet Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-01-20 936712]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
    "iTunesHelper"="h:\itunes\iTunesHelper.exe" [2010-12-13 421160]

    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    AutoTBar.exe [2003-9-30 57344]

    c:\documents and settings\Mike Haynes\Start Menu\Programs\Startup\
    SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-6-2 565309]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
    backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-10-08 06:34 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
    2009-07-30 05:35 497000 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
    2006-04-17 23:02 405504 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
    2010-04-27 22:14 647528 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-14 10:47 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
    2007-08-22 06:01 80896 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
    2005-04-01 07:11 794624 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWRTOOLBOX]
    2005-10-25 15:59 344064 ----a-w- c:\program files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
    2004-08-04 13:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2004-08-04 13:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2004-07-27 08:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-02-16 05:45 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-12-13 06:46 421160 ----a-w- h:\itunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-16 12:42 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    2004-08-04 13:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
    2009-11-06 05:30 2090272 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
    2010-02-24 10:47 385928 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
    2009-11-11 00:27 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2004-08-04 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2004-08-04 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 07:08 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 06:37 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-06-23 14:47 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-10-18 09:35 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "IpWins"=c:\program files\ipwins\ipwins.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Hewlett-Packard\\hp deskjet 460 series\\Toolbox\\HPWRTBX.exe"=
    "c:\\Program Files\\CuteFTP\\cutftp32.exe"=
    "c:\\Team17\\Worms2\\frontend.exe"=
    "c:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\muzapp.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "h:\\uTorrent\\utorrent.exe"=
    "h:\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [11/05/2009 11:45 PM 42664]
    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [3/08/2008 12:04 AM 82120]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17/02/2009 10:40 AM 64288]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24/01/2011 8:17 PM 28552]
    R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [25/06/2006 2:15 PM 19507]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Optus Internet Security Suite\HIPS\drivers\fshs.sys [11/05/2009 11:31 PM 68064]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [18/02/2010 4:55 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/05/2010 5:11 AM 67656]
    R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [25/06/2006 2:15 PM 619390]
    R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [25/06/2006 2:15 PM 423454]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Optus Internet Security Suite\Anti-Virus\minifilter\fsgk.sys [3/08/2008 12:01 AM 130728]
    S1 sonypvd3;Sony DVD Handycam;c:\windows\system32\drivers\sonypvd3.sys [25/06/2006 2:15 PM 64964]
    S2 gupdate1ca61efcf367e96;Google Update Service (gupdate1ca61efcf367e96);c:\program files\Google\Update\GoogleUpdate.exe [10/11/2009 8:52 PM 133104]
    S2 pciinfo;HP Pci Information;\??\c:\docume~1\MIKEHA~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\MIKEHA~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
    S3 AdWatchDrv;AW Realtime Driver;\??\c:\windows\system32\drivers\AWRTPD.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
    S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Optus Internet Security Suite\ORSP Client\fsorsp.exe [11/05/2009 11:31 PM 63992]
    S3 glauiad;D-Link DSL-302G Modem;c:\windows\system32\drivers\glauiad.sys [27/04/2006 6:23 PM 29603]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/12/2010 7:35 PM 1402272]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [3/12/2010 7:35 PM 15264]
    S3 NWVNDIS;Novatel Wireless Virtual Network Adapter;c:\windows\system32\drivers\NWVNdis.sys [19/04/2007 12:09 PM 225280]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Optus Internet Security Suite\Anti-Virus\win2k\fsfilter.sys [3/08/2008 12:01 AM 39776]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Optus Internet Security Suite\Anti-Virus\win2k\fsrec.sys [3/08/2008 12:01 AM 25184]
    S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [3/04/2006 7:12 PM 14032]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:54]

    2010-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 03:04]

    2011-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 10:22]

    2011-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 10:22]

    2010-03-29 c:\windows\Tasks\Install.job
    - c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-03-27 00:05]

    2011-01-25 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 08:42]

    2011-01-25 c:\windows\Tasks\OGADaily.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 06:34]

    2011-02-01 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 06:34]

    2011-02-01 c:\windows\Tasks\User_Feed_Synchronization-{0EFFC67A-DA3B-4FE9-A53B-5FB04B8BD348}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 19:01]

    2011-02-01 c:\windows\Tasks\User_Feed_Synchronization-{D1A7F378-5E9E-4455-ABA7-CCF9086718DF}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 19:01]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://edsuite.decs.sa.edu.au/login.php?e=9&l=1
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: &Lookup Meaning - c:\program files\ieSpell\iespell.dll/LOOKUPMEANING.HTM
    IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.09\AMVConverter\grab.html
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.09\MediaManager\grab.html
    IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    LSP: c:\program files\Optus Internet Security Suite\FSPS\program\FSLSP.DLL
    FF - ProfilePath - c:\documents and settings\Mike Haynes\Application Data\Mozilla\Firefox\Profiles\re03va2e.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://forums.leagueunlimited.com/forumdisplay.php?f=81
    FF - prefs.js: network.proxy.ftp - proxy.decs.sa.edu.au
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.gopher - proxy.decs.sa.edu.au
    FF - prefs.js: network.proxy.gopher_port - 8080
    FF - prefs.js: network.proxy.http - proxy.decs.sa.edu.au
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - proxy.decs.sa.edu.au
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - proxy.decs.sa.edu.au
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 4
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Isohunt-vuze Toolbar: {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - %profile%\extensions\{6c3a1de1-94ca-4ad6-acdf-c1324adc487b}
    FF - Ext: eMusic Toolbar: {9ee802e8-c931-47ab-b570-aa8f791598ca} - %profile%\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
    FF - Ext: Browsing Protection: litmus-ff@f-secure.com - c:\program files\Optus Internet Security Suite\NRS\litmus-ff@f-secure.com
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - c:\program files\Isohunt-vuze\tbIsoh.dll
    Notify-WgaLogon - (no file)
    AddRemove-InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6} - c:\program files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\setup.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2011-02-01 22:10
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????????4?|H]?|?????? ???B?????????????hLC? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2421711115-3453228986-2185410041-1005\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-2421711115-3453228986-2185410041-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{557F5B47-FC6E-CCA8-C7A6-D6B76F86DC0C}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "cbpalckadjcejjhkbfgmjcnklgkncnehbpfmmo"=hex:69,61,6d,65,61,6c,67,68,6e,66,6c,
    65,67,62,6a,6b,61,70,00,00
    "bbjoncofoahdfchlobgcjngilaccmcjhfook"=hex:6a,61,65,66,61,6c,63,62,69,70,67,65,
    67,61,6a,62,6a,6d,66,6c,00,00
    "iapalckadjcejjhkbf"=hex:61,61,00,00
    "hajoncofoahdfchl"=hex:61,61,00,00
    "iadpdbddknjcmnbdng"=hex:61,61,00,00

    [HKEY_USERS\S-1-5-21-2421711115-3453228986-2185410041-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{86046AF3-2D92-7A7F-EB35-57A296A5E379}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "bbldgmpenjnnocdcfhmgdobnbaaelbllmlad"=hex:69,61,63,62,69,70,68,6d,6f,61,64,63,
    63,69,6a,67,6f,6b,00,00
    "abfdmklembefcdkhdiadheaipdhhlobeij"=hex:6a,61,6b,61,69,67,61,68,61,66,6a,63,
    66,6b,6d,64,67,6a,64,62,00,fe
    "ialdgmpenjnnocdcfh"=hex:61,61,00,00
    "hafdmklembefcdkh"=hex:61,61,00,00
    "iahggjfiabndccjmfp"=hex:61,61,00,00

    [HKEY_USERS\S-1-5-21-2421711115-3453228986-2185410041-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A0B314C1-423E-AEAB-65AA-5197814AD59C}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "dbffiehggidmcjnhnoehjaonmnkgphnaonibnjjg"=hex:69,61,6b,6a,67,6e,63,6e,6b,6b,
    65,6e,61,70,6d,6d,68,61,00,00
    "cbpogkegppfmgcggmihohmdphkiihfnpglkkll"=hex:6a,61,62,69,64,68,6b,6a,69,65,64,
    68,6d,69,6a,6d,63,62,61,6c,00,ea

    [HKEY_USERS\S-1-5-21-2421711115-3453228986-2185410041-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B03484F4-2EC2-99B9-AD15-9CA7077C46CE}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "dbnjjidcffacoiehjkfaopebgabdanglfhogmbmk"=hex:69,61,6d,67,62,6d,66,62,6c,6b,
    70,66,6c,70,61,6c,6f,62,00,00
    "cbhjlinobgfmniopfimbiachhokjlojnonklef"=hex:6a,61,65,68,62,6f,6b,65,6b,67,6e,
    70,66,62,62,62,66,6a,63,6a,00,18
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(520)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    c:\program files\optus internet security suite\hips\fshook32.dll

    - - - - - - - > 'lsass.exe'(576)
    c:\program files\Optus Internet Security Suite\FSPS\program\FSLSP.DLL
    c:\program files\optus internet security suite\hips\fshook32.dll
    .
    Completion time: 2011-02-01 22:14:37
    ComboFix-quarantined-files.txt 2011-02-01 11:44

    Pre-Run: 12,787,580,928 bytes free
    Post-Run: 14,896,033,792 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 55D4CDBBD7806ABDA140BE204AE721AF

  6. #6
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Please go to Start > Run and copy/paste the following blue text, then press Enter:

    C:\QooBox\Add-Remove Programs.txt

    A text file should open. Please post the contents of that file in your next reply.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  7. #7
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    Ok will do.



    µTorrent
    25000 Sudoku
    32 Bit HP CIO Components Installer
    4500_Help
    Ad-Aware
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.2.5
    Adobe Shockwave Player 11.5
    Adobe® Photoshop® Album Starter Edition 3.2
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASIO4ALL
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    ATI Parental Control & Encoder
    AudibleManager
    Band-in-a-Box Pro v8.0
    Bluesocket MS IPSec Configuration Tool V4.2
    Bluetooth by hp
    Bonjour
    BPD_HPSU
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    Conexant AC-97 Audio
    Conexant Data Fax Modem with SmartCP
    ConsumerUpdate
    Content Transfer
    ContentSAFER for Wizmax
    CP_AtenaShokunin1Config
    cp_dwSharkTaleAlbums1
    cp_dwSharkTaleCards1
    cp_dwShrek2Albums1
    cp_dwShrek2Cards1
    CP_PLSBusinessFlyers
    CreativeProjects
    CreativeProjectsTemplates
    CueTour
    Culpa Innata
    CustomerResearchQFolder
    CuteFTP
    D-Link DSL-302G USB Driver
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    Digital Locker Assistant
    DocMgr
    DocProc
    DocProcQFolder
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    e-tax 2010
    EmoDio
    eMule
    eMusic Download Manager 4.1.3.1
    eMusic Toolbar
    eSupportQFolder
    EZT
    F-Secure PSC Prerequisites
    Fax
    First Step Guide
    FL Studio 5
    FreeFTP
    Google Calendar Sync
    Google Chrome
    Google Desktop Search
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService
    Handbrake
    Hardcore
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB954550-v5)
    HP Customer Participation Program 10.0
    HP Deskjet 460
    HP Deskjet 460 Series
    HP Document Manager 1.0
    HP Help and Support
    HP Image Zone 4.8.5
    HP Image Zone Plus 4.8.5
    HP Imaging Device Functions 10.0
    HP Officejet J4500 Series
    HP Photosmart Essential 2.5
    HP Smart Web Printing
    HP Solution Center 10.0
    HP Update
    HP Wireless Assistant 1.01 A2
    HPIZplus450
    HPProductAssistant
    HpSdpAppCoreApp
    HPSSupply
    iDisk Utility for Windows
    ieSpell
    IL Download Manager
    ImageMixer EasyStepDVD
    InstantShare
    InterActual Player
    InterVideo DVD Check
    InterVideo WinDVD
    iPhone Configuration Utility
    iPod for Windows 2006-03-23
    IsoBuster 2.8
    Isohunt-vuze Toolbar
    iTunes
    J4500
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 3
    Junk Mail filter update
    Lame ACM MP3 Codec
    Last.fm 1.5.4.27091
    Logic Audio Platinum 5.1.3
    Lotus SmartSuite Release 9
    LRC Editor 4.0 (remove only)
    LS_HSI
    Macromedia Flash Player
    Magic DVD Ripper V5.1.1
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Connection Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Money
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Live Add-in 1.3
    Microsoft Office Outlook Connector
    Microsoft Office Professional Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.7
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Microsoft XML Parser
    MobileMe Control Panel
    Mozilla Firefox (3.6.13)
    MSN
    MSVC80_x86
    MSVC80_x86_v2
    MSVC90_x86
    MSVCRT
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Musicnotes Player V1.23.0
    muvee autoProducer 4.0 - SE
    Nano 1.1.1
    Native Instruments Kontakt Player Sibelius
    Native Instruments Sibelius Player
    Neuratron PhotoScore Lite
    Nokia Connectivity Cable Driver
    Nokia Ovi Player
    Nokia Ovi Suite
    Nokia Ovi Suite Software Updater
    Nokia PC Suite
    Nokia Software Updater
    Nokia_Multimedia_Common_Components_2_5
    Novatel Wireless Mobile Broadband Generic Drivers
    OCR Software by I.R.I.S. 10.0
    OGA Notifier 1.7.0105.35.0
    OmniFormat
    Optus Internet Security Suite 2010
    Optus Wireless Broadband
    OptusNet DSL
    Ovi Desktop Sync Engine
    OviMPlatform
    Paint.NET v3.36
    Panda ActiveScan 2.0
    PanoStandAlone
    PaperPort Image Printer
    PC Connectivity Solution
    Pdf995
    PdfEdit995
    Photo Viewer V208G2
    PhotoEdit995
    PhotoGallery
    Picasa 3
    Picture Package
    PoiZone
    ProductContext
    PSSWCORE
    QFolder
    Quick Launch Buttons 5.20 H1
    QuickTime
    RealPlayer
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Roxio Backup MyPC
    Rugby League
    Safari
    Sawer
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Segoe UI
    Shop for HP Supplies
    Sibelius 5
    Sibelius Scorch
    Sibelius Scorch (ActiveX Only)
    Sibelius Scorch (Firefox, Opera, Netscape only)
    Sibelius Scorch Plugin
    Sibelius Sounds Essentials
    SkinsHP1
    Skype™ 3.6
    SmartWebPrintingOC
    SolutionCenter
    Sonic Audio Module
    Sonic Copy Module
    Sonic Data Module
    Sonic DLA
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic Update Manager
    Sony DVD Handycam USB Driver 2
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.5.2.20
    SpywareBlaster v3.5.1
    SpywareGuard v2.2
    Status
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Toolbox
    Toxic Biohazard
    Transcribe! 7.50
    TrayApp
    TuneUp Companion 1.9.0
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    uTorrentBar Toolbar
    VideoToolkit01
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Vuze
    WebFldrs XP
    WebReg
    Winamp
    Winamp Detector Plug-in
    Windows Defender
    Windows Defender Signatures
    Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
    Windows Driver Package - Nokia Modem (10/05/2009 4.2)
    Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    Windows XP Service Pack 3
    Worms 4 Mayhem
    Worms Armageddon
    Worms2
    X-Sheet Invoicing
    XviD MPEG-4 Video Codec
    Zipeg

  8. #8
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Your Adobe Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Adobe Reader is a large program and uses unnecessary space.
    If you prefer a smaller program you can use Foxit Reader for Windows.

    There is a newer version of Adobe Reader available.

    * Go to Add or Remove Programs and uninstall Adobe Reader.
    * Restart the computer.
    * Install the new version of Adobe Reader. http://get.adobe.com/reader/

    Important! Be sure to uncheck Free McAfee® Security Scan Plus (optional) before starting the Adobe Reader download.

    ----------

    Your Java is out of date.

    Older versions have vulnerabilities that malicious sites can use to infect your system.

    First install the new Sun Java Runtime Environment

    Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Be sure to close all browser windows before beginning the install.

    Remove the old version(s)

    Go to Add or Remove Programs (Vista and Windows 7 users Programs and Features) and uninstall:

    Java(TM) 6 Update 22
    Java(TM) 6 Update 3


    Download JavaRa
    * Unzip the file and open the JavaRa.exe
    * Click Remove Older Versions
    * JavaRa will search for and remove any outdated version of Java and remove any that are found.
    * Click Additional Tasks
    * Place a check next to Remove Useless JRE Files and click Go
    * Exit JavaRa
    * Delete the JavaRa files from the desktop

    Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ----------

    Also uninstall Spybot - Search & Destroy 1.5.2.20 <- Way out of date!



    How is the computer running now?
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  9. #9
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    Thanks for that...

    Uninstalled Adobe reader.
    Installed Foxit reader
    Updated Java and uninstalled old versions.
    Uninstalled Spybot search and destroy.

    Computer seems to be running fine.
    The virus pop up from my first post popped up again last night before I did all of the tasks outlined in this post.
    It hasn't happened again today but it usually pops up when the computer has been idle for a while.
    I'll let you know if it happens again.

    Just a quick question.
    At the moment I have installed:

    SpywareBlaster v3.5.1
    Spywareguard v2.2
    SuperAntiSpyware
    Malwarebytes AntiMalware
    Ad-Aware

    Is this too many spyware programs and should I remove any of them?

    Thank you so much for your help.

  10. #10
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    Oops, I nearly forgot...

    I also downloaded and ran the JavaRa program.
    You said delete the JavaRa files from my desktop but there aren't any JavaRa files on my desktop.
    Was I supposed to install the program to my desktop and then uninstall it after running it?

    Thanks again.

Page 1 of 2 12 LastLast