Mysterious virus is preventing me from opening programs/slowing PC significantly

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

AshtrayBroom

Thread Starter
Joined
Mar 25, 2008
Messages
5
Hey guys. If anybody knows what might be wrong, please advise. Thank you very much in advance :)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:12:34 PM, on 4/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\CDBurnerXP (bin to iso)\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\updater\explorer.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Ash\LOCALS~1\Temp\ir_ext_temp_159\autorun.exe
C:\Program Files\Active Desktop Calendar\ADC.exe
C:\Documents and Settings\Ash\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\NOD32\ekrn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ash\Desktop\Zips and Installers\HiJackThis v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B16833D-9B75-72D0-67D4-0BA93496B416} - (no file)
O2 - BHO: (no name) - {470717C2-0DBC-4B9F-A132-DF8B360263E3} - (no file)
O2 - BHO: (no name) - {5758E674-EDFB-4BC5-A8E9-448422A41746} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccPrxy.exe] ccPrxy.exe
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\NOD32\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\system32\svchost\svchost.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Ash\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\system32\svchost\svchost.exe
O4 - HKCU\..\Run: [Display Driver] C:\DOCUME~1\Ash\LOCALS~1\Temp\dispdrv.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\svchost\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\svchost\svchost.exe
O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Run: [Active Desktop Calendar] C:\Program Files\Active Desktop Calendar\ADC.exe (User '?')
O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Run: [F.lux] "C:\Documents and Settings\Ash\Local Settings\Apps\F.lux\flux.exe" /noshow (User '?')
O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Run: [HKCU] C:\WINDOWS\system32\svchost\svchost.exe (User '?')
O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Run: [Display Driver] C:\DOCUME~1\Ash\LOCALS~1\Temp\dispdrv.exe (User '?')
O4 - HKUS\S-1-5-21-839522115-926492609-725345543-1003\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\svchost\svchost.exe (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\PokerTimeMPP\MPPoker.exe (file missing) (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} (POLi Pay Online) - https://autxn.paywithpoli.com/ewcustomer/POLiPayOnline.cab
O16 - DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} (tcast control) - http://nba.tom.com/video/tcastV1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkheed - C:\WINDOWS\
O20 - Winlogon Notify: jkkli - C:\WINDOWS\
O20 - Winlogon Notify: winubg32 - C:\WINDOWS\
O21 - SSODL: System - {8843C7DC-95D8-4B32-BEB1-FE7F68B26FDB} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\NOD32\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\NOD32\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1c9b225e064b440) (gupdate1c9b225e064b440) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP (bin to iso)\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 11995 bytes
 

AshtrayBroom

Thread Starter
Joined
Mar 25, 2008
Messages
5
The computer has got even worse. I can't copy/paste and the taskbar is completely gone. Perhaps I should post an updated log. Does anybody know how I can at least back my essential files up to an external hard-drive when unable to copy/paste?
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully

Download ComboFix from Here to your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on combofix.exe & follow the prompts.​
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
 

AshtrayBroom

Thread Starter
Joined
Mar 25, 2008
Messages
5
***NOTE*** I can now copy and paste, and on an early superficial level, everything appears to be ok. According to the log, how do things look?

Thank you so much for your help so far, it has been invaluable!


ComboFix 10-04-06.01 - Ash 04/07/2010 16:15:54.1.2 - x86
Running from: c:\documents and settings\Ash\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ash\Application Data\chrtmp
c:\progra~1\COMMON~1\{3810E~1
c:\progra~1\COMMON~1\{9810E~1
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\mcrh.tmp
c:\windows\system32\svchost
c:\windows\system32\svchost\svchost.exe
c:\windows\winhelp.ini
I:\Autorun.inf
I:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-07 to 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-05 17:53 . 2010-04-05 17:53 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-04-05 17:48 . 2010-04-05 17:48 -------- d-----w- c:\windows\ERUNT
2010-04-05 16:38 . 2010-04-07 05:29 -------- d-----w- C:\SDFix
2010-04-03 20:02 . 2010-04-07 06:01 -------- d-----w- c:\program files\a-squared Anti-Malware
2010-04-03 18:57 . 2010-04-03 18:57 -------- d-----w- c:\program files\ESET
2010-04-03 18:54 . 2010-04-04 17:59 -------- d-----w- c:\documents and settings\Ash\Application Data\QuickScan
2010-04-03 18:54 . 2010-03-30 09:35 670696 ----a-w- c:\documents and settings\Ash\Application Data\Mozilla\Firefox\Profiles\bh3g95av.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-04-03 18:54 . 2010-03-30 09:34 833448 ----a-w- c:\documents and settings\Ash\Application Data\Mozilla\Firefox\Profiles\bh3g95av.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-04-03 06:10 . 2010-03-29 04:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-03 06:10 . 2010-04-03 06:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-03 06:10 . 2010-03-29 04:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 04:57 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 08:03 . 2007-03-31 08:05 -------- d-----w- c:\documents and settings\Ash\Application Data\vlc
2010-04-05 10:02 . 2007-04-10 17:50 -------- d-----w- c:\documents and settings\Ash\Application Data\uTorrent
2010-04-03 19:01 . 2007-04-28 18:03 -------- d-----w- c:\program files\Ad-Aware SE Professional
2010-04-02 22:43 . 2007-03-30 08:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-02 15:54 . 2008-07-04 16:35 -------- d-----w- c:\documents and settings\Ash\Application Data\Skype
2010-04-02 15:52 . 2008-07-04 16:36 -------- d-----w- c:\documents and settings\Ash\Application Data\skypePM
2010-03-14 18:44 . 2010-01-27 15:10 -------- d-----w- c:\program files\Mass Effect 2
2010-03-14 15:49 . 2008-09-01 10:22 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-10 16:04 . 2007-03-30 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 15:02 . 2008-02-19 13:52 -------- d-----w- c:\program files\uTorrent
2010-03-09 07:48 . 2008-01-05 10:42 -------- d-----w- c:\documents and settings\Ash\Application Data\ZoomBrowser EX
2010-03-09 07:48 . 2008-01-05 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-02-25 06:24 . 2004-08-03 13:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 23:16 . 2009-10-02 15:52 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 07:04 . 2010-02-21 07:03 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-21 07:03 . 2010-02-21 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-02-17 08:36 . 2007-11-29 09:16 -------- d-----w- c:\documents and settings\Ash\Application Data\eBookPro6
2010-02-08 02:13 . 2009-03-31 15:34 -------- d-----w- c:\program files\Google
2010-01-31 09:55 . 2007-08-09 11:09 57940 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-27 17:02 . 2010-01-27 17:02 503808 ----a-w- c:\documents and settings\Ash\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2bdfcaaf-n\msvcp71.dll
2010-01-27 17:02 . 2010-01-27 17:02 499712 ----a-w- c:\documents and settings\Ash\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2bdfcaaf-n\jmc.dll
2010-01-27 17:02 . 2010-01-27 17:02 348160 ----a-w- c:\documents and settings\Ash\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2bdfcaaf-n\msvcr71.dll
2010-01-27 17:02 . 2010-01-27 17:02 61440 ----a-w- c:\documents and settings\Ash\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5e37eec9-n\decora-sse.dll
2010-01-27 17:02 . 2010-01-27 17:02 12800 ----a-w- c:\documents and settings\Ash\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5e37eec9-n\decora-d3d.dll
2010-01-26 13:27 . 2007-03-30 08:08 71056 ----a-w- c:\documents and settings\Ash\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-18 18:32 . 2009-12-07 18:10 337824 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-18 09:30 . 2009-03-24 08:34 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-18 09:28 . 2009-03-24 08:34 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-11 11:17 . 2010-01-11 11:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 11:17 . 2010-01-11 11:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 11:17 . 2010-01-11 11:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 11:17 . 2010-01-11 11:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 11:17 . 2010-01-11 11:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-11 06:23 . 2007-04-03 13:17 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-23 16:58 . 2009-07-23 16:58 25 ----a-w- c:\program files\popcinfot.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"F.lux"="c:\documents and settings\Ash\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"egui"="c:\program files\NOD32\egui.exe" [2008-02-20 1443072]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"nwiz"="nwiz.exe" [2008-05-02 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Canon LBP3200 Status Window.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Canon LBP3200 Status Window.LNK
backup=c:\windows\pss\Canon LBP3200 Status Window.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=c:\windows\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ash^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\Ash\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ash^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Ash\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VaCtrls]
v7 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2006-11-17 01:05 1953792 ----a-r- c:\windows\system32\JMRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-17 21:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 05:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 02:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-08 11:09 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2007-08-31 19:13 988584 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2006-10-31 04:44 36864 ------r- c:\windows\JM\JMInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-02 11:46 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 01:36 50472 ------w- c:\program files\Cyberlink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 15:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-11 17:01 32768 ----a-w- c:\program files\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 10:23 83240 ------w- c:\program files\Cyberlink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2009-01-02 01:32 306088 ----a-w- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 02:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ----a-r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-10-27 09:14 1217808 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 08:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\djhigh\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Steam\\SteamApps\\[email protected]\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\[email protected]\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Cyberlink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Ash\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Steam\\SteamApps\\[email protected]\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\zero gear\\ZeroGear.bat"=
"c:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9218:TCP"= 9218:TCP:BitComet 9218 TCP
"9218:UDP"= 9218:UDP:BitComet 9218 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-07-03 682232]
R2 gupdate1c9b225e064b440;Google Update Service (gupdate1c9b225e064b440);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 133104]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-02-06 13224]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-06-04 90408]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-06-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-06-04 122024]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-06-04 115368]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-06-04 25768]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-06-04 111784]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-06-04 117544]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
S2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [2009-10-01 1858144]
S2 ekrn;Eset Service;c:\program files\NOD32\ekrn.exe [2008-02-20 472320]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
2008-02-07 23:53 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 02:34]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 17:26]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 17:26]

2010-04-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 08:20]

2010-04-02 c:\windows\Tasks\User_Feed_Synchronization-{E1877A2E-C316-4956-82D4-06005C998D32}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} - hxxps://autxn.paywithpoli.com/ewcustomer/POLiPayOnline.cab
DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} - hxxp://nba.tom.com/video/tcastV1.cab
FF - ProfilePath - c:\documents and settings\Ash\Application Data\Mozilla\Firefox\Profiles\bh3g95av.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\documents and settings\Ash\Application Data\Mozilla\Firefox\Profiles\bh3g95av.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\Ash\Application Data\Mozilla\Firefox\Profiles\bh3g95av.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\Ash\Application Data\Mozilla\Firefox\Profiles\bh3g95av.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{0B16833D-9B75-72D0-67D4-0BA93496B416} - (no file)
BHO-{470717C2-0DBC-4B9F-A132-DF8B360263E3} - (no file)
BHO-{5758E674-EDFB-4BC5-A8E9-448422A41746} - (no file)
HKCU-Run-Active Desktop Calendar - c:\program files\Active Desktop Calendar\ADC.exe
HKLM-Run-ccPrxy.exe - ccPrxy.exe
HKLM-Run-POEngine - (no file)
Notify-jkkheed - (no file)
Notify-jkkli - (no file)
Notify-winubg32 - (no file)
SafeBoot-Wdf01000.sys
MSConfigStartUp-Active Desktop Calendar - c:\program files\Active Desktop Calendar\ADC.exe
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-BoostSpeed - c:\program files\AusLogics BoostSpeed\BoostSpeed.exe
MSConfigStartUp-CTDrive - c:\windows\system32\drvraf.dll
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-LanguageShortcut - c:\program files\PowerDVD\Language\Language.exe
MSConfigStartUp-manager - c:\windows\System32\drivers\setup\manager.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
MSConfigStartUp-SoundService - c:\windows\system32\enryxoiv.dll
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-Tunebite - c:\program files\RapidSolution\Tunebite\Tunebite.exe
MSConfigStartUp-ulrfsxk - c:\windows\system32\ulrfsxk.dll
ActiveSetup-{2420E745-734N-A5M6-3528-514CFHJ5W68U} - c:\windows\system32\svchost\svchost.exe
AddRemove-Call of Duty Modern Warfare 2_is1 - c:\program files\Activision\Modern Warfare 2\unins000.exe
AddRemove-HijackThis - c:\documents and settings\Ash\Desktop\Zips and Installers\HijackThis.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-OpenAL - c:\program files\OpenAL\oalinst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 16:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-926492609-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:16,48,74,cb,5c,d6,72,87,d0,9b,fc,c0,d4,72,89,43,58,cd,2d,8b,80,a1,04,
97,43,8b,3e,c7,3e,0b,0e,42,68,20,62,fe,8e,3c,a7,81,41,83,eb,2e,95,11,c1,06,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-839522115-926492609-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:d0,3d,74,ab,0d,ff,07,c7,56,d4,76,0a,c3,40,b0,88,33,39,8b,d9,a8,
42,a1,fd,a7,44,24,c4,50,c9,ac,6e,63,e1,0e,04,31,a0,21,47,8d,6b,ec,bd,6a,fe,\
"rkeysecu"=hex:5d,dd,f3,9e,c6,03,a4,68,15,50,46,21,46,e7,45,1c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="6DE00BC5D665AD8EAD7B85EB550CF2B1A83B23BF90FBEFB865BEE133F13769052410D684D1FD2E738E06F267F467E1E6F903DB8411BA5EB7BFFC53446D259F6094502AED883A468307EEC98ED3BFA2C379D4493D015154663952932159D177C39E259F50292AE613BF5D367E3BDA07F8B61A47F360DA2370EC11D0DF8F4BE37A04E3D671897243A746CC69C6181321E8A81438A55607E036DADC3E0C0F349981EEB5720A1FCAD07C0B0B956EFAD3C82BA6567F45AC96654DE2AE0FA47A46140BE99A99C2887FCAFE613B726C97A01CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6A0AC4980AC7933BA7FD869164D67942C04050A42E571967CF84118FA02FE2BE250B8EBD2F6A80385F2A07F8A8727FB3CFDA8AC4D00A4661AB3A6B5216D9392BFFA885722EDCBF0FE7421790E8777BE511E3FD7A214DC469A031756C738E5AD407EFA4A0E7483518893DF6DFBB9E0B655C4BD4AA5165F8BA5912FC920706DAF68726FC4B7CF1F58A2EEA3AD003BA33AE6BAED45301E054C94725CE3CE45B9126ECE9BCA2EEB81808109038F3851196256AC6E900DE7B9E27517E0FBED8DEA1140F084E4F854A0850EC76C6CB7E0AB0FA829B0F67CD2FD6F0CDAD5ED09BFB6ABFA9B0822123B85E9E4F59F240776DA6019A179C5B1E464D44EF62599A1FA66A57372558F66785072554231959F3F393E147064CF56C2183AE60F0CE2AD7FD58831FE7045590433A7E43E0AA7708F6F523B4F5D6D063BD20A34269E301531F8A06E2F30D8C07CF2564CE168C3DD5EB709645E27F7CE3C66F44924C3EE351AD2FC1D55C1E96523E911F785DA583D4561979720D64E375BB5EC6BD5B58C5E67FD72DE25A396875F08AC87E947D5DA84D07295FCD753B64FBAA995EB03FE57E8A5190BB9AA84D6394EC1D0AEE6B174FDFAD3CC3FE56D38F200A6777A103DD7948ECC2F0E7DDC7A6054ADDB5C46E73F396E39649795879CC82722727991C10E020B2D0986984C8D26C212645CC5F2DFE047663598498FB77364201E46930D1A6F859F0CE64C821B7F5753DCFD99D7F3C3BADF4C39BBF852BA7FE6C2A0F3A210BC7BCBE0D7BA35A887671AE7F2CB9908D48F71EC56FCBAA78A5482612EE60B7A70FD9D62685D9B297BD6555ED1B842202B20A88B2FEC4E67F2D4C02CF47150D531B2C520097FF3093D2035CC149060B282DD56D165C0B3B52883B688E2700493CC51375D8FC0FE2553522EF4995906AC384A129C8283EB2C01F8B991C811B818B5A8AB9235147F4F660FFA4A246A47EA50FC35FDEF92FED47A62E515D956853DFD991EE917423FCEC60D17F55BF0BEC070A15FBCFE9FF63135FE1B16AF9686CE61994FC437678A5C6395C4D3C76E89F6E477F0CF"
.
Completion time: 2010-04-07 16:20:56
ComboFix-quarantined-files.txt 2010-04-07 06:20

Pre-Run: 71,900,467,200 bytes free
Post-Run: 72,221,913,088 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn

- - End Of File - - 5E24B1A422B4A3E52AADFD6F71BAAE84
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
that looks clear but it also looks like a hack for NOD is installed, which is the absolute height of stupidity

The ONE program that is so dangerous to apply a hack to is your antivirus as you have no way of knowing if it is detecting & doing what it should & protecting you

* Run Kaspersky online virus scan Kaspersky Online Scanner.

After the updates have downloaded, click on the "Scan Settings" button.
select the (b)"Spyware, Adware, Dialers and other potentially dangerous programs" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: Kavscan is a scanner only & won't fix anything but will normally find the most infected files so it's report gives us a good place to work from

If that won't run then
Run an online antivirus check from one of the following sites

http://www.eset.com/online-scanner
http://www.pandasoftware.com/activescan/
http://www.bitdefender.com/scan8/ie.html
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top