Solved Please help remove virus and adobe flash crashes in every browser ran combo fix

littlebill · Feb 8, 2011

Hello all and thanks for stopping by to help me I'm experiencing some really strange things on my pc first it's periodically crashing to system memory dump and giving a error that something is wrong with my graphic card and sys RAM I have had no problems like this until I installed google chrome and deleted and reinstalled Adobe Flash and Shockwave Player also any browser I try to use crashes and restarts when trying to play video content in full screen mode I ran the COMBOFIX and it created a log will someone please assist I'm at a standstill here. THNKS. LittleBill

Bobbye · Feb 8, 2011

Welcome to TechSpot!

(Image courtesy animationplayhouse.com)

I'll try to help, but you're working backwards. If you look at the stickies abve this forum you will see:

1. Do NOT run Combofix without our guidance

2. If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Please Uninstall ComboFix and all Backups of the files it deleted

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

littlebill · Feb 8, 2011

thanks

ok I'm deleting the combofix per your instructions will reply when complete

littlebill · Feb 8, 2011

reply

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5709

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/8/2011 4:40:22 PM
mbam-log-2011-02-08 (16-40-22).txt

Scan type: Quick scan
Objects scanned: 147563
Time elapsed: 17 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-08 17:00:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.3.04
Running: ue98bu2f.exe; Driver: C:\DOCUME~1\TRAVIS\LOCALS~1\Temp\pxtdypod.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-12-12.02) - NTFSx86
Run by TRAVIS at 17:07:53.79 on Tue 02/08/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.545 [GMT -5:00]

AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\winguard\wgpro7.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\TRAVIS\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=;ftp=;https=;
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [cdloader] "c:\documents and settings\travis\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Uniblue SpyEraser] "c:\program files\uniblue\spyeraser\SpyEraser.exe" -m
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WinGuard Pro] c:\program files\winguard\wgpro7.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-system: DisableLockWorkstation = 1 (0x1)
uPolicies-system: DisableChangePassword = 1 (0x1)
mPolicies-explorer: RestrictRun = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-26 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-26 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110114.001\BHDrvx86.sys [2011-1-21 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-26 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-26 116784]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2010-3-23 5152]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-26 363344]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-10-26 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-2-3 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110207.001\IDSXpx86.sys [2011-2-7 341944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-26 20952]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110208.002\NAVENG.SYS [2011-2-8 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110208.002\NAVEX15.SYS [2011-2-8 1360760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-5 136176]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 AM10;Cisco AM10 Driver;c:\windows\system32\drivers\AM10XP.sys [2011-1-9 816672]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-9-27 27064]
S3 SnowBird_usb;NBCHIP USB;c:\windows\system32\drivers\SnowBird_usb.sys [2010-12-19 75717]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-08 10:28:09 89088 ----a-w- c:\windows\MBR.exe
2011-02-08 10:28:08 98816 ----a-w- c:\windows\sed.exe
2011-02-08 09:45:48 -------- d-----w- c:\docume~1\travis\applic~1\ElevatedDiagnostics
2011-02-08 08:20:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-08 08:20:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-07 01:09:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2011-02-07 01:06:12 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-02-07 01:06:04 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-02-07 01:06:04 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-02-07 01:04:44 9888672 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2011-02-07 01:04:44 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-07 01:04:34 6397824 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2011-02-07 01:04:34 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
2011-02-07 01:01:47 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-07 01:01:36 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-02-07 01:01:35 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-07 01:01:34 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-07 01:01:30 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-02-07 01:01:25 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-07 01:01:22 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-07 01:01:16 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-07 01:01:12 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-07 01:01:11 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-02-06 17:55:06 933888 ----a-w- c:\windows\system32\SmartTabs29.ocx
2011-02-06 17:55:06 221184 ----a-w- c:\windows\system32\rspencr330.ocx
2011-02-06 17:55:06 -------- d-----w- c:\program files\winguard
2011-02-06 08:18:44 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-02-06 08:18:43 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-02-06 08:18:42 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-02-06 08:18:40 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-06 08:18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-06 08:18:39 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-06 08:18:25 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-02-06 04:12:40 -------- d-----w- c:\docume~1\travis\locals~1\applic~1\Deployment
2011-02-06 04:00:46 -------- d-----w- c:\docume~1\travis\locals~1\applic~1\Google
2011-02-03 20:47:34 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-02-03 20:47:32 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-02-03 20:46:55 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-02-03 20:45:25 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-03 20:41:57 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-02-03 12:57:07 -------- d-----w- c:\program files\Uniblue
2011-02-03 09:55:53 -------- d-----w- C:\NVIDIA
2011-02-03 07:28:16 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2011-02-03 01:47:28 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-02-03 01:47:27 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-02-03 01:42:34 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-03 01:41:07 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-02-03 01:37:27 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-03 01:37:20 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-03 01:37:20 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-03 01:37:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-03 01:37:18 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-03 01:37:12 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-03 01:37:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-03 00:37:15 -------- d-----w- c:\windows\system32\Adobe
2011-02-02 23:51:13 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-02-02 23:51:13 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-02-02 23:50:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-02-02 23:49:59 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-02 23:47:08 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-02-02 23:47:07 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-02-02 23:47:07 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-02-02 23:47:06 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-02-02 23:47:05 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-02-02 23:47:05 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-02-02 23:47:03 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-02-02 23:47:03 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-02-02 23:47:02 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-02-02 23:46:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-02-02 23:46:55 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-02-02 23:46:50 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-02-02 23:46:08 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-02-02 23:46:02 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-02-02 18:54:17 -------- d-----w- c:\docume~1\travis\applic~1\Uniblue
2011-02-02 11:42:11 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2011-02-02 11:42:11 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2011-02-02 11:42:10 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2011-02-02 11:42:10 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2011-02-02 11:42:10 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2011-02-02 11:42:10 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2011-02-02 11:40:57 131584 -c--a-w- c:\windows\system32\dllcache\pmxviceo.dll
2011-02-02 11:40:57 11264 -c--a-w- c:\windows\system32\dllcache\pmxmcro.dll
2011-02-02 11:40:56 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
2011-02-02 11:40:56 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll
2011-02-02 11:40:56 6144 -c--a-w- c:\windows\system32\dllcache\pmxgl.dll
2011-02-02 11:40:53 53760 -c--a-w- c:\windows\system32\dllcache\pintlcsd.dll
2011-02-02 11:40:53 175104 -c--a-w- c:\windows\system32\dllcache\pintlcsa.dll
2011-02-02 11:40:51 15360 -c--a-w- c:\windows\system32\dllcache\padrs804.dll
2011-02-02 11:40:50 36927 -c--a-w- c:\windows\system32\dllcache\padrs411.dll
2011-02-02 11:40:50 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll
2011-02-02 11:40:50 14336 -c--a-w- c:\windows\system32\dllcache\padrs412.dll
2011-02-02 11:40:42 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-02-02 11:40:36 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2011-02-02 11:39:08 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-02-02 11:39:07 126976 -c--a-w- c:\windows\system32\dllcache\mshearts.exe
2011-02-02 11:39:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2011-02-02 11:39:00 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
2011-02-02 11:36:43 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2011-02-02 11:35:59 780885 -c--a-w- c:\windows\system32\dllcache\chkrres.dll
2011-02-02 11:34:58 -------- d-----w- c:\program files\msn gaming zone
2011-02-02 11:03:10 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-02-02 11:03:10 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-02-02 11:02:14 32768 ----a-w- c:\program files\internet explorer\connection wizard\icwdl.dll
2011-02-02 11:02:13 20480 ----a-w- c:\program files\internet explorer\connection wizard\inetwiz.exe
2011-02-02 11:02:12 86016 ----a-w- c:\program files\internet explorer\connection wizard\icwconn2.exe
2011-02-02 11:02:12 214528 ----a-w- c:\program files\internet explorer\connection wizard\icwconn1.exe
2011-02-02 10:14:34 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-02-02 10:14:34 13312 ----a-w- c:\windows\system32\irclass.dll
2011-02-02 10:14:32 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-02-02 10:14:32 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-01-27 07:00:08 -------- d-----w- c:\windows\UMStor
2011-01-27 06:59:49 161 ----a-w- c:\windows\DelToolbox.bat
2011-01-26 04:08:16 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-01-26 04:08:16 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-01-26 04:08:16 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-01-26 04:08:15 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-01-26 04:08:15 1645320 ----a-w- c:\windows\gdiplus.dll
2011-01-26 04:08:15 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-01-21 19:44:56 -------- d-----w- c:\docume~1\travis\locals~1\applic~1\SupportSoft
2011-01-21 19:44:09 -------- d-----w- c:\program files\common files\SupportSoft
2011-01-10 02:32:55 45056 ----a-w- c:\windows\system32\UTSCSI.EXE
2011-01-10 02:32:37 816672 ---ha-w- c:\windows\system32\drivers\AM10XP.sys

==================== Find3M ====================

2011-01-08 00:56:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-01-08 00:56:50 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-08 00:56:48 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-01-08 00:56:48 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-01-08 00:56:48 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-01-08 00:56:48 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 00:56:48 111208 ----a-w- c:\windows\system32\nvmctray.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

============= FINISH: 17:09:43.01 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/2/2011 6:42:46 AM
System Uptime: 2/8/2011 4:52:52 PM (1 hours ago)

Motherboard: Intel Corporation | | D845PESV
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | J2E1 | 2799/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 23.399 GiB free.
D: is CDROM ()
E: is Removable
G: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_30158086&REV_82\4&29817089&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_30158086&REV_82\4&29817089&0&40F0
Service: E100B

Class GUID: {FF646F80-8DEF-11D2-9449-00105A075F6B}
Description: pcouffin device for 32 bits systems
Device ID: ROOT\PCOUFFIN\0003
Manufacturer: VSO Software
Name: pcouffin device for 32 bits systems
PNP Device ID: ROOT\PCOUFFIN\0003
Service: pcouffin

Class GUID: {FF646F80-8DEF-11D2-9449-00105A075F6B}
Description: pcouffin device for 32 bits systems
Device ID: ROOT\PCOUFFIN\0004
Manufacturer: VSO Software
Name: pcouffin device for 32 bits systems
PNP Device ID: ROOT\PCOUFFIN\0004
Service: pcouffin

Class GUID: {FF646F80-8DEF-11D2-9449-00105A075F6B}
Description: pcouffin device for 32 bits systems
Device ID: ROOT\PCOUFFIN\0005
Manufacturer: VSO Software
Name: pcouffin device for 32 bits systems
PNP Device ID: ROOT\PCOUFFIN\0005
Service: pcouffin

Class GUID: {FF646F80-8DEF-11D2-9449-00105A075F6B}
Description: pcouffin device for 32 bits systems
Device ID: ROOT\PCOUFFIN\0006
Manufacturer: VSO Software
Name: pcouffin device for 32 bits systems
PNP Device ID: ROOT\PCOUFFIN\0006
Service: pcouffin

==== System Restore Points ===================

RP1: 2/2/2011 11:06:32 AM - System Checkpoint
RP2: 2/2/2011 6:25:40 PM - Software Distribution Service 3.0
RP3: 2/2/2011 6:58:34 PM - Software Distribution Service 3.0
RP4: 2/3/2011 12:08:33 AM - Software Distribution Service 3.0
RP5: 2/3/2011 12:31:43 AM - Software Distribution Service 3.0
RP6: 2/3/2011 2:37:36 AM - Software Distribution Service 3.0
RP7: 2/3/2011 3:57:21 AM - Software Distribution Service 3.0
RP8: 2/3/2011 3:56:19 PM - Software Distribution Service 3.0
RP9: 2/3/2011 5:20:11 PM - Software Distribution Service 3.0
RP10: 2/4/2011 6:07:20 PM - System Checkpoint
RP11: 2/4/2011 7:50:28 PM - Uniblue RegistryBooster
RP12: 2/6/2011 10:02:33 AM - System Checkpoint
RP13: 2/7/2011 10:47:24 AM - System Checkpoint
RP14: 2/8/2011 1:45:45 AM - Installed Java(TM) 6 Update 23
RP15: 2/8/2011 1:48:56 AM - Removed Java(TM) 6 Update 18
RP16: 2/8/2011 3:19:08 AM - Installed Java(TM) 6 Update 23

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
AvancePaint v5.0.0
BSPlayer
CCleaner
GEAR driver installer for x86 and x64
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel Application Accelerator
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
K-Lite Codec Pack 6.9.0 (Full)
Klever PumpKIN 2.7.2
magicJack
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual J# 2.0 Redistributable Package
MRU-Blaster v1.5 (Database 3/28/2004)
MSVCRT
MSXML 6 Service Pack 2 (KB973686)
Norton Security Suite
NVIDIA Control Panel 266.58
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
PeerBlock 1.1 (r518)
Revo Uninstaller Pro 2.5.1
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Segoe UI
SoundMAX
Spybot - Search & Destroy
Super Hide IP
System Requirements Lab
System Requirements Lab for Intel
Technitium MAC Address Changer v5.0
Uniblue PowerSuite
Uninstall Expert 3.0.1.2121
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Windows Internet Explorer 8 (KB976662)
VLC media player 0.9.4
Vuze
Vuze Remote Toolbar
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Toolbar
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinGuard Pro 2011, v7.6.0.3
WinRAR archiver
Xvid 1.2.2 final uninstall

==== Event Viewer Messages From Past Week ========

2/8/2011 4:10:02 PM, error: Service Control Manager [7034] - The SoundMAX Agent Service service terminated unexpectedly. It has done this 1 time(s).
2/8/2011 4:10:02 PM, error: Service Control Manager [7034] - The SNMP Service service terminated unexpectedly. It has done this 1 time(s).
2/8/2011 4:10:02 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2/3/2011 9:01:49 AM, error: Service Control Manager [7034] - The CLCV0 service terminated unexpectedly. It has done this 1 time(s).
2/3/2011 9:01:43 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
2/3/2011 9:01:42 AM, error: Service Control Manager [7034] - The Remote Procedure Call (RPC) Locator service terminated unexpectedly. It has done this 1 time(s).
2/3/2011 8:48:05 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
2/3/2011 8:48:05 AM, error: Service Control Manager [7023] - The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: A device attached to the system is not functioning.
2/3/2011 8:48:05 AM, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
2/3/2011 8:48:05 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the path specified.
2/3/2011 8:46:54 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
2/3/2011 8:16:40 AM, error: nv [14] - Unknown error on
2/3/2011 4:59:44 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file nv4_mini.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.5673.
2/3/2011 4:59:44 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file nv4_disp.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.5673.
2/3/2011 2:51:55 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB959426).
2/3/2011 2:51:02 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB960859).
2/3/2011 2:47:12 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB971657).
2/3/2011 2:46:37 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB960225).
2/3/2011 2:44:57 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB961501).
2/3/2011 2:44:19 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB974571).
2/3/2011 2:44:11 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB975560).
2/3/2011 2:43:52 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB973507).
2/3/2011 2:41:58 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows XP (KB967715).
2/3/2011 2:40:05 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB970238).
2/3/2011 2:39:43 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB979482).
2/3/2011 2:38:18 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows XP (KB968389).
2/3/2011 12:25:47 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/3/2011 12:25:47 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/3/2011 1:56:24 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
2/3/2011 1:49:05 AM, error: Service Control Manager [7028] - The Cfg Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
2/2/2011 7:15:05 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.
2/2/2011 7:03:43 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows XP (KB956802).
2/2/2011 6:21:47 PM, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared.

==== End Of File ===========================

Bobbye · Feb 9, 2011

Before sending you on to do additional scans, I'd like to mention the following:

1. You have numerous program installed to clean (especially the Registry), uninstall,:
CCleaner
Revo Uninstaller Pro 2.5.1
Uninstall; Expert: uninstall unneeded programs completely from your computer.
Uniblue RegistryBooster
Uniblue PowerSuite> $60:>This application is missing a lot of important features. It only has features for repairing the registry, optimizing your system and updating device drivers.
We don't recommend using a Registry Cleaner. The majority of users don't know how to evaluate Registry entries and if they should be removed. You have several programs all trying to do this.

1. You want to surf anonymously and have the following installed:
Technitium MAC Address Changer 5.0> allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver

PeerBlock lets you control who your computer "talks to" on the Internet. By selecting appropriate lists of "known bad", you can block communication with advertising or spyware oriented servers, computers monitoring your p2p activities,

Super Hide IP: > Let's you Surf anonymously by hiding your IP with a secure 128 Bit encrypted connection[/b]
I can't help but wonder of these programs 'bump' into each other, while trying to 'hide' you.
====================================
Did you set this up? Can you explain it to me please?
uInternet Settings,ProxyServer = http=;ftp=;https=;
====================================
There is a great amount of activity on 2/2, 2/3, 2/6, 2/7, 2/8. It looks like it was mostly codecs, video. Did your problem start after this? Were you trying to do a recovery or repair?

====================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the Active X control to install
Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
Click Scan
Wait for the scan to finish
Re-enable your Antivirus software.
A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

====================================
Please use the link for Combofix below and follow each step:
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe

Double click combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Query- Recovery Console image

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

Click to expand...
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
.Click on Yes, to continue scanning for malware
.If Combofix asks you to update the program, allow
.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
.Close any open browsers.
.Double click combofix.exe

& follow the prompts to run.
When the scan completes it will open a text window. Please paste that log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

littlebill · Feb 9, 2011

Programs Deleted Successfully

Did you set this up? Can you explain it to me please?
uInternet Settings,ProxyServer = http=;ftp=;https=;

No I didn't do this I have not a clue could it have come from a previous VMware setting it could be something he set up prior he was a programmer

There is a great amount of activity on 2/2, 2/3, 2/6, 2/7, 2/8. It looks like it was mostly codecs, video. Did your problem start after this? Were you trying to do a recovery or repair?

Uninstalled, multiple codec packages, Adobe reader, Macromedia flash & shockwave and some other unknown installer files from system32 multiple times through various methods to try and correct flash issue and svchost.exe error at startup also uninstalled All VSO products and reinstalled VSO ConvertxtoDVD3 if my memory serves me correctly I was also experiencing a pcoffin error at startup was saying pcoffin driver was missing even after running uninstaller it appears that problem was resolved by uninstalling pcoffin.sys through revo pro uninstaller thats the only explanation I can think of what was going on those dates.
No. the problem was present even before those dates started around 1/16.
Attempted to do a repair then updated system

LOGS

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=ddc1794039aaf5449b710f6b2e5a6a61
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-10 01:06:50
# local_time=2011-02-09 08:06:50 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3584 16777191 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=55908
# found=0
# cleaned=0
# scan_time=8339

ComboFix 11-02-09.02 - TRAVIS 02/09/2011 21:19:04.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.625 [GMT -5:00]
Running from: c:\documents and settings\TRAVIS\My Documents\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))
.

2011-02-09 22:43 . 2011-02-09 22:43 -------- d-----w- c:\program files\ESET
2011-02-08 09:45 . 2011-02-08 10:12 -------- d-----w- c:\documents and settings\TRAVIS\Application Data\ElevatedDiagnostics
2011-02-08 08:21 . 2011-02-08 08:21 -------- d-----w- c:\program files\Common Files\Java
2011-02-08 08:20 . 2011-02-08 08:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-08 08:20 . 2011-02-08 08:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-08 08:19 . 2011-02-08 08:19 -------- d-----w- c:\program files\Java
2011-02-07 01:09 . 2011-02-07 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-02-07 01:06 . 2011-02-07 01:06 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-02-07 01:06 . 2011-02-07 01:06 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-02-07 01:06 . 2011-02-07 01:06 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-02-07 01:04 . 2011-01-08 03:27 9888672 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2011-02-07 01:04 . 2011-01-08 03:27 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-07 01:04 . 2011-01-08 03:27 6397824 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2011-02-07 01:04 . 2011-01-08 03:27 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
2011-02-07 01:01 . 2011-01-08 03:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-07 01:01 . 2011-01-08 03:27 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-02-07 01:01 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-07 01:01 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-07 01:01 . 2011-01-08 03:27 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-02-07 01:01 . 2011-01-08 03:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-07 01:01 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-07 01:01 . 2011-01-08 03:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-07 01:01 . 2011-01-08 03:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-07 01:01 . 2011-01-08 03:27 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-02-07 01:01 . 2011-02-07 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-02-06 17:55 . 2011-02-06 17:58 -------- d-----w- c:\program files\winguard
2011-02-06 17:55 . 2006-10-07 21:31 221184 ----a-w- c:\windows\system32\rspencr330.ocx
2011-02-06 17:55 . 2006-02-13 06:22 933888 ----a-w- c:\windows\system32\SmartTabs29.ocx
2011-02-06 08:18 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-02-06 08:18 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-02-06 08:18 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-02-06 08:18 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-06 08:18 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-06 08:18 . 2011-01-28 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-06 08:18 . 2011-02-06 08:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-02-06 04:55 . 2011-02-06 04:55 -------- d-----w- c:\windows\system32\Macromed
2011-02-06 04:23 . 2011-02-06 04:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-02-06 04:12 . 2011-02-06 04:13 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\Deployment
2011-02-06 04:00 . 2011-02-06 04:53 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\Google
2011-02-06 04:00 . 2011-02-06 04:18 -------- d-----w- c:\program files\Google
2011-02-03 20:47 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-02-03 20:47 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-02-03 20:46 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-02-03 20:45 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-03 20:41 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-02-03 09:55 . 2011-02-03 09:55 -------- d-----w- C:\NVIDIA
2011-02-03 07:28 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2011-02-03 01:47 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-02-03 01:47 . 2009-07-31 15:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-02-03 01:42 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-03 01:41 . 2008-04-14 10:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-02-03 01:37 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-03 01:37 . 2010-12-20 23:59 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-03 01:37 . 2010-12-20 23:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-03 01:37 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-03 01:37 . 2010-12-20 23:59 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-03 01:37 . 2010-12-21 10:29 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-03 01:37 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-03 00:37 . 2011-02-07 12:17 -------- d-----w- c:\windows\system32\Adobe
2011-02-02 23:51 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-02-02 23:51 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-02-02 23:50 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-02-02 23:49 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-02 23:47 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-02-02 23:47 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-02-02 23:47 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-02-02 23:47 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-02-02 23:47 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-02-02 23:47 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-02-02 23:47 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-02-02 23:47 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-02-02 23:47 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-02-02 23:46 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-02-02 23:46 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-02-02 23:46 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-02-02 23:46 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-02-02 23:46 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-02-02 18:54 . 2011-02-09 22:15 -------- d-----w- c:\documents and settings\TRAVIS\Application Data\Uniblue
2011-02-02 11:42 . 2004-08-04 12:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2011-02-02 11:42 . 2004-08-04 12:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2011-02-02 11:42 . 2004-08-04 12:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2011-02-02 11:42 . 2004-08-04 12:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2011-02-02 11:42 . 2004-08-04 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2011-02-02 11:42 . 2004-08-04 12:00 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2011-02-02 11:40 . 2004-08-04 12:00 131584 -c--a-w- c:\windows\system32\dllcache\pmxviceo.dll
2011-02-02 11:40 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\pmxmcro.dll
2011-02-02 11:40 . 2008-04-14 00:10 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll
2011-02-02 11:40 . 2008-04-13 16:43 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
2011-02-02 11:40 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\pmxgl.dll
2011-02-02 11:40 . 2008-04-14 00:10 53760 -c--a-w- c:\windows\system32\dllcache\pintlcsd.dll
2011-02-02 11:40 . 2008-04-14 00:10 175104 -c--a-w- c:\windows\system32\dllcache\pintlcsa.dll
2011-02-02 11:40 . 2008-04-14 00:10 15360 -c--a-w- c:\windows\system32\dllcache\padrs804.dll
2011-02-02 11:40 . 2008-04-14 00:10 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll
2011-02-02 11:40 . 2004-08-04 12:00 36927 -c--a-w- c:\windows\system32\dllcache\padrs411.dll
2011-02-02 11:40 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\padrs412.dll
2011-02-02 11:40 . 2001-08-18 03:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-02-02 11:40 . 2004-08-04 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2011-02-02 11:39 . 2004-08-04 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-02-02 11:39 . 2004-08-04 12:00 126976 -c--a-w- c:\windows\system32\dllcache\mshearts.exe
2011-02-02 11:39 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2011-02-02 11:39 . 2004-08-04 12:00 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
2011-02-02 11:36 . 2008-04-14 00:09 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2011-02-02 11:35 . 2004-08-04 12:00 780885 -c--a-w- c:\windows\system32\dllcache\chkrres.dll
2011-02-02 11:03 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-02-02 11:03 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-02-02 11:02 . 2008-04-14 00:11 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2011-02-02 11:02 . 2008-04-14 00:12 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2011-02-02 11:02 . 2008-04-14 00:12 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2011-02-02 11:02 . 2008-04-14 00:12 214528 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-02-02 10:14 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-02-02 10:14 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-02-02 10:14 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-02-02 10:14 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-02-02 10:12 . 2011-02-08 19:38 -------- d--h--w- c:\documents and settings\Default User
2011-02-01 07:13 . 2011-02-01 07:14 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-27 07:00 . 2011-01-27 07:00 -------- d-----w- c:\windows\UMStor
2011-01-27 06:59 . 2011-01-27 06:59 161 ----a-w- c:\windows\DelToolbox.bat
2011-01-26 04:08 . 2006-09-29 18:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-01-26 04:08 . 2006-09-29 18:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-01-26 04:08 . 2006-09-29 18:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-01-26 04:08 . 2006-05-20 22:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-01-26 04:08 . 2006-05-12 01:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-01-26 04:08 . 2004-05-04 17:53 1645320 ----a-w- c:\windows\gdiplus.dll
2011-01-21 19:44 . 2011-01-21 19:44 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\SupportSoft
2011-01-21 19:44 . 2011-01-21 19:44 -------- d-----w- c:\program files\Common Files\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-27 10:57 . 2010-03-22 06:19 94208 ----a-w- c:\windows\system32\drivers\ezplay.sys
2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-10 02:32 . 2011-01-10 02:32 45056 ----a-w- c:\windows\system32\UTSCSI.EXE
2011-01-08 00:56 . 2011-01-08 00:56 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-01-08 00:56 . 2011-01-08 00:56 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-08 00:56 . 2011-01-08 00:56 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-01-08 00:56 . 2011-01-08 00:56 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-01-08 00:56 . 2011-01-08 00:56 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-01-08 00:56 . 2011-01-08 00:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 00:56 . 2011-01-08 00:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:09 . 2010-09-26 08:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-09-26 08:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-13 01:40 . 2010-12-13 01:40 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12 . 2010-03-19 12:37 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\TRAVIS\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinGuard Pro"="c:\program files\winguard\wgpro7.exe" [2011-02-06 217088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
"DisableChangePassword"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Documents and Settings\\TRAVIS\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*

isabled:Windows Remote Management

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [10/26/2010 6:37 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [10/26/2010 6:37 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [1/21/2011 5:40 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [10/26/2010 6:37 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [10/26/2010 6:37 PM 116784]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [3/23/2010 5:36 AM 5152]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/26/2010 3:37 AM 363344]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [10/26/2010 5:46 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2011 5:36 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110209.001\IDSXpx86.sys [2/9/2011 6:43 PM 341944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/26/2010 3:37 AM 20952]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/12/2010 8:40 PM 436792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2011 11:18 PM 136176]
S3 AM10;Cisco AM10 Driver;c:\windows\system32\drivers\AM10XP.sys [1/9/2011 9:32 PM 816672]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 SnowBird_usb;NBCHIP USB;c:\windows\system32\drivers\SnowBird_usb.sys [12/19/2010 3:01 AM 75717]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 04:17]

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 04:17]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-854245398-2147074499-1004Core.job
- c:\documents and settings\TRAVIS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-06 04:13]

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-854245398-2147074499-1004UA.job
- c:\documents and settings\TRAVIS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-06 04:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 21:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(368)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\hnetcfg.dll
.
Completion time: 2011-02-09 21:36:46
ComboFix-quarantined-files.txt 2011-02-10 02:36

Pre-Run: 29,603,147,776 bytes free
Post-Run: 29,584,134,144 bytes free

Current=4 Default=4 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - F57B6AD77922CB6BFCB724B6CA8360AE

Bobbye · Feb 10, 2011

Eset scan is clean.

Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

Code:

File::
FileLook::
c:\windows\system32\rspencr330.ocx
c:\windows\system32\SmartTabs29.ocx
DDS::
uInternet Settings,ProxyServer = http=;ftp=;https=;
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"=-
"DisableChangePassword"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Recommend uninstall Uniblue Registry Booster.
=====================
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

Extract it to a directory on your hard drive called c:\HijackThis.
Then navigate to that directory and double-click on the hijackthis.exe file.
When started click on the Scan button and then the Save Log button to create a log of your information.
The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

littlebill · Feb 10, 2011

Okay think I deleted the entire Uniblue suite that has the Registry Booster App this time not finding any leftover files however it still could be there running in the background or in the registry I did attempt to remove it completely along with several specific files that were under Registry Booster Folders.

Here are the Logs

ComboFix 11-02-09.05 - TRAVIS 02/10/2011 19:33:26.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.464 [GMT -5:00]
Running from: c:\documents and settings\TRAVIS\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\TRAVIS\Desktop\CFSCRIPT.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2011-01-11 to 2011-02-11 )))))))))))))))))))))))))))))))
.

2011-02-09 22:43 . 2011-02-09 22:43 -------- d-----w- c:\program files\ESET
2011-02-08 09:45 . 2011-02-08 10:12 -------- d-----w- c:\documents and settings\TRAVIS\Application Data\ElevatedDiagnostics
2011-02-08 08:21 . 2011-02-08 08:21 -------- d-----w- c:\program files\Common Files\Java
2011-02-08 08:20 . 2011-02-08 08:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-08 08:20 . 2011-02-08 08:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-08 08:19 . 2011-02-08 08:19 -------- d-----w- c:\program files\Java
2011-02-07 01:09 . 2011-02-07 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-02-07 01:06 . 2011-02-07 01:06 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-02-07 01:06 . 2011-02-07 01:06 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-02-07 01:06 . 2011-02-07 01:06 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-02-07 01:04 . 2011-01-08 03:27 9888672 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2011-02-07 01:04 . 2011-01-08 03:27 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-07 01:04 . 2011-01-08 03:27 6397824 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2011-02-07 01:04 . 2011-01-08 03:27 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
2011-02-07 01:01 . 2011-01-08 03:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-07 01:01 . 2011-01-08 03:27 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-02-07 01:01 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-07 01:01 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-07 01:01 . 2011-01-08 03:27 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-02-07 01:01 . 2011-01-08 03:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-07 01:01 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-07 01:01 . 2011-01-08 03:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-07 01:01 . 2011-01-08 03:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-07 01:01 . 2011-01-08 03:27 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-02-07 01:01 . 2011-02-07 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-02-06 17:55 . 2011-02-06 17:58 -------- d-----w- c:\program files\winguard
2011-02-06 17:55 . 2006-10-07 21:31 221184 ----a-w- c:\windows\system32\rspencr330.ocx
2011-02-06 17:55 . 2006-02-13 06:22 933888 ----a-w- c:\windows\system32\SmartTabs29.ocx
2011-02-06 08:18 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-02-06 08:18 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-02-06 08:18 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-02-06 08:18 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-06 08:18 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-06 08:18 . 2011-01-28 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-06 08:18 . 2011-02-06 08:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-02-06 04:55 . 2011-02-06 04:55 -------- d-----w- c:\windows\system32\Macromed
2011-02-06 04:23 . 2011-02-06 04:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-02-06 04:12 . 2011-02-06 04:13 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\Deployment
2011-02-06 04:00 . 2011-02-06 04:53 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\Google
2011-02-06 04:00 . 2011-02-06 04:18 -------- d-----w- c:\program files\Google
2011-02-03 20:47 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-02-03 20:47 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-02-03 20:46 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-02-03 20:45 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-03 20:41 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-02-03 09:55 . 2011-02-03 09:55 -------- d-----w- C:\NVIDIA
2011-02-03 07:28 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2011-02-03 01:47 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-02-03 01:47 . 2009-07-31 15:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-02-03 01:42 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-03 01:41 . 2008-04-14 10:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-02-03 01:37 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-03 01:37 . 2010-12-20 23:59 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-03 01:37 . 2010-12-20 23:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-03 01:37 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-03 01:37 . 2010-12-20 23:59 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-03 01:37 . 2010-12-21 10:29 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-03 01:37 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-03 00:37 . 2011-02-07 12:17 -------- d-----w- c:\windows\system32\Adobe
2011-02-02 23:51 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-02-02 23:51 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-02-02 23:50 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-02-02 23:49 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-02 23:47 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-02-02 23:47 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-02-02 23:47 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-02-02 23:47 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-02-02 23:47 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-02-02 23:47 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-02-02 23:47 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-02-02 23:47 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-02-02 23:47 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-02-02 23:46 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-02-02 23:46 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-02-02 23:46 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-02-02 23:46 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-02-02 23:46 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-02-02 11:42 . 2004-08-04 12:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2011-02-02 11:42 . 2004-08-04 12:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2011-02-02 11:42 . 2004-08-04 12:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2011-02-02 11:42 . 2004-08-04 12:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2011-02-02 11:42 . 2004-08-04 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2011-02-02 11:42 . 2004-08-04 12:00 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2011-02-02 11:40 . 2004-08-04 12:00 131584 -c--a-w- c:\windows\system32\dllcache\pmxviceo.dll
2011-02-02 11:40 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\pmxmcro.dll
2011-02-02 11:40 . 2008-04-14 00:10 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll
2011-02-02 11:40 . 2008-04-13 16:43 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
2011-02-02 11:40 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\pmxgl.dll
2011-02-02 11:40 . 2008-04-14 00:10 53760 -c--a-w- c:\windows\system32\dllcache\pintlcsd.dll
2011-02-02 11:40 . 2008-04-14 00:10 175104 -c--a-w- c:\windows\system32\dllcache\pintlcsa.dll
2011-02-02 11:40 . 2008-04-14 00:10 15360 -c--a-w- c:\windows\system32\dllcache\padrs804.dll
2011-02-02 11:40 . 2008-04-14 00:10 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll
2011-02-02 11:40 . 2004-08-04 12:00 36927 -c--a-w- c:\windows\system32\dllcache\padrs411.dll
2011-02-02 11:40 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\padrs412.dll
2011-02-02 11:40 . 2001-08-18 03:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-02-02 11:40 . 2004-08-04 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2011-02-02 11:39 . 2004-08-04 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-02-02 11:39 . 2004-08-04 12:00 126976 -c--a-w- c:\windows\system32\dllcache\mshearts.exe
2011-02-02 11:39 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2011-02-02 11:39 . 2004-08-04 12:00 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
2011-02-02 11:36 . 2008-04-14 00:09 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2011-02-02 11:35 . 2004-08-04 12:00 780885 -c--a-w- c:\windows\system32\dllcache\chkrres.dll
2011-02-02 11:03 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-02-02 11:03 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-02-02 11:02 . 2008-04-14 00:11 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2011-02-02 11:02 . 2008-04-14 00:12 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2011-02-02 11:02 . 2008-04-14 00:12 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2011-02-02 11:02 . 2008-04-14 00:12 214528 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-02-02 10:14 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-02-02 10:14 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-02-02 10:14 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-02-02 10:14 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-02-02 10:12 . 2011-02-08 19:38 -------- d--h--w- c:\documents and settings\Default User
2011-02-01 07:13 . 2011-02-01 07:14 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-27 07:00 . 2011-01-27 07:00 -------- d-----w- c:\windows\UMStor
2011-01-27 06:59 . 2011-01-27 06:59 161 ----a-w- c:\windows\DelToolbox.bat
2011-01-26 04:08 . 2006-09-29 18:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-01-26 04:08 . 2006-09-29 18:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-01-26 04:08 . 2006-09-29 18:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-01-26 04:08 . 2006-05-20 22:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-01-26 04:08 . 2006-05-12 01:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-01-26 04:08 . 2004-05-04 17:53 1645320 ----a-w- c:\windows\gdiplus.dll
2011-01-21 19:44 . 2011-01-21 19:44 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\SupportSoft
2011-01-21 19:44 . 2011-01-21 19:44 -------- d-----w- c:\program files\Common Files\SupportSoft
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-10 02:32 . 2011-01-10 02:32 45056 ----a-w- c:\windows\system32\UTSCSI.EXE
2011-01-08 00:56 . 2011-01-08 00:56 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-01-08 00:56 . 2011-01-08 00:56 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-08 00:56 . 2011-01-08 00:56 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-01-08 00:56 . 2011-01-08 00:56 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-01-08 00:56 . 2011-01-08 00:56 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-01-08 00:56 . 2011-01-08 00:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 00:56 . 2011-01-08 00:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12 . 2010-03-19 12:37 81920 ----a-w- c:\windows\system32\isign32.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\rspencr330.ocx ---
Company: RSP Software - http://rspsoftware.clic3.net
File Description: AES RC4 Encryption OCX
File Version: 3.03
Product Name: RSP Encrypt OCX 3.3.0
Copyright: RSP Software 2005
Original Filename: rspencr330.ocx
File size: 221184
Created time: 2011-02-06 17:55
Modified time: 2006-10-07 21:31
MD5: 1FA6A26122C72EC9655C21E5899BFED9
SHA1: 2B659F47061E9C42C46039C4D795A226A1B190BE

--- c:\windows\system32\SmartTabs29.ocx ---
Company: Adroit Technologies
File Description: Smart Tabbed Dialog Control [ActiveX]
File Version: 2.09.0014
Product Name: Smart Tabbed Dialog Control
Copyright: (c) 2003-2006 Adroit Technologies
Original Filename: SmartTabs29.ocx
File size: 933888
Created time: 2011-02-06 17:55
Modified time: 2006-02-13 06:22
MD5: 87984BEEAA14A131E588179E7C359AED
SHA1: 815DDB6A3EDF7133294C05702744F54D5A8A439C

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\TRAVIS\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinGuard Pro"="c:\program files\winguard\wgpro7.exe" [2011-02-06 217088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Documents and Settings\\TRAVIS\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*

isabled:Windows Remote Management

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [10/26/2010 6:37 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [10/26/2010 6:37 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [1/21/2011 5:40 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [10/26/2010 6:37 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [10/26/2010 6:37 PM 116784]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [3/23/2010 5:36 AM 5152]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/26/2010 3:37 AM 363344]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [10/26/2010 5:46 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2011 5:36 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110210.001\IDSXpx86.sys [2/10/2011 5:42 PM 341944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/26/2010 3:37 AM 20952]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/12/2010 8:40 PM 436792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2011 11:18 PM 136176]
S3 AM10;Cisco AM10 Driver;c:\windows\system32\drivers\AM10XP.sys [1/9/2011 9:32 PM 816672]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 SnowBird_usb;NBCHIP USB;c:\windows\system32\drivers\SnowBird_usb.sys [12/19/2010 3:01 AM 75717]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 04:17]

2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 04:17]

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-854245398-2147074499-1004Core.job
- c:\documents and settings\TRAVIS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-06 04:13]

2011-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-854245398-2147074499-1004UA.job
- c:\documents and settings\TRAVIS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-06 04:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 19:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(152)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-10 21:18:22
ComboFix-quarantined-files.txt 2011-02-11 02:18
ComboFix2.txt 2011-02-10 02:36

Pre-Run: 29,581,168,640 bytes free
Post-Run: 29,569,380,352 bytes free

Current=4 Default=4 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 8BC773D13B1D22C1C58404D1A243EDF3

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:25:44 PM, on 2/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\winguard\wgpro7.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\TRAVIS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TRAVIS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\TRAVIS\LOCALS~1\Temp\Rar$EX00.421\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [WinGuard Pro] C:\Program Files\winguard\wgpro7.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\TRAVIS\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 6943 bytes

Bobbye · Feb 11, 2011

Per PM, any left over entries for programs you uninstall witll show up in Combofix. I will remove them with script- including Registry entries Uninstall the Uniblue Registry Cleaner. Did you want to keep SpyEraser?

Let me know of any other programs you uninstalled, so I can include their 'left overs' if any.

littlebill · Feb 11, 2011

Yes I did want to keep it (spy eraser). I think it was deleted (registry booster)&(spy eraser) it was part of the uniblue power suite (I deleted it from your earlier response)which included registry booster, speed up my pc, and spy eraser.
These things I uninstalled prior HDD Regenerator 1.71, Nero 7 Premium 7.10.1.0, Satsuki Codec Pack Along with several other Codecs, Divx Player, Windows Media Player Classic, Adobe Macromedia Flash (replaced), Shockwave Player (replaced), AIR, Acrobat, and Reader, AVS Video Converter, VMware player 3.0.1, Back Track 4, Ad-Aware 2007,Uniblue Driver Scanner, pcoffin and pcoffin.sys, (VSO CopyToDVD, ConvertXToDVD, BlindWrite, PhototoDVD, Image Resizer,VSO Inspector, LeapFrog, Producer Tools, Mp4 converter, Windows Movie Maker (had Problems with this one crashing during conversion not completing) then all conversions programs failed while running conversion of any format software starts conversion then disappears and stops converting Had a problem with MS Paint it crashed all files were trying to open under MS paint so it was deleted as a temp fix to that problem I then installed Advance Paint

I got this Error yesterday when running the Combofix. PEV.cfxxe has encountered a problem and needs to close. Next PEV.cfxxe.exe has generated errors and will be closed by windows you will need to restart the program.
So today I copied the CFscript and ran the combofix again to no prevail got the exact same error mssgs here is a copy of the Combofix Log

ComboFix 11-02-11.01 - TRAVIS 02/11/2011 21:58:21.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.417 [GMT -5:00]
Running from: c:\documents and settings\TRAVIS\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\TRAVIS\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
/wow section - STAGE 48
The system cannot find the path specified.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.

/wow section not completed

((((((((((((((((((((((((( Files Created from 2011-01-12 to 2011-02-12 )))))))))))))))))))))))))))))))
.

2011-02-09 22:43 . 2011-02-09 22:43 -------- d-----w- c:\program files\ESET
2011-02-08 09:45 . 2011-02-08 10:12 -------- d-----w- c:\documents and settings\TRAVIS\Application Data\ElevatedDiagnostics
2011-02-08 08:21 . 2011-02-08 08:21 -------- d-----w- c:\program files\Common Files\Java
2011-02-08 08:20 . 2011-02-08 08:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-08 08:20 . 2011-02-08 08:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-08 08:19 . 2011-02-08 08:19 -------- d-----w- c:\program files\Java
2011-02-07 01:09 . 2011-02-07 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-02-07 01:06 . 2011-02-07 01:06 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-02-07 01:06 . 2011-02-07 01:06 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-02-07 01:06 . 2011-02-07 01:06 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-02-07 01:04 . 2011-01-08 03:27 9888672 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2011-02-07 01:04 . 2011-01-08 03:27 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-07 01:04 . 2011-01-08 03:27 6397824 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2011-02-07 01:04 . 2011-01-08 03:27 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
2011-02-07 01:01 . 2011-01-08 03:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-07 01:01 . 2011-01-08 03:27 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-02-07 01:01 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-07 01:01 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-07 01:01 . 2011-01-08 03:27 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-02-07 01:01 . 2011-01-08 03:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-07 01:01 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-07 01:01 . 2011-01-08 03:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-07 01:01 . 2011-01-08 03:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-07 01:01 . 2011-01-08 03:27 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-02-07 01:01 . 2011-02-07 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-02-06 17:55 . 2011-02-11 22:19 -------- d-----w- c:\program files\winguard
2011-02-06 17:55 . 2006-10-07 21:31 221184 ----a-w- c:\windows\system32\rspencr330.ocx
2011-02-06 17:55 . 2006-02-13 06:22 933888 ----a-w- c:\windows\system32\SmartTabs29.ocx
2011-02-06 08:18 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-02-06 08:18 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-02-06 08:18 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-02-06 08:18 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-06 08:18 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-06 08:18 . 2011-01-28 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-06 08:18 . 2011-02-06 08:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-02-06 04:55 . 2011-02-06 04:55 -------- d-----w- c:\windows\system32\Macromed
2011-02-06 04:23 . 2011-02-06 04:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-02-06 04:12 . 2011-02-06 04:13 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\Deployment
2011-02-06 04:00 . 2011-02-06 04:53 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\Google
2011-02-06 04:00 . 2011-02-06 04:18 -------- d-----w- c:\program files\Google
2011-02-03 20:47 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-02-03 20:47 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-02-03 20:46 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-02-03 20:45 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-03 20:41 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-02-03 09:55 . 2011-02-03 09:55 -------- d-----w- C:\NVIDIA
2011-02-03 07:28 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2011-02-03 01:47 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-02-03 01:47 . 2009-07-31 15:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-02-03 01:42 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-03 01:41 . 2008-04-14 10:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-02-03 01:37 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-03 01:37 . 2010-12-20 23:59 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-03 01:37 . 2010-12-20 23:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-03 01:37 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-03 01:37 . 2010-12-20 23:59 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-03 01:37 . 2010-12-21 10:29 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-03 01:37 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-03 00:37 . 2011-02-07 12:17 -------- d-----w- c:\windows\system32\Adobe
2011-02-02 23:51 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-02-02 23:51 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-02-02 23:50 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-02-02 23:49 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-02 23:47 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-02-02 23:47 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-02-02 23:47 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-02-02 23:47 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-02-02 23:47 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-02-02 23:47 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-02-02 23:47 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-02-02 23:47 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-02-02 23:47 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-02-02 23:46 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-02-02 23:46 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-02-02 23:46 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-02-02 23:46 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-02-02 23:46 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-02-02 11:42 . 2004-08-04 12:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2011-02-02 11:42 . 2004-08-04 12:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2011-02-02 11:42 . 2004-08-04 12:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2011-02-02 11:42 . 2004-08-04 12:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2011-02-02 11:42 . 2004-08-04 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2011-02-02 11:42 . 2004-08-04 12:00 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2011-02-02 11:40 . 2004-08-04 12:00 131584 -c--a-w- c:\windows\system32\dllcache\pmxviceo.dll
2011-02-02 11:40 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\pmxmcro.dll
2011-02-02 11:40 . 2008-04-14 00:10 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll
2011-02-02 11:40 . 2008-04-13 16:43 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
2011-02-02 11:40 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\pmxgl.dll
2011-02-02 11:40 . 2008-04-14 00:10 53760 -c--a-w- c:\windows\system32\dllcache\pintlcsd.dll
2011-02-02 11:40 . 2008-04-14 00:10 175104 -c--a-w- c:\windows\system32\dllcache\pintlcsa.dll
2011-02-02 11:40 . 2008-04-14 00:10 15360 -c--a-w- c:\windows\system32\dllcache\padrs804.dll
2011-02-02 11:40 . 2008-04-14 00:10 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll
2011-02-02 11:40 . 2004-08-04 12:00 36927 -c--a-w- c:\windows\system32\dllcache\padrs411.dll
2011-02-02 11:40 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\padrs412.dll
2011-02-02 11:40 . 2001-08-18 03:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-02-02 11:40 . 2004-08-04 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2011-02-02 11:39 . 2004-08-04 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-02-02 11:39 . 2004-08-04 12:00 126976 -c--a-w- c:\windows\system32\dllcache\mshearts.exe
2011-02-02 11:39 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2011-02-02 11:39 . 2004-08-04 12:00 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
2011-02-02 11:36 . 2008-04-14 00:09 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2011-02-02 11:35 . 2004-08-04 12:00 780885 -c--a-w- c:\windows\system32\dllcache\chkrres.dll
2011-02-02 11:03 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-02-02 11:03 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-02-02 11:02 . 2008-04-14 00:11 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2011-02-02 11:02 . 2008-04-14 00:12 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2011-02-02 11:02 . 2008-04-14 00:12 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2011-02-02 11:02 . 2008-04-14 00:12 214528 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-02-02 10:14 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-02-02 10:14 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-02-02 10:14 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-02-02 10:14 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-02-02 10:12 . 2011-02-08 19:38 -------- d--h--w- c:\documents and settings\Default User
2011-02-01 07:13 . 2011-02-01 07:14 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-27 07:00 . 2011-01-27 07:00 -------- d-----w- c:\windows\UMStor
2011-01-27 06:59 . 2011-01-27 06:59 161 ----a-w- c:\windows\DelToolbox.bat
2011-01-26 04:08 . 2006-09-29 18:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-01-26 04:08 . 2006-09-29 18:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-01-26 04:08 . 2006-09-29 18:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-01-26 04:08 . 2006-05-20 22:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-01-26 04:08 . 2006-05-12 01:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-01-26 04:08 . 2004-05-04 17:53 1645320 ----a-w- c:\windows\gdiplus.dll
2011-01-21 19:44 . 2011-01-21 19:44 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\SupportSoft
2011-01-21 19:44 . 2011-01-21 19:44 -------- d-----w- c:\program files\Common Files\SupportSoft
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-27 10:57 . 2010-03-22 06:19 94208 ----a-w- c:\windows\system32\drivers\ezplay.sys
2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-10 02:32 . 2011-01-10 02:32 45056 ----a-w- c:\windows\system32\UTSCSI.EXE
2011-01-08 00:56 . 2011-01-08 00:56 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-01-08 00:56 . 2011-01-08 00:56 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-08 00:56 . 2011-01-08 00:56 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-01-08 00:56 . 2011-01-08 00:56 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-01-08 00:56 . 2011-01-08 00:56 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-01-08 00:56 . 2011-01-08 00:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 00:56 . 2011-01-08 00:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:09 . 2010-09-26 08:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-09-26 08:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-13 01:40 . 2010-12-13 01:40 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12 . 2010-03-19 12:37 81920 ----a-w- c:\windows\system32\isign32.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\rspencr330.ocx ---
Company: RSP Software - http://rspsoftware.clic3.net
File Description: AES RC4 Encryption OCX
File Version: 3.03
Product Name: RSP Encrypt OCX 3.3.0
Copyright: RSP Software 2005
Original Filename: rspencr330.ocx
File size: 221184
Created time: 2011-02-06 17:55
Modified time: 2006-10-07 21:31
MD5: 1FA6A26122C72EC9655C21E5899BFED9
SHA1: 2B659F47061E9C42C46039C4D795A226A1B190BE

--- c:\windows\system32\SmartTabs29.ocx ---
Company: Adroit Technologies
File Description: Smart Tabbed Dialog Control [ActiveX]
File Version: 2.09.0014
Product Name: Smart Tabbed Dialog Control
Copyright: (c) 2003-2006 Adroit Technologies
Original Filename: SmartTabs29.ocx
File size: 933888
Created time: 2011-02-06 17:55
Modified time: 2006-02-13 06:22
MD5: 87984BEEAA14A131E588179E7C359AED
SHA1: 815DDB6A3EDF7133294C05702744F54D5A8A439C

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\TRAVIS\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinGuard Pro"="c:\program files\winguard\wgpro7.exe" [2011-02-06 217088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Documents and Settings\\TRAVIS\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*

isabled:Windows Remote Management

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [10/26/2010 6:37 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [10/26/2010 6:37 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [1/21/2011 5:40 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [10/26/2010 6:37 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [10/26/2010 6:37 PM 116784]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [3/23/2010 5:36 AM 5152]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/26/2010 3:37 AM 363344]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [10/26/2010 5:46 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2011 5:36 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110211.002\IDSXpx86.sys [2/11/2011 8:30 PM 341944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/26/2010 3:37 AM 20952]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/12/2010 8:40 PM 436792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2011 11:18 PM 136176]
S3 AM10;Cisco AM10 Driver;c:\windows\system32\drivers\AM10XP.sys [1/9/2011 9:32 PM 816672]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 SnowBird_usb;NBCHIP USB;c:\windows\system32\drivers\SnowBird_usb.sys [12/19/2010 3:01 AM 75717]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 04:17]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 04:17]

2011-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-854245398-2147074499-1004Core.job
- c:\documents and settings\TRAVIS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-06 04:13]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-854245398-2147074499-1004UA.job
- c:\documents and settings\TRAVIS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-06 04:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-11 22:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(188)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-11 22:12:04
ComboFix-quarantined-files.txt 2011-02-12 03:11
ComboFix2.txt 2011-02-11 02:18
ComboFix3.txt 2011-02-10 02:36

Pre-Run: 29,544,914,944 bytes free
Post-Run: 29,526,986,752 bytes free

Current=4 Default=4 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 2FC3B8F55D8A8757D17429E4A5A3CAE6

Bobbye · Feb 12, 2011

That error message was just a 'Combofix thing.' The script wouldn't work again because the processes had been removed.

Your logs look fine- is there any reason you still suspect infection? One thing I will mention is that you have a lot of unneeded processes running in the background. When you get a chance, take a look at the Startup Menu- the only processes that need to start on boot are the AV,F/W, touchpad if on laptop and network process if using Pure/Cisco Networks>>> nothing else!

You have very many Nvidia-related processes running. Are you actually always using them? And if I didn't do this earlier, I will warn you about file sharing:
c:\\Program Files\\Vuze\\Azureus.exe
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall Vuze/Azureus for the following reasons:

As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
Malware writers use these program to include malicious content.
File sharing is usually unmonitored and there is a danger that your private files might be accessed.
The 'sharing' also includes malware that the shared system has on it.
Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.

Solved Please help remove virus and adobe flash crashes in every browser ran combo fix

littlebill

Posts: 8 +0

Attachments

Bobbye

Posts: 16,313 +36

littlebill

Posts: 8 +0

littlebill

Posts: 8 +0

Bobbye

Posts: 16,313 +36

littlebill

Posts: 8 +0

Bobbye

Posts: 16,313 +36

littlebill

Posts: 8 +0

Bobbye

Posts: 16,313 +36

littlebill

Posts: 8 +0

Bobbye

Posts: 16,313 +36

Similar threads

Latest posts