Hijack this log check please

dark_angel

dark_angel

Member
Hi,
I turned my computer of last night and then turned it on this morning and half the programs that should open on startup didn't. I can't open them manually. I go to task manager and they are listed they but i can't see them. I have started up in safe mode and i can access my computer which i can't do normally. I ran superspyware remover and found nothing. I ran avast and found nothing.

I have attached a malwaybytes log so if someone can look at that. I suspect it is something starting up and stopping things from running. I have disabled all startup things in msconfig in safe mode but still nothing.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:31 PM, on 21/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
G:\RepairKit\Virus Removal\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O1 - Hosts: 119.42.146.36 www.warez-bb.org
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\IDM\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download All by ASUS Download - C:\Program Files\ASUS\RT-N13U Wireless Router Utilities\ASDownloadAll.htm
O8 - Extra context menu item: Download all links with IDM - E:\IDM\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - E:\IDM\IEGetVL.htm
O8 - Extra context menu item: Download using ASUS Download - C:\Program Files\ASUS\RT-N13U Wireless Router Utilities\ASDownload.htm
O8 - Extra context menu item: Download with IDM - E:\IDM\IEExt.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273807611328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273807598109
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Abyss Web Server (AbyssWebServer) - Unknown owner - C:\Program Files\Abyss Web Server\abyssws.exe (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - E:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 7945 bytes
 
Hi I've just tried to install it and it won't let me install hijack this saying system admin has set policy to prevent this. I tried renaming to hjt.com put still no good. Anything i can do?
 
Try this:
Please download exeHelper.com by Raktor to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up; press any key to close it once the fix is completed.

Note: If the window shows a message that says Error deleting file, please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

There's a different version of exeHelper at the link below if that one won't run.
http://www.raktor.net/exeHelper/exeHelper.scr

-----------------------------------------------------

If that doesn't work.......

See if this will work, if you have a USB pen, run it from there: (Run it in regular mode if you can)

VIPRE Rescue Program is a new anti-malware utility that runs from the command prompt that will scan for and remove most malware including rootkits. It will run when other programs won't.

It's easy to use:

1. Download VIPRE Rescue to your desktop (it's a big download about 80mb.....takes about 4-5 minutes on broadband)

2. Double click on the VIPRE Rescue icon, it will ask if you want to extract VIPRE Rescue Scanner to your computer, click yes.

3. The "WinZip Self- Extractor" window will pop-up, click Unzip
It should by default unzip to C:
Make sure the checkbox for "When done unzipping open: .\deep_scan.bat" is checked
After the files are unzipped, click OK

4. VIPRE Rescue will now run automatically and perform a deep (full) scan.

5. When it's done, type exit and press enter to close the program.

6. The log isn't that good but will be in the VIPRERESCUE folder and listed as documents and CSV files.

<++++++><++++++><++++++><++++++><++++++><++++++>

If you find that you can't download any programs to the infected computer, you can download VIPRERescue to a USB drive on another computer.

Then plug the drive into the infected computer, navigate to the drive and double click on VIPRERescue**** and follow the directions above starting at #2.

MrC
 
Last edited:
maybe you have a boottime virus , right click on my computer and go to manage, then local users and groups, then users... whats under users?
 
Please reenable everything in msconfig, reboot the computer and post a fresh hijackthis log.

You said you attached a malwarebytes log? Please just copy and paste the log in a new reply.
 
Hi yes i do own the computer , it is my personal one. I looked under users and i have administrator, cam which is me, guest and asp.net which is disabled and help which is disabled.

Sorry i thought i had atttached the malwarebytes log. I'll attach it after i run hijackthis again with everything enabled. The malewarebytes didn't find anything though so it just says nothing found for everything. And i can only run an exe of hijackthis in safe mode as i can't install it. It is stopping me even if i rename it.
 
this is hijackthis log with everything enabled running in safe mode
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:05 AM, on 22/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 119.42.146.36 www.warez-bb.org
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\IDM\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
O4 - HKLM\..\Run: [RemoteX] "C:\Program Files\RemoteX\RemoteX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Desktop Disc Tool] "E:\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CPMonitor] "E:\Roxio 2010\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: UltraMon.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273807611328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273807598109
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - E:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 9733 bytes

this is malewarebytes log - this scan it actually found 2 things
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

22/05/2010 10:59:31 AM
mbam-log-2010-05-22 (10-59-31).txt

Scan type: Quick scan
Objects scanned: 126915
Time elapsed: 11 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Cam\Local Settings\Temp\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.

also this is the exehelper log
exeHelper by Raktor
Build 20100414
Run at 11:19:28 on 05/22/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
 
Ok. These entries need to be fixed by hijackthis.

R3 - Default URLSearchHook is missing
O1 - Hosts: 119.42.146.36 www.warez-bb.org
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\IDM\IDMIECC.dll
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Desktop Disc Tool] "E:\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

Then click on fix checked at the bottom.

Now try installing hijackthis in normal mode by using this link

http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Redownload the file and try installing it. If it still won't work, you still may have infections, please do the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.

In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
ok this is new hijackthis log. it installed in normal mode but wouldn't run so all in safe mode still.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:50 PM, on 22/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteX] "C:\Program Files\RemoteX\RemoteX.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CPMonitor] "E:\Roxio 2010\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\RepairKit\Virus Removal\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RGSC] C:\Games\Grand Theft Auto IV\RGSC\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [JFSW2Launch] C:\Documents and Settings\Cam\Application Data\Transcend\JFSW2\JFSW2Launch.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - HKCU\..\Run: [Download Master] C:\Program Files\ASUS\RT-N13U Wireless Router Utilities\Download.exe /hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Download All by ASUS Download - C:\Program Files\ASUS\RT-N13U Wireless Router Utilities\ASDownloadAll.htm
O8 - Extra context menu item: Download all links with IDM - E:\IDM\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - E:\IDM\IEGetVL.htm
O8 - Extra context menu item: Download using ASUS Download - C:\Program Files\ASUS\RT-N13U Wireless Router Utilities\ASDownload.htm
O8 - Extra context menu item: Download with IDM - E:\IDM\IEExt.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273807611328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273807598109
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - E:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 10117 bytes
 
And Combofix log
ComboFix 10-05-21.04 - Cam 22/05/2010 13:12:12.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1755 [GMT 10:00]
Running from: c:\documents and settings\Cam\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100518-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Cam\Application Data\inst.exe
c:\documents and settings\Cam\Application Data\PnkBstrB.exe
c:\windows\system32\Data
c:\windows\system32\SHELLLNK.TLB
E:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-22 to 2010-05-22 )))))))))))))))))))))))))))))))
.

2010-05-22 02:45 . 2010-05-22 02:45 -------- d-----w- c:\program files\Trend Micro
2010-05-22 01:13 . 2010-05-22 01:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-21 08:59 . 2010-05-21 08:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-05-21 08:56 . 2010-05-21 08:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-05-21 08:42 . 2010-05-21 08:42 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-05-21 02:58 . 2010-05-21 02:58 -------- d-----w- c:\documents and settings\Cam\Application Data\SUPERAntiSpyware.com
2010-05-21 02:58 . 2010-05-21 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-21 02:57 . 2010-05-21 02:57 389120 ----a-w- c:\windows\system32\CF21852.exe
2010-05-21 00:33 . 2010-05-21 00:33 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-20 04:10 . 2010-05-20 04:10 -------- d-----w- c:\documents and settings\Cam\Application Data\visionapp
2010-05-15 13:54 . 2010-05-15 13:54 -------- d-----w- c:\documents and settings\Cam\Local Settings\Application Data\storage
2010-05-15 05:45 . 2007-08-30 12:00 244608 ----a-w- c:\windows\system32\drivers\c2scsi.sys
2010-05-13 10:07 . 2005-03-20 05:15 237568 ----a-w- c:\windows\system32\FieldLines.scr
2010-05-13 10:07 . 2005-03-20 05:15 229376 ----a-w- c:\windows\system32\Plasma.scr
2010-05-13 10:07 . 2005-03-20 05:15 532480 ----a-w- c:\windows\system32\Hyperspace.scr
2010-05-13 10:07 . 2005-03-20 05:15 245760 ----a-w- c:\windows\system32\Flux.scr
2010-05-13 10:07 . 2005-03-20 05:15 6094848 ----a-w- c:\windows\system32\Skyrocket.scr
2010-05-13 10:07 . 2005-03-20 05:15 249856 ----a-w- c:\windows\system32\Flocks.scr
2010-05-13 10:07 . 2005-03-20 05:15 483328 ----a-w- c:\windows\system32\Helios.scr
2010-05-13 10:07 . 2005-03-20 05:15 1908736 ----a-w- c:\windows\system32\Lattice.scr
2010-05-13 10:07 . 2005-03-20 05:15 274432 ----a-w- c:\windows\system32\Cyclone.scr
2010-05-13 10:07 . 2005-03-20 05:15 237568 ----a-w- c:\windows\system32\SolarWinds.scr
2010-05-13 03:53 . 2010-05-13 03:53 -------- d-----w- c:\documents and settings\Cam\Local Settings\Application Data\Realtime Soft
2010-05-13 03:46 . 2010-05-13 03:46 -------- d-----w- c:\documents and settings\Cam\Application Data\Realtime Soft
2010-05-13 03:46 . 2010-05-13 03:46 -------- d-----w- c:\program files\Common Files\Realtime Soft
2010-05-13 03:46 . 2010-05-13 03:46 -------- d-----w- c:\program files\UltraMon
2010-05-13 03:46 . 2010-05-13 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Realtime Soft
2010-05-02 05:40 . 2010-05-02 05:40 -------- d-----w- c:\documents and settings\Cam\Local Settings\Application Data\roxio
2010-04-29 14:22 . 2009-09-09 08:43 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-04-29 04:25 . 2010-04-29 04:25 -------- d-----w- c:\documents and settings\All Users\sonic
2010-04-29 04:14 . 2010-04-29 04:26 -------- d-----w- c:\documents and settings\Cam\Application Data\Sonic
2010-04-28 04:36 . 2010-05-02 05:40 -------- d-----w- c:\documents and settings\Cam\Application Data\Roxio
2010-04-28 04:32 . 2010-04-28 04:32 -------- d-----w- c:\documents and settings\Cam\Application Data\Macrovision
2010-04-28 04:32 . 2010-04-28 04:32 -------- d-----w- c:\documents and settings\Cam\Local Settings\Application Data\Sonic_Solutions
2010-04-28 04:02 . 2010-04-28 04:02 -------- d-----w- c:\documents and settings\Cam\Application Data\LightZone
2010-04-28 03:54 . 2010-04-28 03:55 -------- d-----w- c:\program files\LightZone 3
2010-04-28 03:22 . 2010-04-28 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2010-04-28 03:19 . 2009-06-01 15:00 25584 ------w- c:\windows\system32\drivers\SaibVd32.sys
2010-04-28 03:19 . 2009-06-01 15:00 21488 ------w- c:\windows\system32\drivers\SahdIa32.sys
2010-04-28 03:19 . 2009-06-01 15:00 15856 ------w- c:\windows\system32\drivers\SaibIa32.sys
2010-04-28 03:17 . 2010-04-28 03:17 -------- d-----w- c:\documents and settings\Cam\Application Data\Simple Star
2010-04-28 03:17 . 2010-04-28 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoShow Shared Assets
2010-04-28 03:17 . 2010-04-28 03:18 -------- d-----w- c:\program files\Roxio
2010-04-28 03:15 . 2010-05-02 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2010-04-28 03:15 . 2010-04-28 03:53 -------- d-----w- c:\program files\SmartSound Software
2010-04-28 03:14 . 2010-05-19 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-04-28 03:08 . 2010-04-28 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-04-28 03:08 . 2010-04-28 03:17 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-28 03:08 . 2010-04-28 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2010-04-28 03:07 . 2010-04-28 03:11 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-28 03:03 . 2010-04-28 03:03 -------- d-----w- c:\program files\MSXML 6.0
2010-04-28 02:46 . 2010-04-28 03:52 -------- d-----w- c:\documents and settings\Cam\Application Data\Roxio Log Files
2010-04-23 01:47 . 2010-04-23 01:48 -------- d-----w- c:\documents and settings\Cam\www

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 02:40 . 2010-03-24 02:23 -------- d-----w- c:\program files\RemoteX
2010-05-22 00:45 . 2009-12-29 08:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-21 08:56 . 2009-02-05 02:16 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-05-20 08:23 . 2009-08-11 11:41 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-20 08:21 . 2009-08-08 05:04 -------- d-----w- c:\program files\SysMetrix
2010-05-20 04:10 . 2009-02-05 05:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-20 04:09 . 2009-10-15 08:19 -------- d-----w- c:\documents and settings\Cam\Application Data\DMCache
2010-05-18 23:27 . 2009-01-20 03:28 16608 ----a-w- c:\windows\gdrv.sys
2010-05-15 13:54 . 2009-01-29 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2010-05-15 13:33 . 2009-01-29 08:37 -------- d-----w- c:\program files\Ubisoft
2010-05-15 13:33 . 2009-01-20 03:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-30 04:57 . 2010-04-30 04:57 214448 ----a-w- c:\documents and settings\Cam\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-04-30 04:57 . 2009-10-15 08:19 -------- d-----w- c:\documents and settings\Cam\Application Data\IDM
2010-04-30 04:43 . 2009-08-17 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-04-30 03:22 . 2009-08-17 06:46 -------- d-----w- c:\documents and settings\Cam\Application Data\VMware
2010-04-30 02:42 . 2009-12-27 03:38 -------- d-----w- c:\program files\VSO
2010-04-30 02:42 . 2009-12-27 03:38 -------- d-----w- c:\documents and settings\Cam\Application Data\Vso
2010-04-30 02:42 . 2009-12-27 03:38 47360 ----a-w- c:\documents and settings\Cam\Application Data\pcouffin.sys
2010-04-30 02:42 . 2009-12-27 03:38 47360 ----a-w- c:\documents and settings\Cam\Application Data\pcouffin.sys
2010-04-29 05:39 . 2009-12-29 08:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 05:39 . 2009-12-29 08:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 04:33 . 2009-01-20 03:46 41584 ----a-w- c:\documents and settings\Cam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-28 03:56 . 2009-08-04 21:38 -------- d-----w- c:\program files\Common Files\eSellerate
2010-04-28 03:03 . 2010-04-28 03:03 10134 ----a-r- c:\documents and settings\Cam\Application Data\Microsoft\Installer\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}\ARPPRODUCTICON.exe
2010-04-26 12:16 . 2010-04-10 04:37 -------- d-----w- c:\program files\ScummVM
2010-04-26 12:16 . 2010-01-25 01:10 -------- d-----w- c:\program files\AviSynth 2.5
2010-04-24 10:31 . 2010-03-01 08:18 -------- d-----w- c:\documents and settings\Cam\Application Data\Skype
2010-04-24 06:09 . 2010-03-01 08:18 -------- d-----w- c:\documents and settings\Cam\Application Data\skypePM
2010-04-17 06:11 . 2010-04-17 06:11 -------- d-----w- c:\program files\Telltale Games
2010-04-17 04:36 . 2010-04-16 08:33 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-04-16 08:33 . 2010-04-16 08:33 -------- d-----w- c:\program files\DVD Shrink
2010-04-11 03:46 . 2010-04-11 03:46 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-11 03:45 . 2010-04-10 10:35 -------- d-----w- c:\program files\ASUS
2010-04-10 04:38 . 2010-04-10 04:38 -------- d-----w- c:\documents and settings\Cam\Application Data\ScummVM
2010-03-30 02:00 . 2009-05-24 02:44 -------- d-----w- c:\program files\Electronic Arts
2010-03-29 02:30 . 2010-03-29 01:35 -------- d-----w- c:\documents and settings\Cam\Application Data\Spore
2010-03-01 08:18 . 2010-03-01 08:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2009-07-16 163144]
"RGSC"="c:\games\Grand Theft Auto IV\RGSC\RGSCLauncher.exe" [2008-12-04 306088]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2004-06-25 147456]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"JFSW2Launch"="c:\documents and settings\Cam\Application Data\Transcend\JFSW2\JFSW2Launch.exe" [2009-06-05 176128]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-04-22 243072]
"EVEREST AutoStart"="c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe" [2009-05-24 2389600]
"Download Master"="c:\program files\ASUS\RT-N13U Wireless Router Utilities\Download.exe" [2009-12-25 8694784]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource\Go\CTCMSGo.exe" [2003-08-12 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2006-02-25 2637824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"SbUsb AudCtrl"="sbusbdll.dll" [2004-07-09 119296]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"RemoteX"="c:\program files\RemoteX\RemoteX.exe" [2010-03-22 212480]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-16 13877248]
"Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2009-07-15 692340]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"D-Link D-Link Wireless G DWA-110"="c:\program files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2007-05-03 1662976]
"CTSysVol"="c:\program files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CPMonitor"="e:\roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2009-09-01 1790464]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-02-28 1655552]
"BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]

c:\documents and settings\Cam\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-8-3 3581680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ANYCOM\Blue USB-200-250\BTTray.exe [2006-1-5 618557]
UltraMon.lnk - c:\windows\Installer\{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}\IcoUltraMon.ico [2010-5-13 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GEST Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"SeaPort"=2 (0x2)
"IDriverT"=3 (0x3)
"AbyssWebServer"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"UpdReg"=c:\windows\UpdReg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Cyanide\\Blood Bowl\\BB.exe"=
"c:\\Program Files\\Cyanide\\Blood Bowl\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"e:\\Games\\Red Faction Guerrilla\\rfg.exe"=
"e:\\Games\\Wolfenstein\\MP\\Wolf2MP.exe"=
"e:\\Games\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"e:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"e:\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"e:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"e:\\Games\\Wheelman\\Binaries\\WheelmanGame-Final.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Games\\Mass Effect\\Binaries\\MassEffect.exe"=
"e:\\Games\\Mass Effect\\MassEffectLauncher.exe"=
"e:\\Games\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"e:\\Games\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\RemoteX\\remotex.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Games\\Tom Clancy's Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
"e:\\Games\\Tom Clancy's Splinter Cell Conviction\\src\\system\\gu.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"6002:TCP"= 6002:TCP:rivermote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [4/28/2010 1:19 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [4/28/2010 1:19 PM 15856]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [8/9/2009 11:50 PM 95592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/9/2009 11:50 PM 691696]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/13/2010 8:43 AM 114768]
S1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [5/15/2010 3:45 PM 244608]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2/5/2009 12:17 PM 87056]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2/5/2009 12:17 PM 24208]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [4/28/2010 1:19 PM 25584]
S1 SASDIFSV;SASDIFSV;\??\g:\repairkit\Virus Removal\SuperAntiSpyware\SASDIFSV.SYS --> g:\repairkit\Virus Removal\SuperAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\g:\repairkit\Virus Removal\SuperAntiSpyware\SASKUTIL.sys --> g:\repairkit\Virus Removal\SuperAntiSpyware\SASKUTIL.sys [?]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 7:05 PM 457200]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/13/2010 8:43 AM 20560]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 8:33 AM 219632]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [9/14/2008 5:32 PM 10496]
S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [8/19/2009 9:31 PM 1589704]
S3 CSRBC01;CSRBC01.Sys CSR test driver;c:\windows\system32\drivers\csrbc01.sys [4/8/2004 1:10 PM 83124]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [11/8/2009 7:24 PM 25832]
S3 maximir;maximir;c:\windows\system32\DRIVERS\maximir.sys --> c:\windows\system32\DRIVERS\maximir.sys [?]
S3 maxivista;Maxi_Vista_DriverA;c:\windows\system32\DRIVERS\maxivista.sys --> c:\windows\system32\DRIVERS\maxivista.sys [?]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 8:33 AM 1116656]
S3 SASENUM;SASENUM;\??\g:\repairkit\Virus Removal\SuperAntiSpyware\SASENUM.SYS --> g:\repairkit\Virus Removal\SuperAntiSpyware\SASENUM.SYS [?]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [7/23/2009 12:40 PM 1643648]
S4 AbyssWebServer;Abyss Web Server;c:\program files\Abyss Web Server\abyssws.exe --service --> c:\program files\Abyss Web Server\abyssws.exe --service [?]
S4 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [1/20/2009 1:30 PM 80392]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-05-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 00:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download All by ASUS Download - c:\program files\ASUS\RT-N13U Wireless Router Utilities\ASDownloadAll.htm
IE: Download all links with IDM - e:\idm\IEGetAll.htm
IE: Download FLV video content with IDM - e:\idm\IEGetVL.htm
IE: Download using ASUS Download - c:\program files\ASUS\RT-N13U Wireless Router Utilities\ASDownload.htm
IE: Download with IDM - e:\idm\IEExt.htm
IE: Send to &Bluetooth Device... - c:\program files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SUPERAntiSpyware - g:\repairkit\Virus Removal\SuperAntiSpyware\SUPERAntiSpyware.exe
AddRemove-FlatOut Ultimate Carnage - d:\games\FlatOut Ultimate Carnage\Uninstall.exe
AddRemove-HijackThis - g:\repairkit\Virus Removal\HijackThis.exe
AddRemove-CursorFX Plus - c:\documents and settings\Cam\Local Settings\Application Data\{86309521-B982-4930-BEE5-E248EAAA84A7}\CursorFX_setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-22 13:24
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1275210071-842925246-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2d,14,d0,27,b3,62,23,e3,e4,73,89,b7,69,3f,a2,b2,fc,6b,7b,2d,c5,4a,72,
ff,65,ff,6b,ca,14,79,2e,41,3a,a9,87,5d,1f,6e,8a,4c,9a,ac,2b,5a,26,d9,a5,f3,\
"??"=hex:ca,29,b6,46,5d,70,23,77,a3,51,a2,cd,66,02,e5,46

[HKEY_USERS\S-1-5-21-1275210071-842925246-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:60,89,2c,72,d6,3d,1c,f5,d4,72,51,3d,d0,50,de,18,11,0b,4c,d2,d9,
5d,2d,59,4e,1e,8f,a7,ee,04,ef,8a,2d,38,b5,58,2d,4a,80,56,1b,5d,37,0c,36,cb,\
"rkeysecu"=hex:7d,e1,e9,26,9c,23,84,6f,b5,40,35,89,26,ef,63,8a

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{36ab70aa-70b7-4f4d-bd9d-fca9866e47fa}]
@Denied: (Full) (Everyone)
"Model"=dword:00000078
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8f,49,d9,66,23,63,43,e1,79,00,e3,99,66,c6,3a,66,28,f6,16,9a,fd,
2e,64,1c,a2,52,ed,1d,2e,a7,48,9c,5d,68,c1,b9,0e,a4,de,6d,00,00,00,00,00,00,\
.
Completion time: 2010-05-22 13:29:33
ComboFix-quarantined-files.txt 2010-05-22 03:29

Pre-Run: 13,291,057,152 bytes free
Post-Run: 20,339,535,872 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 37885C6E7E78DC6D2562210A95C4C4F0

In Normal mode it is still doing the same thing. Half the items on startup don't open. If i open my computer it has the search icon and just sits. I can open my documents and then change it to c:\ then any folder within it and it opens.
 
yes if it is possible- my problem has slightly changed. My pc will boot like before but I can access my computer without it just searching. However know all services have stopped and under my device manager their is nothing listed. If it might be fixable that would be great but im thinking it will have to be reformat now. I have posted under operating systems about that.
 
You must log in or register to reply here.
Back
Top