programs close for no reason. :S :( Need help!

[nomputer coob]

i scanned my computer for any malware these were the results.

malwarebytes-
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/29/2010 1:52:33 AM
mbam-log-2010-07-29 (01-52-33).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 190406
Time elapsed: 1 hour(s), 11 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[nomputer coob]

SuperAntiSpyware-

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/29/2010 at 10:53 AM

Application Version : 4.41.1000

Core Rules Database Version : 5283
Trace Rules Database Version: 3095

Scan type       : Complete Scan
Total Scan Time : 01:22:13

Memory items scanned      : 506
Memory threats detected   : 0
Registry items scanned    : 6820
Registry threats detected : 23
File items scanned        : 60059
File threats detected     : 2

Adware.HBHelper
   HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
   HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
   HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
   HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
   HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
   HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
   HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
   HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
   HKCR\URLSearchHook.ToolbarURLSearchHook.1
   HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID
   HKCR\URLSearchHook.ToolbarURLSearchHook
   HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID
   HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
   HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
   HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
   HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
   HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
   HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
   F:\SPEEDBIT VIDEO DOWNLOADER\TOOLBAR\TBHELPER.DLL

Browser Hijacker.Deskbar
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Adware.MyWebSearch/FunWebProducts
   C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\DOWNLOADS\ZWINKY.EXE

[nomputer coob]

HiJackThis-

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:04:14 AM, on 7/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=3274
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - F:\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - F:\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: Ask && Record Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - F:\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [lightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254561593000
O17 - HKLM\System\CCS\Services\Tcpip\..\{6571282B-F1BC-4B72-8E00-7178E9D8D3EB}: NameServer = 192.168.202.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7AFF422-238A-409F-946F-02FB324F93EF}: NameServer = 172.19.10.25 203.115.24.221
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://www.erotiqlinks.com/tgp/models/sonia-red/03.jpg
O24 - Desktop Component 1: (no name) - http://www.erotiqlinks.com/tgp/models/sonia-red/02.jpg
O24 - Desktop Component 2: (no name) - http://www.erotiqlinks.com/tgp/models/sonia-red/01.jpg

--
End of file - 10021 bytes

[Dr Jay]

Hello, and welcome to Computer Hope.

Please note the following information about the malware forum:

• Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not attach logs or post them in Quote/Code boxes unless requested.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

[nomputer coob]

yes, i understand.
so can you help me?

[nomputer coob]

ComboFix 10-07-28.01 - user 07/29/2010  12:32:23.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.895.229 [GMT 5.5:30]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\install.exe

c:\windows\system32\drivers\ntfs.sys . . . is infected!!

.
(((((((((((((((((((((((((   Files Created from 2010-06-28 to 2010-07-29  )))))))))))))))))))))))))))))))
.

2010-07-29 05:32 . 2010-07-29 05:32   388096   ----a-r-   c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-29 05:32 . 2010-07-29 05:32   --------   d-----w-   c:\program files\Trend Micro
2010-07-29 03:56 . 2010-07-29 03:56   63488   ----a-w-   c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-29 03:56 . 2010-07-29 03:56   52224   ----a-w-   c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-29 03:56 . 2010-07-29 03:56   117760   ----a-w-   c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-29 03:56 . 2010-07-29 03:56   --------   d-----w-   c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2010-07-29 03:56 . 2010-07-29 03:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-29 03:55 . 2010-07-29 03:56   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-07-28 19:12 . 2010-07-28 19:12   --------   d-----w-   c:\program files\Common Files\Java
2010-07-26 13:31 . 2010-07-26 13:31   --------   d-----w-   c:\program files\Common Files\Skype
2010-07-06 17:38 . 2010-07-06 17:38   0   ----a-w-   c:\windows\nsreg.dat
2010-07-06 15:46 . 2010-07-06 15:46   503808   ----a-w-   c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-28e5daf6-n\msvcp71.dll
2010-07-06 15:46 . 2010-07-06 15:46   499712   ----a-w-   c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-28e5daf6-n\jmc.dll
2010-07-06 15:46 . 2010-07-06 15:46   348160   ----a-w-   c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-28e5daf6-n\msvcr71.dll
2010-07-06 15:46 . 2010-07-06 15:46   61440   ----a-w-   c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f78f94e-n\decora-sse.dll
2010-07-06 15:46 . 2010-07-06 15:46   12800   ----a-w-   c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f78f94e-n\decora-d3d.dll
2010-07-05 10:39 . 2010-05-06 10:41   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll
2010-07-02 14:33 . 2010-07-02 14:33   129552   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll
2010-07-02 14:33 . 2010-07-02 14:33   129624   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 05:26 . 2009-12-05 02:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-07-28 19:11 . 2010-05-02 04:37   --------   d-----w-   c:\program files\Java
2010-07-28 19:08 . 2009-10-31 03:16   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-07-27 17:50 . 2009-11-08 17:44   --------   d-----w-   c:\documents and settings\user\Application Data\Skype
2010-07-27 16:38 . 2009-11-08 17:46   --------   d-----w-   c:\documents and settings\user\Application Data\skypePM
2010-07-27 16:36 . 2010-04-05 14:34   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-07-23 08:55 . 2009-11-24 15:35   --------   d-----w-   c:\documents and settings\user\Application Data\BitTorrent
2010-07-23 07:23 . 2009-09-19 08:18   70516   ---ha-w-   c:\windows\system32\mlfcache.dat
2010-07-21 10:20 . 2009-02-13 06:58   87736   ----a-w-   c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-16 23:30 . 2010-05-02 04:38   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-07-04 15:26 . 2010-05-23 05:13   --------   d-----w-   c:\program files\JetAudio
2010-06-14 14:31 . 2009-02-13 06:49   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-06 10:41 . 2008-04-14 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-05-05 09:55 . 2009-12-05 02:43   97549   ----a-w-   c:\windows\system32\drivers\klick.dat
2010-05-05 09:55 . 2009-12-05 02:43   113933   ----a-w-   c:\windows\system32\drivers\klin.dat
2010-05-02 05:22 . 2008-04-14 12:00   1851264   ----a-w-   c:\windows\system32\win32k.sys
2009-12-05 03:08 . 2009-12-05 03:08   604140   --sha-w-   c:\windows\system32\drivers\ISwift3.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-04 12:34   1144712   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-18 16855040]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-07-20 450649]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13545472]
"nwiz"="nwiz.exe" [2008-09-19 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-02 87336]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"Ask and Record FLV Service"="c:\program files\Ask & Record Toolbar\FLVSrvc.exe" [2009-03-10 156672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
"f:\\Torrrent\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2030:TCP"= 2030:TCP:ponvcj

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:55 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 12:11 AM 67656]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2/13/2009 12:43 PM 41376]
S2 lpjsyzst;vvkbua;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 5:30 PM 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\LOCALS~1\Temp\NKY343.tmp --> c:\docume~1\user\LOCALS~1\Temp\NKY343.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
lpjsyzst

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 12:26   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]

2010-07-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-06-04 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.lk/
TCP: {6571282B-F1BC-4B72-8E00-7178E9D8D3EB} = 192.168.202.2
TCP: {E7AFF422-238A-409F-946F-02FB324F93EF} = 172.19.10.25 203.115.24.221
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5k8ztsv0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.lk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
AddRemove-CS - c:\program files\CS\cs.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 12:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\user\LOCALS~1\Temp\NKY343.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lpjsyzst]
"ServiceDll"="c:\windows\system32\thspqdv.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-813497703-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1080)
c:\windows\system32\WININET.dll
c:\documents and settings\user\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\acs.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-07-29  12:42:31 - machine was rebooted
ComboFix-quarantined-files.txt  2010-07-29 07:12

Pre-Run: 24,550,973,440 bytes free
Post-Run: 24,465,051,648 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 15E16502CF73B10035CE15B2E691EC4B

[nomputer coob]

hey, i"m really sorry for the late reply.
i thought the last bit was kind of a signature. ( I'm a retard ) and disregard the message i sent after you replied.
and i hope i did the thing right. :S
And the problems gone.
THANKS, YOU ROCK
but i would still like to know if i have any more malware?
Thanks a lottttttttttttttttttttttttttttttttttt!!!!

[Dr Jay]

Yes there are still files infected. We are not done yet.

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

Code: [Select]

killall::

TDL::
c:\windows\system32\drivers\ntfs.sys

Reboot::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

[nomputer coob]

ComboFix 10-07-29.01 - user 07/30/2010  10:59:57.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.895.335 [GMT 5.5:30]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((   Files Created from 2010-06-28 to 2010-07-30  )))))))))))))))))))))))))))))))
.

2010-07-30 05:21 . 2010-07-30 05:29   --------   d-----w-   c:\documents and settings\user\Local Settings\Application Data\PMB Files
2010-07-30 05:21 . 2010-07-30 05:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\PMB Files
2010-07-30 04:41 . 2010-07-30 04:41   95744   ----a-w-   c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-07-30 04:27 . 2010-07-30 04:27   --------   d-----w-   c:\program files\Pando Networks
2010-07-30 02:38 . 2010-07-30 02:38   --------   d-----w-   c:\program files\Microsoft
2010-07-30 02:38 . 2010-07-30 02:38   --------   d-----w-   c:\program files\Windows Live SkyDrive
2010-07-30 02:19 . 2009-08-06 13:53   274288   ----a-w-   c:\windows\system32\mucltui.dll
2010-07-29 05:32 . 2010-07-29 05:32   388096   ----a-r-   c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-29 05:32 . 2010-07-29 05:32   --------   d-----w-   c:\program files\Trend Micro
2010-07-29 03:56 . 2010-07-29 03:56   63488   ----a-w-   c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-29 03:56 . 2010-07-29 03:56   52224   ----a-w-   c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-29 03:56 . 2010-07-29 03:56   117760   ----a-w-   c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-29 03:56 . 2010-07-29 03:56   --------   d-----w-   c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2010-07-29 03:56 . 2010-07-29 03:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-29 03:55 . 2010-07-29 03:56   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-07-28 19:12 . 2010-07-28 19:12   --------   d-----w-   c:\program files\Common Files\Java
2010-07-26 13:31 . 2010-07-26 13:31   --------   d-----w-   c:\program files\Common Files\Skype
2010-07-06 17:38 . 2010-07-06 17:38   0   ----a-w-   c:\windows\nsreg.dat
2010-07-06 15:46 . 2010-07-06 15:46   503808   ----a-w-   c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-28e5daf6-n\msvcp71.dll
2010-07-06 15:46 . 2010-07-06 15:46   499712   ----a-w-   c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-28e5daf6-n\jmc.dll
2010-07-06 15:46 . 2010-07-06 15:46   348160   ----a-w-   c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-28e5daf6-n\msvcr71.dll
2010-07-06 15:46 . 2010-07-06 15:46   61440   ----a-w-   c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f78f94e-n\decora-sse.dll
2010-07-06 15:46 . 2010-07-06 15:46   12800   ----a-w-   c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f78f94e-n\decora-d3d.dll
2010-07-05 10:39 . 2010-05-06 10:41   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll
2010-07-02 14:33 . 2010-07-02 14:33   129552   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll
2010-07-02 14:33 . 2010-07-02 14:33   129624   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 05:23 . 2009-12-15 09:15   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-07-30 04:52 . 2009-12-05 02:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-07-30 04:15 . 2009-12-15 09:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\SpeedBit
2010-07-30 03:45 . 2009-02-13 05:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-30 02:38 . 2009-09-19 08:52   --------   d-----w-   c:\program files\Windows Live
2010-07-30 02:25 . 2009-12-05 02:43   113933   ----a-w-   c:\windows\system32\drivers\klin.dat
2010-07-30 02:25 . 2009-12-05 02:43   97549   ----a-w-   c:\windows\system32\drivers\klick.dat
2010-07-30 02:01 . 2009-11-08 17:44   --------   d-----w-   c:\documents and settings\user\Application Data\Skype
2010-07-30 01:10 . 2009-11-08 17:46   --------   d-----w-   c:\documents and settings\user\Application Data\skypePM
2010-07-28 19:11 . 2010-05-02 04:37   --------   d-----w-   c:\program files\Java
2010-07-28 19:08 . 2009-10-31 03:16   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-07-27 16:36 . 2010-04-05 14:34   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-07-23 08:55 . 2009-11-24 15:35   --------   d-----w-   c:\documents and settings\user\Application Data\BitTorrent
2010-07-23 07:23 . 2009-09-19 08:18   70516   ---ha-w-   c:\windows\system32\mlfcache.dat
2010-07-21 10:20 . 2009-02-13 06:58   87736   ----a-w-   c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-16 23:30 . 2010-05-02 04:38   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-07-04 15:26 . 2010-05-23 05:13   --------   d-----w-   c:\program files\JetAudio
2010-06-14 14:31 . 2009-02-13 06:49   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-06 10:41 . 2008-04-14 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 12:00   1851264   ----a-w-   c:\windows\system32\win32k.sys
2009-12-05 03:08 . 2009-12-05 03:08   604140   --sha-w-   c:\windows\system32\drivers\ISwift3.dat
.

(((((((((((((((((((((((((((((   SnapShot@2010-07-29_07.09.45   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-30 05:35 . 2010-07-30 05:35   16384              c:\windows\temp\Perflib_Perfdata_6e0.dat
+ 2010-04-16 16:42 . 2010-04-16 16:42   48464              c:\windows\system32\sirenacm.dll
+ 2008-04-14 12:00 . 2010-07-30 04:57   68558              c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2010-07-29 05:31   68558              c:\windows\system32\perfc009.dat
+ 2010-07-30 02:38 . 2010-07-30 02:38   27136              c:\windows\Installer\42e37c5.msi
+ 2010-07-30 02:37 . 2010-07-30 02:37   83456              c:\windows\Installer\42e37a5.msi
+ 2010-07-30 02:37 . 2010-07-30 02:37   58880              c:\windows\Installer\42e379d.msi
+ 2010-07-30 02:38 . 2010-07-30 02:38   61272              c:\windows\Installer\{E6158D07-2637-4ECF-B576-37C489669174}\IconWlc.exe
+ 2010-07-30 02:39 . 2010-07-30 02:39   80395              c:\windows\Installer\{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}\MsblIco.Exe
- 2009-02-13 05:26 . 2009-02-13 05:26   35088              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-13 05:26 . 2010-07-30 03:45   35088              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-13 05:26 . 2010-07-30 03:45   18704              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-02-13 05:26 . 2009-02-13 05:26   18704              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-13 05:26 . 2010-07-30 03:45   20240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-02-13 05:26 . 2009-02-13 05:26   20240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-14 12:00 . 2010-07-29 05:31   435828              c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2010-07-30 04:57   435828              c:\windows\system32\perfh009.dat
+ 2009-08-06 13:53 . 2009-08-06 13:53   215904              c:\windows\system32\muweb.dll
+ 2010-07-30 03:44 . 2010-07-30 03:44   195584              c:\windows\Installer\46abb05.msi
+ 2010-07-30 03:43 . 2010-07-30 03:43   248832              c:\windows\Installer\46abae2.msi
+ 2010-07-30 02:39 . 2010-07-30 02:39   429056              c:\windows\Installer\42e37d7.msi
+ 2010-07-30 02:38 . 2010-07-30 02:38   155648              c:\windows\Installer\42e37cd.msi
+ 2010-07-30 02:38 . 2010-07-30 02:38   140288              c:\windows\Installer\42e37bd.msi
+ 2010-07-30 02:38 . 2010-07-30 02:38   202752              c:\windows\Installer\42e37b5.msi
+ 2010-07-30 02:38 . 2010-07-30 02:38   149504              c:\windows\Installer\42e37ad.msi
+ 2010-07-30 02:37 . 2010-07-30 02:37   107008              c:\windows\Installer\42e3795.msi
+ 2010-07-30 02:37 . 2010-07-30 02:37   301056              c:\windows\Installer\42e378d.msi
- 2009-02-13 05:26 . 2009-02-13 05:26   888080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-13 05:26 . 2010-07-30 03:45   888080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-02-13 05:26 . 2009-02-13 05:26   272648              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-13 05:26 . 2010-07-30 03:45   272648              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-02-13 05:26 . 2009-02-13 05:26   922384              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-13 05:26 . 2010-07-30 03:45   922384              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-13 05:25 . 2010-07-30 03:45   845584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-02-13 05:25 . 2009-02-13 05:25   845584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-13 05:26 . 2010-07-30 03:45   217864              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-02-13 05:26 . 2009-02-13 05:26   217864              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-13 05:25 . 2010-07-30 03:45   184080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-02-13 05:25 . 2009-02-13 05:25   184080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-02-13 05:25 . 2009-02-13 05:25   159504              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-13 05:25 . 2010-07-30 03:45   159504              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-25 13:38 . 2009-02-25 13:38   8311808              c:\windows\Installer\46abb1c.msp
+ 2010-06-11 05:33 . 2010-06-11 05:33   5021184              c:\windows\Installer\46abafa.msp
- 2009-02-13 05:25 . 2009-02-13 05:25   1172240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-13 05:25 . 2010-07-30 03:45   1172240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-02-13 05:25 . 2009-02-13 05:25   1165584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-13 05:25 . 2010-07-30 03:45   1165584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-09-15 10:55 . 2006-09-15 10:55   3611416              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2008-09-24 06:35 . 2008-09-24 06:35   16381440              c:\windows\Installer\46abb4e.msp
+ 2008-08-11 06:19 . 2008-08-11 06:19   22457344              c:\windows\Installer\46abb35.msp
+ 2006-10-27 09:56 . 2006-10-27 09:56   16870712              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-04 12:34   1144712   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-18 16855040]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-07-20 450649]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13545472]
"nwiz"="nwiz.exe" [2008-09-19 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-02 87336]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"Ask and Record FLV Service"="c:\program files\Ask & Record Toolbar\FLVSrvc.exe" [2009-03-10 156672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
"f:\\Torrrent\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2030:TCP"= 2030:TCP:ponvcj
"58306:TCP"= 58306:TCP:Pando Media Booster
"58306:UDP"= 58306:UDP:Pando Media Booster

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:55 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 12:11 AM 67656]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2/13/2009 12:43 PM 41376]
S2 lpjsyzst;vvkbua;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 5:30 PM 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\LOCALS~1\Temp\LMT14F.tmp --> c:\docume~1\user\LOCALS~1\Temp\LMT14F.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
lpjsyzst

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 12:26   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]

2010-07-30 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-06-04 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.lk/
IE: &Clean Traces - f:\dap\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - f:\dap\dapextie.htm
IE: Download &all with DAP - f:\dap\dapextie2.htm
TCP: {6571282B-F1BC-4B72-8E00-7178E9D8D3EB} = 192.168.202.2
TCP: {E7AFF422-238A-409F-946F-02FB324F93EF} = 172.19.10.25 203.115.24.221
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5k8ztsv0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.lk/
FF - prefs.js: network.proxy.type - 0
FF - component: f:\dap\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 11:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\user\LOCALS~1\Temp\LMT14F.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lpjsyzst]
"ServiceDll"="c:\windows\system32\thspqdv.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-813497703-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3720)
c:\windows\system32\WININET.dll
c:\documents and settings\user\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\acs.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-07-30  11:10:23 - machine was rebooted
ComboFix-quarantined-files.txt  2010-07-30 05:40
ComboFix2.txt  2010-07-29 07:12

Pre-Run: 23,808,303,104 bytes free
Post-Run: 23,803,645,952 bytes free

- - End Of File - - 669A7A41BD6EA73AE549EFE82650D9C5

[nomputer coob]

k done.
and is it k if i install and uninstall programs?

[Dr Jay]

Hang on.

• Please go to VirSCAN.org FREE on-line scan service
  
• Browse for the following file path into  the  "Suspicious files to scan" box on the top of the page:
  
  • c:\windows\system32\drivers\ntfs.sys
• Click on the Upload button
  
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  
• Paste the contents of the Clipboard in your next reply.

[nomputer coob]

is kaspersky not enough as an anti virus program?
VirSCAN.org Scanned Report :
Scanned time   : 2010/07/31 14:09:18 (IST)
Scanner results: Scanners did not find malware!
File Name      : ntfs.sys
File Size      : 574976 byte
File Type      : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5            : 78a08dd6a8d65e697c18e1db01c5cdca
SHA1           : c40f3c1fcbd8a61ad5f36e16971feb64407bbc6 6
Online report  : http://virscan.org/report/39d098ac1956ca484e766690b20c820a.html

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      5.0.0.13        20100731081343    2010-07-31  40.09  -
AhnLab V3      2010.07.14.00   2010.07.14        2010-07-14  40.11  -
AntiVir        8.2.4.32        7.10.10.25        2010-07-30  0.27   -
Antiy          2.0.18          20100731.4890273  2010-07-31  0.12   -
Arcavir        2009            201006281601      2010-06-28  0.01   -
Authentium     5.1.1           201007302103      2010-07-30  2.56   -
AVAST!         4.7.4           100730-1          2010-07-30  0.04   -
AVG            8.5.793         271.1.1/3040      2010-07-31  0.26   -
BitDefender    7.90123.6195933 7.33107           2010-07-31  4.31   -
ClamAV         0.96.1          11464             2010-07-30  0.11   -
Comodo         4.0             5593              2010-07-30  40.09  -
CP Secure      1.3.0.5         2010.07.31        2010-07-31  0.13   -
Dr.Web         5.0.2.3300      2010.07.31        2010-07-31  9.34   -
F-Prot         4.4.4.56        20100730          2010-07-30  2.64   -
F-Secure       7.02.73807      2010.07.30.07     2010-07-30  0.16   -
Fortinet       4.1.143         12.198            2010-07-30  40.09  -
GData          21.598/21.223   20100731          2010-07-31  40.09  -
ViRobot        20100729        2010.07.29        2010-07-29  40.09  -
Ikarus         T3.1.01.84      2010.07.31.76375  2010-07-31  7.38   -
JiangMin       13.0.900        2010.07.30        2010-07-30  40.09  -
Kaspersky      5.5.10          2010.07.30        2010-07-30  0.09   -
KingSoft       2009.2.5.15     2010.7.30.18      2010-07-30  40.09  -
McAfee         5400.1158       6059              2010-07-30  18.05  -
Microsoft      1.6004          2010.07.30        2010-07-30  40.09  -
Norman         6.05.11         6.05.00           2010-07-30  6.01   -
Panda          9.05.01         2010.07.25        2010-07-25  40.09  -
Trend Micro    9.120-1004      7.352.03          2010-07-30  0.03   -
Quick Heal     11.00           2010.07.31        2010-07-31  40.09  -
Rising         20.0            22.58.05.01       2010-07-31  40.09  -
Sophos         3.10.0          4.56              2010-07-31  3.61   -
Sunbelt        3.9.2432.2      6666              2010-07-30  40.09  -
Symantec       1.3.0.24        20100730.002      2010-07-30  0.24   -
nProtect       20100728.02     8808013           2010-07-28  40.09  -
The Hacker     6.5.2.1         v00328            2010-07-29  40.09  -
VBA32          3.12.12.7       20100730.0843     2010-07-30  3.08   -
VirusBuster    4.5.11.10       10.127.34/2010884 2010-07-31  2.71   -

[nomputer coob]

nothing happens when i press the copy to clip board button.
but i hope what i did was enough?

[Dr Jay]

Should be fine.

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

[nomputer coob]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4387

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/4/2010 8:53:41 AM
mbam-log-2010-08-04 (08-53-41).txt

Scan type: Quick scan
Objects scanned: 128997
Time elapsed: 11 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)