1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Mysterious virus is preventing me from opening programs/slowing PC significantly

Discussion in 'Virus & Other Malware Removal' started by AshtrayBroom, Apr 3, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. AshtrayBroom

    AshtrayBroom Thread Starter

    Joined:
    Mar 25, 2008
    Messages:
    5
    Hey guys. If anybody knows what might be wrong, please advise. Thank you very much in advance :)

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 5:12:34 PM, on 4/3/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\CDBurnerXP (bin to iso)\NMSAccessU.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\updater\explorer.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\WINDOWS\system32\oodtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\DOCUME~1\Ash\LOCALS~1\Temp\ir_ext_temp_159\autorun.exe
    C:\Program Files\Active Desktop Calendar\ADC.exe
    C:\Documents and Settings\Ash\Local Settings\Apps\F.lux\flux.exe
    C:\Program Files\NOD32\ekrn.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Ash\Desktop\Zips and Installers\HiJackThis v2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0B16833D-9B75-72D0-67D4-0BA93496B416} - (no file)
    O2 - BHO: (no name) - {470717C2-0DBC-4B9F-A132-DF8B360263E3} - (no file)
    O2 - BHO: (no name) - {5758E674-EDFB-4BC5-A8E9-448422A41746} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ccPrxy.exe] ccPrxy.exe
    O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\NOD32\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\system32\svchost\svchost.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\Active Desktop Calendar\ADC.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Ash\Local Settings\Apps\F.lux\flux.exe" /noshow
    O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\system32\svchost\svchost.exe
    O4 - HKCU\..\Run: [Display Driver] C:\DOCUME~1\Ash\LOCALS~1\Temp\dispdrv.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\svchost\svchost.exe
    O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\svchost\svchost.exe
    O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Run: [Active Desktop Calendar] C:\Program Files\Active Desktop Calendar\ADC.exe (User '?')
    O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
    O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Run: [F.lux] "C:\Documents and Settings\Ash\Local Settings\Apps\F.lux\flux.exe" /noshow (User '?')
    O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Run: [HKCU] C:\WINDOWS\system32\svchost\svchost.exe (User '?')
    O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Run: [Display Driver] C:\DOCUME~1\Ash\LOCALS~1\Temp\dispdrv.exe (User '?')
    O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\svchost\svchost.exe (User '?')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\PokerTimeMPP\MPPoker.exe (file missing) (HKCU)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
    O16 - DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} (POLi Pay Online) - https://autxn.paywithpoli.com/ewcustomer/POLiPayOnline.cab
    O16 - DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} (tcast control) - http://nba.tom.com/video/tcastV1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: jkkheed - C:\WINDOWS\
    O20 - Winlogon Notify: jkkli - C:\WINDOWS\
    O20 - Winlogon Notify: winubg32 - C:\WINDOWS\
    O21 - SSODL: System - {8843C7DC-95D8-4B32-BEB1-FE7F68B26FDB} - (no file)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\NOD32\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\NOD32\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: Google Update Service (gupdate1c9b225e064b440) (gupdate1c9b225e064b440) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP (bin to iso)\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

    --
    End of file - 11995 bytes
     
  2. AshtrayBroom

    AshtrayBroom Thread Starter

    Joined:
    Mar 25, 2008
    Messages:
    5
    The computer has got even worse. I can't copy/paste and the taskbar is completely gone. Perhaps I should post an updated log. Does anybody know how I can at least back my essential files up to an external hard-drive when unable to copy/paste?
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully

    Download ComboFix from Here to your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
     
  4. AshtrayBroom

    AshtrayBroom Thread Starter

    Joined:
    Mar 25, 2008
    Messages:
    5
    ***NOTE*** I can now copy and paste, and on an early superficial level, everything appears to be ok. According to the log, how do things look?

    Thank you so much for your help so far, it has been invaluable!


    ComboFix 10-04-06.01 - Ash 04/07/2010 16:15:54.1.2 - x86
    Running from: c:\documents and settings\Ash\Desktop\ComboFix.exe
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Ash\Application Data\chrtmp
    c:\progra~1\COMMON~1\{3810E~1
    c:\progra~1\COMMON~1\{9810E~1
    c:\windows\a3kebook.ini
    c:\windows\akebook.ini
    c:\windows\ANS2000.INI
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\svchost
    c:\windows\system32\svchost\svchost.exe
    c:\windows\winhelp.ini
    I:\Autorun.inf
    I:\install.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-03-07 to 2010-04-07 )))))))))))))))))))))))))))))))
    .

    2010-04-05 17:53 . 2010-04-05 17:53 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
    2010-04-05 17:48 . 2010-04-05 17:48 -------- d-----w- c:\windows\ERUNT
    2010-04-05 16:38 . 2010-04-07 05:29 -------- d-----w- C:\SDFix
    2010-04-03 20:02 . 2010-04-07 06:01 -------- d-----w- c:\program files\a-squared Anti-Malware
    2010-04-03 18:57 . 2010-04-03 18:57 -------- d-----w- c:\program files\ESET
    2010-04-03 18:54 . 2010-04-04 17:59 -------- d-----w- c:\documents and settings\Ash\Application Data\QuickScan
    2010-04-03 18:54 . 2010-03-30 09:35 670696 ----a-w- c:\documents and settings\Ash\Application Data\Mozilla\Firefox\Profiles\bh3g95av.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    2010-04-03 18:54 . 2010-03-30 09:34 833448 ----a-w- c:\documents and settings\Ash\Application Data\Mozilla\Firefox\Profiles\bh3g95av.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    2010-04-03 06:10 . 2010-03-29 04:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-03 06:10 . 2010-04-03 06:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-03 06:10 . 2010-03-29 04:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-10 04:57 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-06 08:03 . 2007-03-31 08:05 -------- d-----w- c:\documents and settings\Ash\Application Data\vlc
    2010-04-05 10:02 . 2007-04-10 17:50 -------- d-----w- c:\documents and settings\Ash\Application Data\uTorrent
    2010-04-03 19:01 . 2007-04-28 18:03 -------- d-----w- c:\program files\Ad-Aware SE Professional
    2010-04-02 22:43 . 2007-03-30 08:03 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-04-02 15:54 . 2008-07-04 16:35 -------- d-----w- c:\documents and settings\Ash\Application Data\Skype
    2010-04-02 15:52 . 2008-07-04 16:36 -------- d-----w- c:\documents and settings\Ash\Application Data\skypePM
    2010-03-14 18:44 . 2010-01-27 15:10 -------- d-----w- c:\program files\Mass Effect 2
    2010-03-14 15:49 . 2008-09-01 10:22 -------- d-----w- c:\program files\Windows Live Safety Center
    2010-03-10 16:04 . 2007-03-30 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-03-09 15:02 . 2008-02-19 13:52 -------- d-----w- c:\program files\uTorrent
    2010-03-09 07:48 . 2008-01-05 10:42 -------- d-----w- c:\documents and settings\Ash\Application Data\ZoomBrowser EX
    2010-03-09 07:48 . 2008-01-05 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
    2010-02-25 06:24 . 2004-08-03 13:56 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-23 23:16 . 2009-10-02 15:52 181632 ------w- c:\windows\system32\MpSigStub.exe
    2010-02-21 07:04 . 2010-02-21 07:03 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-02-21 07:03 . 2010-02-21 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2010-02-17 08:36 . 2007-11-29 09:16 -------- d-----w- c:\documents and settings\Ash\Application Data\eBookPro6
    2010-02-08 02:13 . 2009-03-31 15:34 -------- d-----w- c:\program files\Google
    2010-01-31 09:55 . 2007-08-09 11:09 57940 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-01-27 17:02 . 2010-01-27 17:02 503808 ----a-w- c:\documents and settings\Ash\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2bdfcaaf-n\msvcp71.dll
    2010-01-27 17:02 . 2010-01-27 17:02 499712 ----a-w- c:\documents and settings\Ash\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2bdfcaaf-n\jmc.dll
    2010-01-27 17:02 . 2010-01-27 17:02 348160 ----a-w- c:\documents and settings\Ash\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2bdfcaaf-n\msvcr71.dll
    2010-01-27 17:02 . 2010-01-27 17:02 61440 ----a-w- c:\documents and settings\Ash\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5e37eec9-n\decora-sse.dll
    2010-01-27 17:02 . 2010-01-27 17:02 12800 ----a-w- c:\documents and settings\Ash\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5e37eec9-n\decora-d3d.dll
    2010-01-26 13:27 . 2007-03-30 08:08 71056 ----a-w- c:\documents and settings\Ash\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-18 18:32 . 2009-12-07 18:10 337824 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-01-18 09:30 . 2009-03-24 08:34 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-01-18 09:28 . 2009-03-24 08:34 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-01-11 11:17 . 2010-01-11 11:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
    2010-01-11 11:17 . 2010-01-11 11:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
    2010-01-11 11:17 . 2010-01-11 11:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
    2010-01-11 11:17 . 2010-01-11 11:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-01-11 11:17 . 2010-01-11 11:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2010-01-11 06:23 . 2007-04-03 13:17 110592 ----a-w- c:\windows\system32\OpenAL32.dll
    2009-07-23 16:58 . 2009-07-23 16:58 25 ----a-w- c:\program files\popcinfot.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "F.lux"="c:\documents and settings\Ash\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
    "egui"="c:\program files\NOD32\egui.exe" [2008-02-20 1443072]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
    "OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
    "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-17 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "nwiz"="nwiz.exe" [2008-05-02 1630208]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
    backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Canon LBP3200 Status Window.LNK]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Canon LBP3200 Status Window.LNK
    backup=c:\windows\pss\Canon LBP3200 Status Window.LNKCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
    backup=c:\windows\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Ash^Start Menu^Programs^Startup^Last.fm Helper.lnk]
    path=c:\documents and settings\Ash\Start Menu\Programs\Startup\Last.fm Helper.lnk
    backup=c:\windows\pss\Last.fm Helper.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Ash^Start Menu^Programs^Startup^Xfire.lnk]
    path=c:\documents and settings\Ash\Start Menu\Programs\Startup\Xfire.lnk
    backup=c:\windows\pss\Xfire.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VaCtrls]
    v7 [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
    2006-11-17 01:05 1953792 ----a-r- c:\windows\system32\JMRaidSetup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-17 21:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 05:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    2006-11-13 02:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-09-08 11:09 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
    2007-08-31 19:13 988584 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
    2006-10-31 04:44 36864 ------r- c:\windows\JM\JMInsIDE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-05-02 11:46 1630208 ----a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
    2007-12-14 01:36 50472 ------w- c:\program files\Cyberlink\PowerDVD8\Language\Language.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-04 15:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2005-01-11 17:01 32768 ----a-w- c:\program files\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
    2008-03-20 10:23 83240 ------w- c:\program files\Cyberlink\PowerDVD8\PDVD8Serv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
    2009-01-02 01:32 306088 ----a-w- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2009-10-09 02:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    2006-05-16 10:04 2879488 ----a-r- c:\windows\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2009-10-27 09:14 1217808 ----a-w- c:\program files\Steam\steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2006-11-03 08:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\uTorrent\\utorrent.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\djhigh\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\Hamachi\\hamachi.exe"=
    "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\[email protected]\\team fortress 2\\hl2.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\[email protected]\\source sdk base\\hl2.exe"=
    "c:\\Program Files\\Cyberlink\\PowerDVD8\\PowerDVD8.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Documents and Settings\\Ash\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
    "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
    "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\[email protected]\\source sdk base 2007\\hl2.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\WINDOWS\\system32\\rtcshare.exe"=
    "c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\zero gear\\ZeroGear.bat"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
    "c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
    "c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9218:TCP"= 9218:TCP:BitComet 9218 TCP
    "9218:UDP"= 9218:UDP:BitComet 9218 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-07-03 682232]
    R2 gupdate1c9b225e064b440;Google Update Service (gupdate1c9b225e064b440);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 133104]
    R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-02-06 13224]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
    R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-06-04 90408]
    R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-06-04 15016]
    R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-06-04 122024]
    R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-06-04 115368]
    R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-06-04 25768]
    R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-06-04 111784]
    R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-06-04 117544]
    S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
    S2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [2009-10-01 1858144]
    S2 ekrn;Eset Service;c:\program files\NOD32\ekrn.exe [2008-02-20 472320]
    S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
    2008-02-07 23:53 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 02:34]

    2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 17:26]

    2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 17:26]

    2010-04-02 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 08:20]

    2010-04-02 c:\windows\Tasks\User_Feed_Synchronization-{E1877A2E-C316-4956-82D4-06005C998D32}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 18:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} - hxxps://autxn.paywithpoli.com/ewcustomer/POLiPayOnline.cab
    DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} - hxxp://nba.tom.com/video/tcastV1.cab
    FF - ProfilePath - c:\documents and settings\Ash\Application Data\Mozilla\Firefox\Profiles\bh3g95av.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
    FF - component: c:\documents and settings\Ash\Application Data\Mozilla\Firefox\Profiles\bh3g95av.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    FF - plugin: c:\documents and settings\Ash\Application Data\Mozilla\Firefox\Profiles\bh3g95av.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\documents and settings\Ash\Application Data\Mozilla\Firefox\Profiles\bh3g95av.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{0B16833D-9B75-72D0-67D4-0BA93496B416} - (no file)
    BHO-{470717C2-0DBC-4B9F-A132-DF8B360263E3} - (no file)
    BHO-{5758E674-EDFB-4BC5-A8E9-448422A41746} - (no file)
    HKCU-Run-Active Desktop Calendar - c:\program files\Active Desktop Calendar\ADC.exe
    HKLM-Run-ccPrxy.exe - ccPrxy.exe
    HKLM-Run-POEngine - (no file)
    Notify-jkkheed - (no file)
    Notify-jkkli - (no file)
    Notify-winubg32 - (no file)
    SafeBoot-Wdf01000.sys
    MSConfigStartUp-Active Desktop Calendar - c:\program files\Active Desktop Calendar\ADC.exe
    MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
    MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    MSConfigStartUp-BoostSpeed - c:\program files\AusLogics BoostSpeed\BoostSpeed.exe
    MSConfigStartUp-CTDrive - c:\windows\system32\drvraf.dll
    MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
    MSConfigStartUp-LanguageShortcut - c:\program files\PowerDVD\Language\Language.exe
    MSConfigStartUp-manager - c:\windows\System32\drivers\setup\manager.exe
    MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe
    MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    MSConfigStartUp-SoundService - c:\windows\system32\enryxoiv.dll
    MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
    MSConfigStartUp-Tunebite - c:\program files\RapidSolution\Tunebite\Tunebite.exe
    MSConfigStartUp-ulrfsxk - c:\windows\system32\ulrfsxk.dll
    ActiveSetup-{2420E745-734N-A5M6-3528-514CFHJ5W68U} - c:\windows\system32\svchost\svchost.exe
    AddRemove-Call of Duty Modern Warfare 2_is1 - c:\program files\Activision\Modern Warfare 2\unins000.exe
    AddRemove-HijackThis - c:\documents and settings\Ash\Desktop\Zips and Installers\HijackThis.exe
    AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
    AddRemove-OpenAL - c:\program files\OpenAL\oalinst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-07 16:19
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-839522115-926492609-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:16,48,74,cb,5c,d6,72,87,d0,9b,fc,c0,d4,72,89,43,58,cd,2d,8b,80,a1,04,
    97,43,8b,3e,c7,3e,0b,0e,42,68,20,62,fe,8e,3c,a7,81,41,83,eb,2e,95,11,c1,06,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

    [HKEY_USERS\S-1-5-21-839522115-926492609-725345543-1003\Software\SecuROM\License information*]
    "datasecu"=hex:d0,3d,74,ab,0d,ff,07,c7,56,d4,76,0a,c3,40,b0,88,33,39,8b,d9,a8,
    42,a1,fd,a7,44,24,c4,50,c9,ac,6e,63,e1,0e,04,31,a0,21,47,8d,6b,ec,bd,6a,fe,\
    "rkeysecu"=hex:5d,dd,f3,9e,c6,03,a4,68,15,50,46,21,46,e7,45,1c

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG11.00.00.01WORKSTATION"="6DE00BC5D665AD8EAD7B85EB550CF2B1A83B23BF90FBEFB865BEE133F13769052410D684D1FD2E738E06F267F467E1E6F903DB8411BA5EB7BFFC53446D259F6094502AED883A468307EEC98ED3BFA2C379D4493D015154663952932159D177C39E259F50292AE613BF5D367E3BDA07F8B61A47F360DA2370EC11D0DF8F4BE37A04E3D671897243A746CC69C6181321E8A81438A55607E036DADC3E0C0F349981EEB5720A1FCAD07C0B0B956EFAD3C82BA6567F45AC96654DE2AE0FA47A46140BE99A99C2887FCAFE613B726C97A01CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6A0AC4980AC7933BA7FD869164D67942C04050A42E571967CF84118FA02FE2BE250B8EBD2F6A80385F2A07F8A8727FB3CFDA8AC4D00A4661AB3A6B5216D9392BFFA885722EDCBF0FE7421790E8777BE511E3FD7A214DC469A031756C738E5AD407EFA4A0E7483518893DF6DFBB9E0B655C4BD4AA5165F8BA5912FC920706DAF68726FC4B7CF1F58A2EEA3AD003BA33AE6BAED45301E054C94725CE3CE45B9126ECE9BCA2EEB81808109038F3851196256AC6E900DE7B9E27517E0FBED8DEA1140F084E4F854A0850EC76C6CB7E0AB0FA829B0F67CD2FD6F0CDAD5ED09BFB6ABFA9B0822123B85E9E4F59F240776DA6019A179C5B1E464D44EF62599A1FA66A57372558F66785072554231959F3F393E147064CF56C2183AE60F0CE2AD7FD58831FE7045590433A7E43E0AA7708F6F523B4F5D6D063BD20A34269E301531F8A06E2F30D8C07CF2564CE168C3DD5EB709645E27F7CE3C66F44924C3EE351AD2FC1D55C1E96523E911F785DA583D4561979720D64E375BB5EC6BD5B58C5E67FD72DE25A396875F08AC87E947D5DA84D07295FCD753B64FBAA995EB03FE57E8A5190BB9AA84D6394EC1D0AEE6B174FDFAD3CC3FE56D38F200A6777A103DD7948ECC2F0E7DDC7A6054ADDB5C46E73F396E39649795879CC82722727991C10E020B2D0986984C8D26C212645CC5F2DFE047663598498FB77364201E46930D1A6F859F0CE64C821B7F5753DCFD99D7F3C3BADF4C39BBF852BA7FE6C2A0F3A210BC7BCBE0D7BA35A887671AE7F2CB9908D48F71EC56FCBAA78A5482612EE60B7A70FD9D62685D9B297BD6555ED1B842202B20A88B2FEC4E67F2D4C02CF47150D531B2C520097FF3093D2035CC149060B282DD56D165C0B3B52883B688E2700493CC51375D8FC0FE2553522EF4995906AC384A129C8283EB2C01F8B991C811B818B5A8AB9235147F4F660FFA4A246A47EA50FC35FDEF92FED47A62E515D956853DFD991EE917423FCEC60D17F55BF0BEC070A15FBCFE9FF63135FE1B16AF9686CE61994FC437678A5C6395C4D3C76E89F6E477F0CF"
    .
    Completion time: 2010-04-07 16:20:56
    ComboFix-quarantined-files.txt 2010-04-07 06:20

    Pre-Run: 71,900,467,200 bytes free
    Post-Run: 72,221,913,088 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn

    - - End Of File - - 5E24B1A422B4A3E52AADFD6F71BAAE84
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    that looks clear but it also looks like a hack for NOD is installed, which is the absolute height of stupidity

    The ONE program that is so dangerous to apply a hack to is your antivirus as you have no way of knowing if it is detecting & doing what it should & protecting you

    * Run Kaspersky online virus scan Kaspersky Online Scanner.

    After the updates have downloaded, click on the "Scan Settings" button.
    select the (b)"Spyware, Adware, Dialers and other potentially dangerous programs" for the scan.
    Under "Please select a target to scan", click "My Computer".
    When the scan is finished, Save the results from the scan!

    Note: Kavscan is a scanner only & won't fix anything but will normally find the most infected files so it's report gives us a good place to work from

    If that won't run then
    Run an online antivirus check from one of the following sites

    http://www.eset.com/online-scanner
    http://www.pandasoftware.com/activescan/
    http://www.bitdefender.com/scan8/ie.html
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/914413

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice