Please run http://www.superantispyware.com/onlinescan.html

 Follow the instructions on the site. When downloaded, click on – Check for updates – Button.

Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
Ignore System Restore/Volume Information on ME and XP
Please leave the others unchecked.

On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click
NO.

When the scan have finished ->

Click Preferences . Click the Statistics/Logs tab .
Under Scanner Logs , double-click SUPERAntiSpyware Scan Log .
It will open in your default text editor (such as Notepad/Wordpad).

• Save the logfile to desktop
• Click close and close again to exit the program.

Reboot, if needed.

 

___________________

 

 

 

---

Please read:  Forum Rules

Click: Before-posting-a-log

 

 

 

Hya,

I did as you suggested and the results of both scans are below:-

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6b30629e0e04ea42874b98365827e34e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-25 01:15:36
# local_time=2009-11-25 01:15:36 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 120437 120437 0 0
# compatibility_mode=769 16775165 100 98 3804 195386183 36326 0
# compatibility_mode=5892 16776573 100 100 102750 96641357 0 0
# compatibility_mode=8192 67108863 100 0 115072 115072 0 0
# scanned=119665
# found=0
# cleaned=0
# scan_time=3106

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/24/2009 at 11:47 PM

Application Version : 4.31.1000

Core Rules Database Version : 4374
Trace Rules Database Version: 2214

Scan type       : Custom Scan
Total Scan Time : 05:53:57

Memory items scanned      : 565
Memory threats detected   : 0
Registry items scanned    : 6403
Registry threats detected : 2
File items scanned        : 633883
File threats detected     : 12

Trojan.Agent/Gen
 HKU\S-1-5-21-2478470916-2375115024-4100638468-1000\Software\NeoChronos
 HKU\S-1-5-21-2478470916-2375115024-4100638468-1000\Software\Margotte

Adware.Tracking Cookie
 C:\Documents and Settings\Toshiba\AppData\Roaming\Microsoft\Windows\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt
 C:\Documents and Settings\Toshiba\AppData\Roaming\Microsoft\Windows\Cookies\Low\toshiba@hitbox[2].txt
 C:\Documents and Settings\Toshiba\Application Data\Microsoft\Windows\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt
 C:\Documents and Settings\Toshiba\Application Data\Microsoft\Windows\Cookies\Low\toshiba@hitbox[2].txt
 C:\Documents and Settings\Toshiba\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt
 C:\Documents and Settings\Toshiba\Cookies\Low\toshiba@hitbox[2].txt
 C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt
 C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Cookies\Low\toshiba@hitbox[2].txt
 C:\Users\Toshiba\Application Data\Microsoft\Windows\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt
 C:\Users\Toshiba\Application Data\Microsoft\Windows\Cookies\Low\toshiba@hitbox[2].txt
 C:\Users\Toshiba\Cookies\Low\toshiba@ehg-eset.hitbox[1].txt
 C:\Users\Toshiba\Cookies\Low\toshiba@hitbox[2].txt

---

Code:

---

(((((((((((((((((((((((((   Files Created from 2009-11-20 to 2009-12-20  )))))))))))))))))))))))))))))))
.

2009-12-20 00:06 . 2009-12-20 00:06 -------- d-----w- c:\users\Toshiba\AppData\Local\temp
2009-12-20 00:06 . 2009-12-20 00:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-20 00:06 . 2009-12-20 00:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-13 22:07 . 2009-12-13 22:07 -------- d-----w- c:\program files\CCleaner
2009-12-13 07:53 . 2009-12-13 11:10 -------- d-----w- c:\users\Toshiba\AppData\Local\ojneid
2009-12-12 03:02 . 2009-12-12 03:02 -------- d-----w- c:\windows\CheckSur
2009-12-12 03:00 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 03:00 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 03:00 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 18:34 . 2009-12-10 18:48 47360 ----a-w- c:\users\Toshiba\AppData\Roaming\pcouffin.sys
2009-12-10 18:34 . 2009-12-10 18:34 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-10 18:32 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 18:32 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-10 18:30 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-10 12:20 . 2009-12-10 12:20 108032 --sha-r- c:\windows\system32\emdmgmtx.dll
2009-12-07 21:33 . 2009-12-07 21:33 -------- d-----w- c:\programdata\Lexmark 2600 Series
2009-12-05 22:27 . 2009-12-05 22:27 -------- d-----w- c:\programdata\WorldWinner.com
2009-12-05 16:56 . 2009-12-05 16:56 -------- d-----w- c:\windows\Sun
2009-12-01 18:52 . 2009-12-13 17:32 -------- d-----w- c:\programdata\Vso
2009-11-30 23:54 . 2009-11-30 23:54 -------- d-----w- c:\programdata\vsosdk
2009-11-30 23:21 . 2009-11-30 23:21 -------- d-----w- c:\users\Toshiba\AppData\Roaming\DivX
2009-11-29 20:04 . 2009-12-13 17:32 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Vso
2009-11-29 20:03 . 2009-12-10 18:48 -------- d-----w- c:\program files\VSO
2009-11-29 18:15 . 2009-11-29 18:20 -------- d-----w- c:\users\Toshiba\AppData\Local\Google
2009-11-29 18:15 . 2009-11-29 18:20 -------- d-----w- c:\program files\Google
2009-11-29 18:15 . 2009-11-29 18:16 -------- d-----w- c:\program files\DivX
2009-11-29 18:07 . 2009-11-29 18:07 -------- d-----w- c:\users\Toshiba\AppData\Roaming\CyberLink
2009-11-28 18:29 . 2009-11-28 18:29 -------- d-----w- c:\users\Toshiba\AppData\Local\WinAVI
2009-11-28 18:28 . 2009-11-28 18:28 -------- d-----w- c:\program files\WinAVI Video Converter 9.0
2009-11-25 03:01 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 23:56 . 2009-11-29 11:22 63 ----a-w- c:\users\Toshiba\jagex_runescape_preferences2.dat
2009-11-24 23:52 . 2009-11-29 11:22 38 ----a-w- c:\users\Toshiba\jagex_runescape_preferences.dat
2009-11-24 23:52 . 2009-12-10 10:52 -------- d-----w- c:\windows\.jagex_cache_32
2009-11-24 22:51 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 22:51 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-23 17:38 . 2009-11-23 17:38 117760 ----a-w- c:\users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com
2009-11-23 17:38 . 2009-11-23 17:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-23 17:25 . 2009-11-23 17:25 -------- d-----w- c:\program files\ESET
2009-11-23 17:06 . 2009-11-23 17:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-23 17:06 . 2009-11-23 17:06 -------- d-----w- c:\program files\Java
2009-11-23 16:22 . 2009-11-23 16:22 0 ----a-w- c:\windows\nsreg.dat
2009-11-23 16:22 . 2009-11-23 16:22 -------- d-----w- c:\users\Toshiba\AppData\Local\Mozilla
2009-11-23 15:56 . 2009-11-23 15:56 -------- d-----w- c:\program files\Trend Micro

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 23:50 . 2009-11-12 21:31 -------- d-----w- c:\users\Toshiba\AppData\Roaming\DMCache
2009-12-14 12:06 . 2009-11-15 20:58 -------- d-----w- c:\users\Toshiba\AppData\Roaming\LimeWire
2009-12-12 03:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 10:52 . 2009-11-18 15:37 -------- d-----w- c:\program files\Lexmark Toolbar
2009-12-10 10:52 . 2009-11-14 10:39 -------- d-----w- c:\programdata\FLEXnet
2009-12-10 10:52 . 2009-11-18 15:38 -------- d-----w- c:\program files\Lexmark Fax Solutions
2009-12-10 10:52 . 2009-11-18 15:36 -------- d-----w- c:\program files\Lexmark 2600 Series
2009-12-08 16:39 . 2009-11-18 21:44 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Lexmark Productivity Studio
2009-12-01 09:38 . 2009-11-12 15:33 1356 ----a-w- c:\users\Toshiba\AppData\Local\d3d9caps.dat
2009-11-29 18:06 . 2009-11-12 17:50 -------- d-----w- c:\programdata\CyberLink
2009-11-25 10:28 . 2009-11-18 15:45 -------- d-----w- c:\programdata\Lx_cats
2009-11-24 23:09 . 2009-11-12 21:09 -------- d-----w- c:\program files\Opera
2009-11-21 06:40 . 2009-12-10 18:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 18:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 18:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 18:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 23:52 . 2009-11-19 23:52 -------- d-----w- c:\programdata\DivoGames
2009-11-19 03:23 . 2009-11-19 03:23 -------- d-----w- c:\users\Toshiba\AppData\Roaming\FaxCtr
2009-11-19 03:22 . 2009-11-12 15:34 80792 ----a-w- c:\users\Toshiba\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-19 03:21 . 2009-11-12 17:47 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-18 22:34 . 2009-11-18 22:33 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-11-18 22:33 . 2009-11-18 22:33 -------- d-----w- c:\programdata\ACD Systems
2009-11-18 22:33 . 2009-11-18 22:33 -------- d-----w- c:\program files\ACD Systems
2009-11-18 15:38 . 2009-11-18 15:38 -------- d-----w- c:\programdata\FaxCtr
2009-11-18 15:38 . 2009-11-18 15:38 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-11-18 00:18 . 2009-11-18 00:18 -------- d-----w- c:\program files\SpaceMonger
2009-11-18 00:18 . 2009-11-18 00:18 -------- d-----w- c:\users\Toshiba\AppData\Roaming\SpaceMonger
2009-11-18 00:10 . 2009-11-14 10:38 -------- d-----w- c:\program files\Topaz Labs
2009-11-17 21:59 . 2009-11-17 21:59 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Thinstall
2009-11-17 20:37 . 2009-11-17 20:37 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-15 20:58 . 2009-11-15 20:58 -------- d-----w- c:\program files\LimeWire
2009-11-15 19:53 . 2009-11-15 19:53 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Malwarebytes
2009-11-15 19:53 . 2009-11-15 19:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 19:53 . 2009-11-15 19:53 -------- d-----w- c:\programdata\Malwarebytes
2009-11-14 23:27 . 2009-11-14 23:27 -------- d---a-r- c:\program files\Mystical
2009-11-14 22:38 . 2009-11-14 22:25 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Alien Skin
2009-11-14 10:32 . 2009-11-14 10:32 -------- d-----w- c:\program files\Ps Plugins
2009-11-14 10:32 . 2009-11-14 10:32 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Pictographics
2009-11-14 10:20 . 2009-11-12 23:10 -------- d-----w- c:\users\Toshiba\AppData\Roaming\IDM
2009-11-13 09:01 . 2009-11-12 23:10 -------- d-----w- c:\program files\Internet Download Manager
2009-11-13 03:23 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-13 00:10 . 2009-11-13 00:10 4096 ----a-w- c:\windows\d3dx.dat
2009-11-13 00:09 . 2009-11-13 00:09 -------- d-----w- c:\program files\Sandlot
2009-11-12 23:43 . 2009-11-12 17:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-12 23:42 . 2009-11-12 23:42 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-12 23:39 . 2009-11-12 23:39 -------- d-----w- c:\windows\Fonts\Fonts
2009-11-12 23:37 . 2009-11-12 23:37 129784 ----a-w- c:\windows\system32\pxafs.dll
2009-11-12 23:37 . 2009-11-12 23:37 116472 ----a-w- c:\windows\system32\pxcpyi64.exe
2009-11-12 23:37 . 2009-11-12 23:37 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-11-12 23:37 . 2009-11-12 23:37 118520 ----a-w- c:\windows\system32\pxinsi64.exe
2009-11-12 23:11 . 2009-11-12 23:11 198064 ----a-w- c:\users\Toshiba\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-11-12 17:49 . 2009-11-12 17:48 -------- d-----w- c:\program files\CyberLink
2009-11-12 17:49 . 2009-11-12 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-12 17:48 . 2009-11-12 17:48 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-12 17:38 . 2009-11-12 17:38 -------- d-----w- c:\program files\Alwil Software
2009-11-12 17:37 . 2009-11-12 17:37 -------- d-----w- c:\programdata\Apple Computer
2009-11-12 17:34 . 2009-11-12 17:34 -------- d-----w- c:\program files\MSECache
2009-11-12 17:32 . 2009-11-12 17:32 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-12 17:30 . 2009-11-12 17:30 -------- d-----w- c:\program files\Microsoft.NET
2009-11-12 17:29 . 2009-11-12 17:29 -------- d-----w- c:\program files\Nero
2009-11-12 17:29 . 2009-11-12 17:29 -------- d-----w- c:\program files\Common Files\Nero
2009-11-12 17:29 . 2009-11-12 17:29 -------- d-----w- c:\programdata\Nero
2009-11-12 17:17 . 2009-11-12 17:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-11-12 17:16 . 2009-11-12 17:16 -------- d-----w- c:\program files\Synaptics
2009-11-12 17:16 . 2009-11-12 17:16 -------- d-----w- c:\program files\CONEXANT
2009-11-12 17:05 . 2009-11-12 17:05 -------- d-----w- c:\program files\Realtek
2009-11-12 17:05 . 2009-11-12 17:05 -------- d-----w- c:\users\Toshiba\AppData\Roaming\InstallShield
2009-11-12 16:35 . 2009-11-12 16:35 -------- d-----w- c:\program files\Intel
2009-11-12 16:28 . 2009-11-12 16:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-02 20:42 . 2009-11-12 17:35 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-05 12:47 . 2009-10-05 12:47 11280384 ----a-w- c:\windows\system32\tliremask10.dll
2009-09-30 13:52 . 2009-09-30 13:52 9916928 ----a-w- c:\windows\system32\tliadjust34.dll
2003-01-31 04:43 . 2003-01-20 13:07 6065152 ----a-w- c:\program files\Mystical.exe
2003-01-30 19:20 . 2003-01-20 13:07 1396736 ----a-w- c:\program files\Mystical_PlugIn.8bf
2001-07-17 16:15 . 2003-01-30 01:23 66680 ----a-w- c:\program files\ARDS1.ttf
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-13 3134896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2009-01-29 15:43 320168 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-11 20:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2009-11-13 09:01 3134896 ----a-w- c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 22:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon]
2009-01-29 15:43 16040 ----a-w- c:\program files\Lexmark 2600 Series\lxdnamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
2009-01-29 15:43 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 14:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-11 20:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-31 23:13 385024 ----a-w- c:\_programs\QuickTime Pro v7.4.1.14\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 15:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-23 17:06 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-11-23 08:43 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [12/11/2009 17:38 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 12:03 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [12/11/2009 17:38 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [12/11/2009 17:38 53328]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [21/01/2008 02:23 21504]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [10/06/2009 05:52 347648]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdnserv.exe [27/02/2008 23:07 98984]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ    HsfXAudioService
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\mrs8s1d2.default\
FF - component: c:\users\Toshiba\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin2.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin3.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin4.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin5.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin6.dll
FF - plugin: c:\_programs\QuickTime Pro v7.4.1.14\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-20 00:06
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-20  00:09:34
ComboFix-quarantined-files.txt  2009-12-20 00:09
ComboFix2.txt  2009-12-17 10:23

Pre-Run: 67,066,880,000 bytes free
Post-Run: 67,042,795,520 bytes free

- - End Of File - - A410D90976EF90A704B16A3313676646

 

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:43, on 23/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device -   - C:\Windows\system32\lxdncoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 5761 bytes

Reboot, and tell how things are running now ?

---

 

I did as you instructed and initially after reboot Opera went straight onto the webpage I requested with no problems, however, when I tried a totally different webpage request/search and tried opening that one it resorted back to saying that the page could not be found blah blah blah so I double clicked again on the link it was saying could not be found and it actually did go to that page!  I tried then on Mozzilla and when I clicked on a search link it said that it could not open the specific webpage but when I looked at the address it was actually one of these redirect web addresses so I have now totally uninstalled Mozilla.  I then tried IE and it just did the same  as described earlier but did open the page after clicking on the refresh button when it told me the server or address could not be found! 

webpLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:54, on 21/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device -   - C:\Windows\system32\lxdncoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 4443 bytes

 

---