TechSpot

Please help remove virus and adobe flash crashes in every browser ran combo fix

By littlebill
Feb 8, 2011
  1. Hello all and thanks for stopping by to help me I'm experiencing some really strange things on my pc first it's periodically crashing to system memory dump and giving a error that something is wrong with my graphic card and sys RAM I have had no problems like this until I installed google chrome and deleted and reinstalled Adobe Flash and Shockwave Player also any browser I try to use crashes and restarts when trying to play video content in full screen mode I ran the COMBOFIX and it created a log will someone please assist I'm at a standstill here. THNKS. LittleBill
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot![​IMG]
    (Image courtesy animationplayhouse.com)

    I'll try to help, but you're working backwards. If you look at the stickies abve this forum you will see:

    1. Do NOT run Combofix without our guidance

    2. If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    Please Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
     
  3. littlebill

    littlebill TS Rookie Topic Starter

    thanks

    ok I'm deleting the combofix per your instructions will reply when complete
     
  4. littlebill

    littlebill TS Rookie Topic Starter

    reply

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5709

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2/8/2011 4:40:22 PM
    mbam-log-2011-02-08 (16-40-22).txt

    Scan type: Quick scan
    Objects scanned: 147563
    Time elapsed: 17 minute(s), 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-02-08 17:00:12
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.3.04
    Running: ue98bu2f.exe; Driver: C:\DOCUME~1\TRAVIS\LOCALS~1\Temp\pxtdypod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----




    DDS (Ver_10-12-12.02) - NTFSx86
    Run by TRAVIS at 17:07:53.79 on Tue 02/08/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.545 [GMT -5:00]

    AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Disabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k eapsvcs
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k dot3svc
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\UTSCSI.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files\winguard\wgpro7.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\TRAVIS\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = http=;ftp=;https=;
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [cdloader] "c:\documents and settings\travis\application data\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [Uniblue SpyEraser] "c:\program files\uniblue\spyeraser\SpyEraser.exe" -m
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [WinGuard Pro] c:\program files\winguard\wgpro7.exe
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    uPolicies-explorer: RestrictRun = 0 (0x0)
    uPolicies-system: DisableLockWorkstation = 1 (0x1)
    uPolicies-system: DisableChangePassword = 1 (0x1)
    mPolicies-explorer: RestrictRun = 0 (0x0)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-26 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-26 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110114.001\BHDrvx86.sys [2011-1-21 691248]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-26 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-26 116784]
    R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2010-3-23 5152]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-26 363344]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-10-26 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-2-3 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110207.001\IDSXpx86.sys [2011-2-7 341944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-26 20952]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110208.002\NAVENG.SYS [2011-2-8 86008]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110208.002\NAVEX15.SYS [2011-2-8 1360760]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-5 136176]
    S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
    S3 AM10;Cisco AM10 Driver;c:\windows\system32\drivers\AM10XP.sys [2011-1-9 816672]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-9-27 27064]
    S3 SnowBird_usb;NBCHIP USB;c:\windows\system32\drivers\SnowBird_usb.sys [2010-12-19 75717]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2011-02-08 10:28:09 89088 ----a-w- c:\windows\MBR.exe
    2011-02-08 10:28:08 98816 ----a-w- c:\windows\sed.exe
    2011-02-08 09:45:48 -------- d-----w- c:\docume~1\travis\applic~1\ElevatedDiagnostics
    2011-02-08 08:20:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-08 08:20:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-07 01:09:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
    2011-02-07 01:06:12 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-02-07 01:06:04 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-02-07 01:06:04 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-02-07 01:04:44 9888672 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
    2011-02-07 01:04:44 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2011-02-07 01:04:34 6397824 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
    2011-02-07 01:04:34 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-02-07 01:01:47 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2011-02-07 01:01:36 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-02-07 01:01:35 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
    2011-02-07 01:01:34 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
    2011-02-07 01:01:30 2292678 ----a-w- c:\windows\system32\nvdata.bin
    2011-02-07 01:01:25 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-02-07 01:01:22 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-02-07 01:01:16 4980736 ----a-w- c:\windows\system32\nvcuda.dll
    2011-02-07 01:01:12 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-02-07 01:01:11 1958400 ----a-w- c:\windows\system32\nvapi.dll
    2011-02-06 17:55:06 933888 ----a-w- c:\windows\system32\SmartTabs29.ocx
    2011-02-06 17:55:06 221184 ----a-w- c:\windows\system32\rspencr330.ocx
    2011-02-06 17:55:06 -------- d-----w- c:\program files\winguard
    2011-02-06 08:18:44 839680 ----a-w- c:\windows\system32\lameACM.acm
    2011-02-06 08:18:43 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2011-02-06 08:18:42 237568 ----a-w- c:\windows\system32\yv12vfw.dll
    2011-02-06 08:18:40 810496 ----a-w- c:\windows\system32\xvidcore.dll
    2011-02-06 08:18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
    2011-02-06 08:18:39 80896 ----a-w- c:\windows\system32\ff_vfw.dll
    2011-02-06 08:18:25 -------- d-----w- c:\program files\K-Lite Codec Pack
    2011-02-06 04:12:40 -------- d-----w- c:\docume~1\travis\locals~1\applic~1\Deployment
    2011-02-06 04:00:46 -------- d-----w- c:\docume~1\travis\locals~1\applic~1\Google
    2011-02-03 20:47:34 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-02-03 20:47:32 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2011-02-03 20:46:55 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-02-03 20:45:25 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-02-03 20:41:57 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-02-03 12:57:07 -------- d-----w- c:\program files\Uniblue
    2011-02-03 09:55:53 -------- d-----w- C:\NVIDIA
    2011-02-03 07:28:16 357248 -c----w- c:\windows\system32\dllcache\srv.sys
    2011-02-03 01:47:28 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2011-02-03 01:47:27 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2011-02-03 01:42:34 81920 ------w- c:\windows\system32\ieencode.dll
    2011-02-03 01:41:07 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
    2011-02-03 01:37:27 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-02-03 01:37:20 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-02-03 01:37:20 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-02-03 01:37:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-02-03 01:37:18 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-02-03 01:37:12 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-02-03 01:37:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-02-03 00:37:15 -------- d-----w- c:\windows\system32\Adobe
    2011-02-02 23:51:13 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-02-02 23:51:13 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-02-02 23:50:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-02-02 23:49:59 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-02-02 23:47:08 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2011-02-02 23:47:07 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2011-02-02 23:47:07 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2011-02-02 23:47:06 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-02-02 23:47:05 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-02-02 23:47:05 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-02-02 23:47:03 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
    2011-02-02 23:47:03 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-02-02 23:47:02 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2011-02-02 23:46:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-02-02 23:46:55 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2011-02-02 23:46:50 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-02-02 23:46:08 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-02-02 23:46:02 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-02-02 18:54:17 -------- d-----w- c:\docume~1\travis\applic~1\Uniblue
    2011-02-02 11:42:11 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
    2011-02-02 11:42:11 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
    2011-02-02 11:42:10 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
    2011-02-02 11:42:10 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
    2011-02-02 11:42:10 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
    2011-02-02 11:42:10 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
    2011-02-02 11:40:57 131584 -c--a-w- c:\windows\system32\dllcache\pmxviceo.dll
    2011-02-02 11:40:57 11264 -c--a-w- c:\windows\system32\dllcache\pmxmcro.dll
    2011-02-02 11:40:56 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
    2011-02-02 11:40:56 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll
    2011-02-02 11:40:56 6144 -c--a-w- c:\windows\system32\dllcache\pmxgl.dll
    2011-02-02 11:40:53 53760 -c--a-w- c:\windows\system32\dllcache\pintlcsd.dll
    2011-02-02 11:40:53 175104 -c--a-w- c:\windows\system32\dllcache\pintlcsa.dll
    2011-02-02 11:40:51 15360 -c--a-w- c:\windows\system32\dllcache\padrs804.dll
    2011-02-02 11:40:50 36927 -c--a-w- c:\windows\system32\dllcache\padrs411.dll
    2011-02-02 11:40:50 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll
    2011-02-02 11:40:50 14336 -c--a-w- c:\windows\system32\dllcache\padrs412.dll
    2011-02-02 11:40:42 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
    2011-02-02 11:40:36 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
    2011-02-02 11:39:08 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
    2011-02-02 11:39:07 126976 -c--a-w- c:\windows\system32\dllcache\mshearts.exe
    2011-02-02 11:39:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
    2011-02-02 11:39:00 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
    2011-02-02 11:36:43 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
    2011-02-02 11:35:59 780885 -c--a-w- c:\windows\system32\dllcache\chkrres.dll
    2011-02-02 11:34:58 -------- d-----w- c:\program files\msn gaming zone
    2011-02-02 11:03:10 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2011-02-02 11:03:10 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
    2011-02-02 11:02:14 32768 ----a-w- c:\program files\internet explorer\connection wizard\icwdl.dll
    2011-02-02 11:02:13 20480 ----a-w- c:\program files\internet explorer\connection wizard\inetwiz.exe
    2011-02-02 11:02:12 86016 ----a-w- c:\program files\internet explorer\connection wizard\icwconn2.exe
    2011-02-02 11:02:12 214528 ----a-w- c:\program files\internet explorer\connection wizard\icwconn1.exe
    2011-02-02 10:14:34 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2011-02-02 10:14:34 13312 ----a-w- c:\windows\system32\irclass.dll
    2011-02-02 10:14:32 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2011-02-02 10:14:32 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2011-01-27 07:00:08 -------- d-----w- c:\windows\UMStor
    2011-01-27 06:59:49 161 ----a-w- c:\windows\DelToolbox.bat
    2011-01-26 04:08:16 217127 ----a-w- c:\windows\system32\drv43260.dll
    2011-01-26 04:08:16 208935 ----a-w- c:\windows\system32\drv33260.dll
    2011-01-26 04:08:16 176165 ----a-w- c:\windows\system32\drv23260.dll
    2011-01-26 04:08:15 626688 ----a-w- c:\windows\system32\vp7vfw.dll
    2011-01-26 04:08:15 1645320 ----a-w- c:\windows\gdiplus.dll
    2011-01-26 04:08:15 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
    2011-01-21 19:44:56 -------- d-----w- c:\docume~1\travis\locals~1\applic~1\SupportSoft
    2011-01-21 19:44:09 -------- d-----w- c:\program files\common files\SupportSoft
    2011-01-10 02:32:55 45056 ----a-w- c:\windows\system32\UTSCSI.EXE
    2011-01-10 02:32:37 816672 ---ha-w- c:\windows\system32\drivers\AM10XP.sys

    ==================== Find3M ====================

    2011-01-08 00:56:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2011-01-08 00:56:50 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-01-08 00:56:48 277608 ----a-w- c:\windows\system32\nvmccs.dll
    2011-01-08 00:56:48 156776 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-01-08 00:56:48 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2011-01-08 00:56:48 13880424 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-08 00:56:48 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

    ============= FINISH: 17:09:43.01 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/2/2011 6:42:46 AM
    System Uptime: 2/8/2011 4:52:52 PM (1 hours ago)

    Motherboard: Intel Corporation | | D845PESV
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | J2E1 | 2799/133mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 75 GiB total, 23.399 GiB free.
    D: is CDROM ()
    E: is Removable
    G: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/100 VE Network Connection
    Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_30158086&REV_82\4&29817089&0&40F0
    Manufacturer: Intel
    Name: Intel(R) PRO/100 VE Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_30158086&REV_82\4&29817089&0&40F0
    Service: E100B

    Class GUID: {FF646F80-8DEF-11D2-9449-00105A075F6B}
    Description: pcouffin device for 32 bits systems
    Device ID: ROOT\PCOUFFIN\0003
    Manufacturer: VSO Software
    Name: pcouffin device for 32 bits systems
    PNP Device ID: ROOT\PCOUFFIN\0003
    Service: pcouffin

    Class GUID: {FF646F80-8DEF-11D2-9449-00105A075F6B}
    Description: pcouffin device for 32 bits systems
    Device ID: ROOT\PCOUFFIN\0004
    Manufacturer: VSO Software
    Name: pcouffin device for 32 bits systems
    PNP Device ID: ROOT\PCOUFFIN\0004
    Service: pcouffin

    Class GUID: {FF646F80-8DEF-11D2-9449-00105A075F6B}
    Description: pcouffin device for 32 bits systems
    Device ID: ROOT\PCOUFFIN\0005
    Manufacturer: VSO Software
    Name: pcouffin device for 32 bits systems
    PNP Device ID: ROOT\PCOUFFIN\0005
    Service: pcouffin

    Class GUID: {FF646F80-8DEF-11D2-9449-00105A075F6B}
    Description: pcouffin device for 32 bits systems
    Device ID: ROOT\PCOUFFIN\0006
    Manufacturer: VSO Software
    Name: pcouffin device for 32 bits systems
    PNP Device ID: ROOT\PCOUFFIN\0006
    Service: pcouffin

    ==== System Restore Points ===================

    RP1: 2/2/2011 11:06:32 AM - System Checkpoint
    RP2: 2/2/2011 6:25:40 PM - Software Distribution Service 3.0
    RP3: 2/2/2011 6:58:34 PM - Software Distribution Service 3.0
    RP4: 2/3/2011 12:08:33 AM - Software Distribution Service 3.0
    RP5: 2/3/2011 12:31:43 AM - Software Distribution Service 3.0
    RP6: 2/3/2011 2:37:36 AM - Software Distribution Service 3.0
    RP7: 2/3/2011 3:57:21 AM - Software Distribution Service 3.0
    RP8: 2/3/2011 3:56:19 PM - Software Distribution Service 3.0
    RP9: 2/3/2011 5:20:11 PM - Software Distribution Service 3.0
    RP10: 2/4/2011 6:07:20 PM - System Checkpoint
    RP11: 2/4/2011 7:50:28 PM - Uniblue RegistryBooster
    RP12: 2/6/2011 10:02:33 AM - System Checkpoint
    RP13: 2/7/2011 10:47:24 AM - System Checkpoint
    RP14: 2/8/2011 1:45:45 AM - Installed Java(TM) 6 Update 23
    RP15: 2/8/2011 1:48:56 AM - Removed Java(TM) 6 Update 18
    RP16: 2/8/2011 3:19:08 AM - Installed Java(TM) 6 Update 23

    ==== Installed Programs ======================

    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Shockwave Player 11.5
    AvancePaint v5.0.0
    BSPlayer
    CCleaner
    GEAR driver installer for x86 and x64
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel Application Accelerator
    Java Auto Updater
    Java(TM) 6 Update 23
    Junk Mail filter update
    K-Lite Codec Pack 6.9.0 (Full)
    Klever PumpKIN 2.7.2
    magicJack
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual J# 2.0 Redistributable Package
    MRU-Blaster v1.5 (Database 3/28/2004)
    MSVCRT
    MSXML 6 Service Pack 2 (KB973686)
    Norton Security Suite
    NVIDIA Control Panel 266.58
    NVIDIA Graphics Driver 266.58
    NVIDIA Install Application
    NVIDIA nView 135.50
    NVIDIA nView Desktop Manager
    PeerBlock 1.1 (r518)
    Revo Uninstaller Pro 2.5.1
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB978380)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office Excel 2007 (KB978382)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Segoe UI
    SoundMAX
    Spybot - Search & Destroy
    Super Hide IP
    System Requirements Lab
    System Requirements Lab for Intel
    Technitium MAC Address Changer v5.0
    Uniblue PowerSuite
    Uninstall Expert 3.0.1.2121
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Outlook 2007 Junk Email Filter (kb968503)
    Update for Windows Internet Explorer 8 (KB976662)
    VLC media player 0.9.4
    Vuze
    Vuze Remote Toolbar
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Photo Gallery
    Windows Live Toolbar
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinGuard Pro 2011, v7.6.0.3
    WinRAR archiver
    Xvid 1.2.2 final uninstall

    ==== Event Viewer Messages From Past Week ========

    2/8/2011 4:10:02 PM, error: Service Control Manager [7034] - The SoundMAX Agent Service service terminated unexpectedly. It has done this 1 time(s).
    2/8/2011 4:10:02 PM, error: Service Control Manager [7034] - The SNMP Service service terminated unexpectedly. It has done this 1 time(s).
    2/8/2011 4:10:02 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    2/3/2011 9:01:49 AM, error: Service Control Manager [7034] - The CLCV0 service terminated unexpectedly. It has done this 1 time(s).
    2/3/2011 9:01:43 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    2/3/2011 9:01:42 AM, error: Service Control Manager [7034] - The Remote Procedure Call (RPC) Locator service terminated unexpectedly. It has done this 1 time(s).
    2/3/2011 8:48:05 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
    2/3/2011 8:48:05 AM, error: Service Control Manager [7023] - The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: A device attached to the system is not functioning.
    2/3/2011 8:48:05 AM, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
    2/3/2011 8:48:05 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the path specified.
    2/3/2011 8:46:54 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
    2/3/2011 8:16:40 AM, error: nv [14] - Unknown error on
    2/3/2011 4:59:44 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file nv4_mini.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.5673.
    2/3/2011 4:59:44 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file nv4_disp.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.5673.
    2/3/2011 2:51:55 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB959426).
    2/3/2011 2:51:02 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB960859).
    2/3/2011 2:47:12 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB971657).
    2/3/2011 2:46:37 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB960225).
    2/3/2011 2:44:57 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB961501).
    2/3/2011 2:44:19 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB974571).
    2/3/2011 2:44:11 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB975560).
    2/3/2011 2:43:52 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB973507).
    2/3/2011 2:41:58 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows XP (KB967715).
    2/3/2011 2:40:05 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB970238).
    2/3/2011 2:39:43 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB979482).
    2/3/2011 2:38:18 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows XP (KB968389).
    2/3/2011 12:25:47 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    2/3/2011 12:25:47 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/3/2011 1:56:24 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
    2/3/2011 1:49:05 AM, error: Service Control Manager [7028] - The Cfg Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
    2/2/2011 7:15:05 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.
    2/2/2011 7:03:43 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows XP (KB956802).
    2/2/2011 6:21:47 PM, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared.

    ==== End Of File ===========================
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Before sending you on to do additional scans, I'd like to mention the following:

    1. You have numerous program installed to clean (especially the Registry), uninstall,:
    CCleaner
    Revo Uninstaller Pro 2.5.1
    Uninstall; Expert: uninstall unneeded programs completely from your computer.
    Uniblue RegistryBooster
    Uniblue PowerSuite> $60:>This application is missing a lot of important features. It only has features for repairing the registry, optimizing your system and updating device drivers.

    We don't recommend using a Registry Cleaner. The majority of users don't know how to evaluate Registry entries and if they should be removed. You have several programs all trying to do this.

    1. You want to surf anonymously and have the following installed:
    Technitium MAC Address Changer 5.0> allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver

    PeerBlock lets you control who your computer "talks to" on the Internet. By selecting appropriate lists of "known bad", you can block communication with advertising or spyware oriented servers, computers monitoring your p2p activities,

    Super Hide IP: > Let's you Surf anonymously by hiding your IP with a secure 128 Bit encrypted connection[/b]
    I can't help but wonder of these programs 'bump' into each other, while trying to 'hide' you.
    ====================================
    Did you set this up? Can you explain it to me please?
    uInternet Settings,ProxyServer = http=;ftp=;https=;
    ====================================
    There is a great amount of activity on 2/2, 2/3, 2/6, 2/7, 2/8. It looks like it was mostly codecs, video. Did your problem start after this? Were you trying to do a recovery or repair?

    ====================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ====================================
    Please use the link for Combofix below and follow each step:
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  6. littlebill

    littlebill TS Rookie Topic Starter

    Programs Deleted Successfully

    Did you set this up? Can you explain it to me please?
    uInternet Settings,ProxyServer = http=;ftp=;https=;

    No I didn't do this I have not a clue could it have come from a previous VMware setting it could be something he set up prior he was a programmer

    There is a great amount of activity on 2/2, 2/3, 2/6, 2/7, 2/8. It looks like it was mostly codecs, video. Did your problem start after this? Were you trying to do a recovery or repair?

    Uninstalled, multiple codec packages, Adobe reader, Macromedia flash & shockwave and some other unknown installer files from system32 multiple times through various methods to try and correct flash issue and svchost.exe error at startup also uninstalled All VSO products and reinstalled VSO ConvertxtoDVD3 if my memory serves me correctly I was also experiencing a pcoffin error at startup was saying pcoffin driver was missing even after running uninstaller it appears that problem was resolved by uninstalling pcoffin.sys through revo pro uninstaller thats the only explanation I can think of what was going on those dates.
    No. the problem was present even before those dates started around 1/16.
    Attempted to do a repair then updated system

    LOGS


    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=ddc1794039aaf5449b710f6b2e5a6a61
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-02-10 01:06:50
    # local_time=2011-02-09 08:06:50 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=3584 16777191 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=55908
    # found=0
    # cleaned=0
    # scan_time=8339



    ComboFix 11-02-09.02 - TRAVIS 02/09/2011 21:19:04.4.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.625 [GMT -5:00]
    Running from: c:\documents and settings\TRAVIS\My Documents\Downloads\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .

    ((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))
    .

    2011-02-09 22:43 . 2011-02-09 22:43 -------- d-----w- c:\program files\ESET
    2011-02-08 09:45 . 2011-02-08 10:12 -------- d-----w- c:\documents and settings\TRAVIS\Application Data\ElevatedDiagnostics
    2011-02-08 08:21 . 2011-02-08 08:21 -------- d-----w- c:\program files\Common Files\Java
    2011-02-08 08:20 . 2011-02-08 08:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-08 08:20 . 2011-02-08 08:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-08 08:19 . 2011-02-08 08:19 -------- d-----w- c:\program files\Java
    2011-02-07 01:09 . 2011-02-07 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2011-02-07 01:06 . 2011-02-07 01:06 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-02-07 01:06 . 2011-02-07 01:06 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-02-07 01:06 . 2011-02-07 01:06 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-02-07 01:04 . 2011-01-08 03:27 9888672 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
    2011-02-07 01:04 . 2011-01-08 03:27 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2011-02-07 01:04 . 2011-01-08 03:27 6397824 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
    2011-02-07 01:04 . 2011-01-08 03:27 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-02-07 01:01 . 2011-01-08 03:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2011-02-07 01:01 . 2011-01-08 03:27 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-02-07 01:01 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
    2011-02-07 01:01 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
    2011-02-07 01:01 . 2011-01-08 03:27 2292678 ----a-w- c:\windows\system32\nvdata.bin
    2011-02-07 01:01 . 2011-01-08 03:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-02-07 01:01 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-02-07 01:01 . 2011-01-08 03:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll
    2011-02-07 01:01 . 2011-01-08 03:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-02-07 01:01 . 2011-01-08 03:27 1958400 ----a-w- c:\windows\system32\nvapi.dll
    2011-02-07 01:01 . 2011-02-07 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
    2011-02-06 17:55 . 2011-02-06 17:58 -------- d-----w- c:\program files\winguard
    2011-02-06 17:55 . 2006-10-07 21:31 221184 ----a-w- c:\windows\system32\rspencr330.ocx
    2011-02-06 17:55 . 2006-02-13 06:22 933888 ----a-w- c:\windows\system32\SmartTabs29.ocx
    2011-02-06 08:18 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
    2011-02-06 08:18 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2011-02-06 08:18 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
    2011-02-06 08:18 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
    2011-02-06 08:18 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
    2011-02-06 08:18 . 2011-01-28 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
    2011-02-06 08:18 . 2011-02-06 08:19 -------- d-----w- c:\program files\K-Lite Codec Pack
    2011-02-06 04:55 . 2011-02-06 04:55 -------- d-----w- c:\windows\system32\Macromed
    2011-02-06 04:23 . 2011-02-06 04:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2011-02-06 04:12 . 2011-02-06 04:13 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\Deployment
    2011-02-06 04:00 . 2011-02-06 04:53 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\Google
    2011-02-06 04:00 . 2011-02-06 04:18 -------- d-----w- c:\program files\Google
    2011-02-03 20:47 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-02-03 20:47 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2011-02-03 20:46 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-02-03 20:45 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-02-03 20:41 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-02-03 09:55 . 2011-02-03 09:55 -------- d-----w- C:\NVIDIA
    2011-02-03 07:28 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
    2011-02-03 01:47 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2011-02-03 01:47 . 2009-07-31 15:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2011-02-03 01:42 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
    2011-02-03 01:41 . 2008-04-14 10:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
    2011-02-03 01:37 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-02-03 01:37 . 2010-12-20 23:59 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-02-03 01:37 . 2010-12-20 23:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-02-03 01:37 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-02-03 01:37 . 2010-12-20 23:59 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-02-03 01:37 . 2010-12-21 10:29 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-02-03 01:37 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-02-03 00:37 . 2011-02-07 12:17 -------- d-----w- c:\windows\system32\Adobe
    2011-02-02 23:51 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-02-02 23:51 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-02-02 23:50 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-02-02 23:49 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-02-02 23:47 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2011-02-02 23:47 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2011-02-02 23:47 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2011-02-02 23:47 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-02-02 23:47 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-02-02 23:47 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-02-02 23:47 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
    2011-02-02 23:47 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-02-02 23:47 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2011-02-02 23:46 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-02-02 23:46 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2011-02-02 23:46 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-02-02 23:46 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-02-02 23:46 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-02-02 18:54 . 2011-02-09 22:15 -------- d-----w- c:\documents and settings\TRAVIS\Application Data\Uniblue
    2011-02-02 11:42 . 2004-08-04 12:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
    2011-02-02 11:42 . 2004-08-04 12:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
    2011-02-02 11:42 . 2004-08-04 12:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
    2011-02-02 11:42 . 2004-08-04 12:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
    2011-02-02 11:42 . 2004-08-04 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
    2011-02-02 11:42 . 2004-08-04 12:00 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
    2011-02-02 11:40 . 2004-08-04 12:00 131584 -c--a-w- c:\windows\system32\dllcache\pmxviceo.dll
    2011-02-02 11:40 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\pmxmcro.dll
    2011-02-02 11:40 . 2008-04-14 00:10 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll
    2011-02-02 11:40 . 2008-04-13 16:43 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
    2011-02-02 11:40 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\pmxgl.dll
    2011-02-02 11:40 . 2008-04-14 00:10 53760 -c--a-w- c:\windows\system32\dllcache\pintlcsd.dll
    2011-02-02 11:40 . 2008-04-14 00:10 175104 -c--a-w- c:\windows\system32\dllcache\pintlcsa.dll
    2011-02-02 11:40 . 2008-04-14 00:10 15360 -c--a-w- c:\windows\system32\dllcache\padrs804.dll
    2011-02-02 11:40 . 2008-04-14 00:10 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll
    2011-02-02 11:40 . 2004-08-04 12:00 36927 -c--a-w- c:\windows\system32\dllcache\padrs411.dll
    2011-02-02 11:40 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\padrs412.dll
    2011-02-02 11:40 . 2001-08-18 03:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
    2011-02-02 11:40 . 2004-08-04 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
    2011-02-02 11:39 . 2004-08-04 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
    2011-02-02 11:39 . 2004-08-04 12:00 126976 -c--a-w- c:\windows\system32\dllcache\mshearts.exe
    2011-02-02 11:39 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
    2011-02-02 11:39 . 2004-08-04 12:00 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
    2011-02-02 11:36 . 2008-04-14 00:09 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
    2011-02-02 11:35 . 2004-08-04 12:00 780885 -c--a-w- c:\windows\system32\dllcache\chkrres.dll
    2011-02-02 11:03 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2011-02-02 11:03 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
    2011-02-02 11:02 . 2008-04-14 00:11 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
    2011-02-02 11:02 . 2008-04-14 00:12 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
    2011-02-02 11:02 . 2008-04-14 00:12 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
    2011-02-02 11:02 . 2008-04-14 00:12 214528 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
    2011-02-02 10:14 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2011-02-02 10:14 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
    2011-02-02 10:14 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2011-02-02 10:14 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2011-02-02 10:12 . 2011-02-08 19:38 -------- d--h--w- c:\documents and settings\Default User
    2011-02-01 07:13 . 2011-02-01 07:14 -------- d-----w- c:\program files\Common Files\Adobe
    2011-01-27 07:00 . 2011-01-27 07:00 -------- d-----w- c:\windows\UMStor
    2011-01-27 06:59 . 2011-01-27 06:59 161 ----a-w- c:\windows\DelToolbox.bat
    2011-01-26 04:08 . 2006-09-29 18:26 176165 ----a-w- c:\windows\system32\drv23260.dll
    2011-01-26 04:08 . 2006-09-29 18:25 208935 ----a-w- c:\windows\system32\drv33260.dll
    2011-01-26 04:08 . 2006-09-29 18:24 217127 ----a-w- c:\windows\system32\drv43260.dll
    2011-01-26 04:08 . 2006-05-20 22:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
    2011-01-26 04:08 . 2006-05-12 01:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
    2011-01-26 04:08 . 2004-05-04 17:53 1645320 ----a-w- c:\windows\gdiplus.dll
    2011-01-21 19:44 . 2011-01-21 19:44 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\SupportSoft
    2011-01-21 19:44 . 2011-01-21 19:44 -------- d-----w- c:\program files\Common Files\SupportSoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-27 10:57 . 2010-03-22 06:19 94208 ----a-w- c:\windows\system32\drivers\ezplay.sys
    2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-10 02:32 . 2011-01-10 02:32 45056 ----a-w- c:\windows\system32\UTSCSI.EXE
    2011-01-08 00:56 . 2011-01-08 00:56 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2011-01-08 00:56 . 2011-01-08 00:56 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-01-08 00:56 . 2011-01-08 00:56 277608 ----a-w- c:\windows\system32\nvmccs.dll
    2011-01-08 00:56 . 2011-01-08 00:56 156776 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-01-08 00:56 . 2011-01-08 00:56 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2011-01-08 00:56 . 2011-01-08 00:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-08 00:56 . 2011-01-08 00:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 23:09 . 2010-09-26 08:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-09-26 08:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-13 01:40 . 2010-12-13 01:40 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:38 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-11-18 18:12 . 2010-03-19 12:37 81920 ----a-w- c:\windows\system32\isign32.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\documents and settings\TRAVIS\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinGuard Pro"="c:\program files\winguard\wgpro7.exe" [2011-02-06 217088]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableLockWorkstation"= 1 (0x1)
    "DisableChangePassword"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Documents and Settings\\TRAVIS\\Application Data\\mjusbsp\\magicJack.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [10/26/2010 6:37 PM 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [10/26/2010 6:37 PM 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [1/21/2011 5:40 PM 691248]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [10/26/2010 6:37 PM 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [10/26/2010 6:37 PM 116784]
    R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [3/23/2010 5:36 AM 5152]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/26/2010 3:37 AM 363344]
    R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [10/26/2010 5:46 PM 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2011 5:36 AM 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110209.001\IDSXpx86.sys [2/9/2011 6:43 PM 341944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/26/2010 3:37 AM 20952]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/12/2010 8:40 PM 436792]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2011 11:18 PM 136176]
    S3 AM10;Cisco AM10 Driver;c:\windows\system32\drivers\AM10XP.sys [1/9/2011 9:32 PM 816672]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
    S3 SnowBird_usb;NBCHIP USB;c:\windows\system32\drivers\SnowBird_usb.sys [12/19/2010 3:01 AM 75717]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 04:17]

    2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 04:17]

    2011-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-854245398-2147074499-1004Core.job
    - c:\documents and settings\TRAVIS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-06 04:13]

    2011-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-854245398-2147074499-1004UA.job
    - c:\documents and settings\TRAVIS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-06 04:13]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = http=;ftp=;https=;
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-09 21:26
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(368)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\hnetcfg.dll
    .
    Completion time: 2011-02-09 21:36:46
    ComboFix-quarantined-files.txt 2011-02-10 02:36

    Pre-Run: 29,603,147,776 bytes free
    Post-Run: 29,584,134,144 bytes free

    Current=4 Default=4 Failed=0 LastKnownGood=3 Sets=1,2,3,4
    - - End Of File - - F57B6AD77922CB6BFCB724B6CA8360AE
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Eset scan is clean.

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    FileLook::
    c:\windows\system32\rspencr330.ocx
    c:\windows\system32\SmartTabs29.ocx
    DDS::
    uInternet Settings,ProxyServer = http=;ftp=;https=;
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    Registry::
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableLockWorkstation"=-
    "DisableChangePassword"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=-
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Recommend uninstall Uniblue Registry Booster.
    =====================
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  8. littlebill

    littlebill TS Rookie Topic Starter

    Okay think I deleted the entire Uniblue suite that has the Registry Booster App this time not finding any leftover files however it still could be there running in the background or in the registry I did attempt to remove it completely along with several specific files that were under Registry Booster Folders.

    Here are the Logs


    ComboFix 11-02-09.05 - TRAVIS 02/10/2011 19:33:26.5.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.464 [GMT -5:00]
    Running from: c:\documents and settings\TRAVIS\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\TRAVIS\Desktop\CFSCRIPT.txt
    AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .

    ((((((((((((((((((((((((( Files Created from 2011-01-11 to 2011-02-11 )))))))))))))))))))))))))))))))
    .

    2011-02-09 22:43 . 2011-02-09 22:43 -------- d-----w- c:\program files\ESET
    2011-02-08 09:45 . 2011-02-08 10:12 -------- d-----w- c:\documents and settings\TRAVIS\Application Data\ElevatedDiagnostics
    2011-02-08 08:21 . 2011-02-08 08:21 -------- d-----w- c:\program files\Common Files\Java
    2011-02-08 08:20 . 2011-02-08 08:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-08 08:20 . 2011-02-08 08:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-08 08:19 . 2011-02-08 08:19 -------- d-----w- c:\program files\Java
    2011-02-07 01:09 . 2011-02-07 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2011-02-07 01:06 . 2011-02-07 01:06 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-02-07 01:06 . 2011-02-07 01:06 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-02-07 01:06 . 2011-02-07 01:06 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-02-07 01:04 . 2011-01-08 03:27 9888672 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
    2011-02-07 01:04 . 2011-01-08 03:27 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2011-02-07 01:04 . 2011-01-08 03:27 6397824 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
    2011-02-07 01:04 . 2011-01-08 03:27 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-02-07 01:01 . 2011-01-08 03:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2011-02-07 01:01 . 2011-01-08 03:27 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-02-07 01:01 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
    2011-02-07 01:01 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
    2011-02-07 01:01 . 2011-01-08 03:27 2292678 ----a-w- c:\windows\system32\nvdata.bin
    2011-02-07 01:01 . 2011-01-08 03:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-02-07 01:01 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-02-07 01:01 . 2011-01-08 03:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll
    2011-02-07 01:01 . 2011-01-08 03:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-02-07 01:01 . 2011-01-08 03:27 1958400 ----a-w- c:\windows\system32\nvapi.dll
    2011-02-07 01:01 . 2011-02-07 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
    2011-02-06 17:55 . 2011-02-06 17:58 -------- d-----w- c:\program files\winguard
    2011-02-06 17:55 . 2006-10-07 21:31 221184 ----a-w- c:\windows\system32\rspencr330.ocx
    2011-02-06 17:55 . 2006-02-13 06:22 933888 ----a-w- c:\windows\system32\SmartTabs29.ocx
    2011-02-06 08:18 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
    2011-02-06 08:18 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2011-02-06 08:18 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
    2011-02-06 08:18 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
    2011-02-06 08:18 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
    2011-02-06 08:18 . 2011-01-28 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
    2011-02-06 08:18 . 2011-02-06 08:19 -------- d-----w- c:\program files\K-Lite Codec Pack
    2011-02-06 04:55 . 2011-02-06 04:55 -------- d-----w- c:\windows\system32\Macromed
    2011-02-06 04:23 . 2011-02-06 04:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2011-02-06 04:12 . 2011-02-06 04:13 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\Deployment
    2011-02-06 04:00 . 2011-02-06 04:53 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\Google
    2011-02-06 04:00 . 2011-02-06 04:18 -------- d-----w- c:\program files\Google
    2011-02-03 20:47 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-02-03 20:47 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2011-02-03 20:46 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-02-03 20:45 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-02-03 20:41 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-02-03 09:55 . 2011-02-03 09:55 -------- d-----w- C:\NVIDIA
    2011-02-03 07:28 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
    2011-02-03 01:47 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2011-02-03 01:47 . 2009-07-31 15:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2011-02-03 01:42 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
    2011-02-03 01:41 . 2008-04-14 10:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
    2011-02-03 01:37 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-02-03 01:37 . 2010-12-20 23:59 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-02-03 01:37 . 2010-12-20 23:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-02-03 01:37 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-02-03 01:37 . 2010-12-20 23:59 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-02-03 01:37 . 2010-12-21 10:29 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-02-03 01:37 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-02-03 00:37 . 2011-02-07 12:17 -------- d-----w- c:\windows\system32\Adobe
    2011-02-02 23:51 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-02-02 23:51 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-02-02 23:50 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-02-02 23:49 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-02-02 23:47 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2011-02-02 23:47 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2011-02-02 23:47 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2011-02-02 23:47 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-02-02 23:47 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-02-02 23:47 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-02-02 23:47 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
    2011-02-02 23:47 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-02-02 23:47 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2011-02-02 23:46 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-02-02 23:46 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2011-02-02 23:46 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-02-02 23:46 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-02-02 23:46 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-02-02 11:42 . 2004-08-04 12:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
    2011-02-02 11:42 . 2004-08-04 12:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
    2011-02-02 11:42 . 2004-08-04 12:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
    2011-02-02 11:42 . 2004-08-04 12:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
    2011-02-02 11:42 . 2004-08-04 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
    2011-02-02 11:42 . 2004-08-04 12:00 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
    2011-02-02 11:40 . 2004-08-04 12:00 131584 -c--a-w- c:\windows\system32\dllcache\pmxviceo.dll
    2011-02-02 11:40 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\pmxmcro.dll
    2011-02-02 11:40 . 2008-04-14 00:10 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll
    2011-02-02 11:40 . 2008-04-13 16:43 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
    2011-02-02 11:40 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\pmxgl.dll
    2011-02-02 11:40 . 2008-04-14 00:10 53760 -c--a-w- c:\windows\system32\dllcache\pintlcsd.dll
    2011-02-02 11:40 . 2008-04-14 00:10 175104 -c--a-w- c:\windows\system32\dllcache\pintlcsa.dll
    2011-02-02 11:40 . 2008-04-14 00:10 15360 -c--a-w- c:\windows\system32\dllcache\padrs804.dll
    2011-02-02 11:40 . 2008-04-14 00:10 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll
    2011-02-02 11:40 . 2004-08-04 12:00 36927 -c--a-w- c:\windows\system32\dllcache\padrs411.dll
    2011-02-02 11:40 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\padrs412.dll
    2011-02-02 11:40 . 2001-08-18 03:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
    2011-02-02 11:40 . 2004-08-04 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
    2011-02-02 11:39 . 2004-08-04 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
    2011-02-02 11:39 . 2004-08-04 12:00 126976 -c--a-w- c:\windows\system32\dllcache\mshearts.exe
    2011-02-02 11:39 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
    2011-02-02 11:39 . 2004-08-04 12:00 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
    2011-02-02 11:36 . 2008-04-14 00:09 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
    2011-02-02 11:35 . 2004-08-04 12:00 780885 -c--a-w- c:\windows\system32\dllcache\chkrres.dll
    2011-02-02 11:03 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2011-02-02 11:03 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
    2011-02-02 11:02 . 2008-04-14 00:11 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
    2011-02-02 11:02 . 2008-04-14 00:12 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
    2011-02-02 11:02 . 2008-04-14 00:12 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
    2011-02-02 11:02 . 2008-04-14 00:12 214528 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
    2011-02-02 10:14 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2011-02-02 10:14 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
    2011-02-02 10:14 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2011-02-02 10:14 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2011-02-02 10:12 . 2011-02-08 19:38 -------- d--h--w- c:\documents and settings\Default User
    2011-02-01 07:13 . 2011-02-01 07:14 -------- d-----w- c:\program files\Common Files\Adobe
    2011-01-27 07:00 . 2011-01-27 07:00 -------- d-----w- c:\windows\UMStor
    2011-01-27 06:59 . 2011-01-27 06:59 161 ----a-w- c:\windows\DelToolbox.bat
    2011-01-26 04:08 . 2006-09-29 18:26 176165 ----a-w- c:\windows\system32\drv23260.dll
    2011-01-26 04:08 . 2006-09-29 18:25 208935 ----a-w- c:\windows\system32\drv33260.dll
    2011-01-26 04:08 . 2006-09-29 18:24 217127 ----a-w- c:\windows\system32\drv43260.dll
    2011-01-26 04:08 . 2006-05-20 22:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
    2011-01-26 04:08 . 2006-05-12 01:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
    2011-01-26 04:08 . 2004-05-04 17:53 1645320 ----a-w- c:\windows\gdiplus.dll
    2011-01-21 19:44 . 2011-01-21 19:44 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\SupportSoft
    2011-01-21 19:44 . 2011-01-21 19:44 -------- d-----w- c:\program files\Common Files\SupportSoft
    2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-10 02:32 . 2011-01-10 02:32 45056 ----a-w- c:\windows\system32\UTSCSI.EXE
    2011-01-08 00:56 . 2011-01-08 00:56 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2011-01-08 00:56 . 2011-01-08 00:56 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-01-08 00:56 . 2011-01-08 00:56 277608 ----a-w- c:\windows\system32\nvmccs.dll
    2011-01-08 00:56 . 2011-01-08 00:56 156776 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-01-08 00:56 . 2011-01-08 00:56 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2011-01-08 00:56 . 2011-01-08 00:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-08 00:56 . 2011-01-08 00:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:38 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-11-18 18:12 . 2010-03-19 12:37 81920 ----a-w- c:\windows\system32\isign32.dll
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    --- c:\windows\system32\rspencr330.ocx ---
    Company: RSP Software - http://rspsoftware.clic3.net
    File Description: AES RC4 Encryption OCX
    File Version: 3.03
    Product Name: RSP Encrypt OCX 3.3.0
    Copyright: RSP Software 2005
    Original Filename: rspencr330.ocx
    File size: 221184
    Created time: 2011-02-06 17:55
    Modified time: 2006-10-07 21:31
    MD5: 1FA6A26122C72EC9655C21E5899BFED9
    SHA1: 2B659F47061E9C42C46039C4D795A226A1B190BE


    --- c:\windows\system32\SmartTabs29.ocx ---
    Company: Adroit Technologies
    File Description: Smart Tabbed Dialog Control [ActiveX]
    File Version: 2.09.0014
    Product Name: Smart Tabbed Dialog Control
    Copyright: (c) 2003-2006 Adroit Technologies
    Original Filename: SmartTabs29.ocx
    File size: 933888
    Created time: 2011-02-06 17:55
    Modified time: 2006-02-13 06:22
    MD5: 87984BEEAA14A131E588179E7C359AED
    SHA1: 815DDB6A3EDF7133294C05702744F54D5A8A439C


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\documents and settings\TRAVIS\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinGuard Pro"="c:\program files\winguard\wgpro7.exe" [2011-02-06 217088]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Documents and Settings\\TRAVIS\\Application Data\\mjusbsp\\magicJack.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [10/26/2010 6:37 PM 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [10/26/2010 6:37 PM 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [1/21/2011 5:40 PM 691248]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [10/26/2010 6:37 PM 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [10/26/2010 6:37 PM 116784]
    R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [3/23/2010 5:36 AM 5152]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/26/2010 3:37 AM 363344]
    R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [10/26/2010 5:46 PM 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2011 5:36 AM 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110210.001\IDSXpx86.sys [2/10/2011 5:42 PM 341944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/26/2010 3:37 AM 20952]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/12/2010 8:40 PM 436792]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2011 11:18 PM 136176]
    S3 AM10;Cisco AM10 Driver;c:\windows\system32\drivers\AM10XP.sys [1/9/2011 9:32 PM 816672]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
    S3 SnowBird_usb;NBCHIP USB;c:\windows\system32\drivers\SnowBird_usb.sys [12/19/2010 3:01 AM 75717]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 04:17]

    2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 04:17]

    2011-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-854245398-2147074499-1004Core.job
    - c:\documents and settings\TRAVIS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-06 04:13]

    2011-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-854245398-2147074499-1004UA.job
    - c:\documents and settings\TRAVIS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-06 04:13]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-10 19:40
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(152)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\hnetcfg.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-02-10 21:18:22
    ComboFix-quarantined-files.txt 2011-02-11 02:18
    ComboFix2.txt 2011-02-10 02:36

    Pre-Run: 29,581,168,640 bytes free
    Post-Run: 29,569,380,352 bytes free

    Current=4 Default=4 Failed=0 LastKnownGood=3 Sets=1,2,3,4
    - - End Of File - - 8BC773D13B1D22C1C58404D1A243EDF3



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:25:44 PM, on 2/10/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UTSCSI.EXE
    C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files\winguard\wgpro7.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\TRAVIS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TRAVIS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\DOCUME~1\TRAVIS\LOCALS~1\Temp\Rar$EX00.421\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [WinGuard Pro] C:\Program Files\winguard\wgpro7.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\TRAVIS\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

    --
    End of file - 6943 bytes
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Per PM, any left over entries for programs you uninstall witll show up in Combofix. I will remove them with script- including Registry entries Uninstall the Uniblue Registry Cleaner. Did you want to keep SpyEraser?

    Let me know of any other programs you uninstalled, so I can include their 'left overs' if any.
     
  10. littlebill

    littlebill TS Rookie Topic Starter

    Yes I did want to keep it (spy eraser). I think it was deleted (registry booster)&(spy eraser) it was part of the uniblue power suite (I deleted it from your earlier response)which included registry booster, speed up my pc, and spy eraser.
    These things I uninstalled prior HDD Regenerator 1.71, Nero 7 Premium 7.10.1.0, Satsuki Codec Pack Along with several other Codecs, Divx Player, Windows Media Player Classic, Adobe Macromedia Flash (replaced), Shockwave Player (replaced), AIR, Acrobat, and Reader, AVS Video Converter, VMware player 3.0.1, Back Track 4, Ad-Aware 2007,Uniblue Driver Scanner, pcoffin and pcoffin.sys, (VSO CopyToDVD, ConvertXToDVD, BlindWrite, PhototoDVD, Image Resizer,VSO Inspector, LeapFrog, Producer Tools, Mp4 converter, Windows Movie Maker (had Problems with this one crashing during conversion not completing) then all conversions programs failed while running conversion of any format software starts conversion then disappears and stops converting Had a problem with MS Paint it crashed all files were trying to open under MS paint so it was deleted as a temp fix to that problem I then installed Advance Paint

    I got this Error yesterday when running the Combofix. PEV.cfxxe has encountered a problem and needs to close. Next PEV.cfxxe.exe has generated errors and will be closed by windows you will need to restart the program.
    So today I copied the CFscript and ran the combofix again to no prevail got the exact same error mssgs here is a copy of the Combofix Log

    ComboFix 11-02-11.01 - TRAVIS 02/11/2011 21:58:21.6.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.417 [GMT -5:00]
    Running from: c:\documents and settings\TRAVIS\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\TRAVIS\Desktop\CFScript.txt
    AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    /wow section - STAGE 48
    The system cannot find the path specified.
    The process cannot access the file because it is being used by another process.
    The process cannot access the file because it is being used by another process.
    The process cannot access the file because it is being used by another process.
    The process cannot access the file because it is being used by another process.
    The process cannot access the file because it is being used by another process.
    The process cannot access the file because it is being used by another process.
    The process cannot access the file because it is being used by another process.
    The process cannot access the file because it is being used by another process.
    The process cannot access the file because it is being used by another process.
    The process cannot access the file because it is being used by another process.

    /wow section not completed

    ((((((((((((((((((((((((( Files Created from 2011-01-12 to 2011-02-12 )))))))))))))))))))))))))))))))
    .

    2011-02-09 22:43 . 2011-02-09 22:43 -------- d-----w- c:\program files\ESET
    2011-02-08 09:45 . 2011-02-08 10:12 -------- d-----w- c:\documents and settings\TRAVIS\Application Data\ElevatedDiagnostics
    2011-02-08 08:21 . 2011-02-08 08:21 -------- d-----w- c:\program files\Common Files\Java
    2011-02-08 08:20 . 2011-02-08 08:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-08 08:20 . 2011-02-08 08:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-08 08:19 . 2011-02-08 08:19 -------- d-----w- c:\program files\Java
    2011-02-07 01:09 . 2011-02-07 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2011-02-07 01:06 . 2011-02-07 01:06 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-02-07 01:06 . 2011-02-07 01:06 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-02-07 01:06 . 2011-02-07 01:06 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-02-07 01:04 . 2011-01-08 03:27 9888672 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
    2011-02-07 01:04 . 2011-01-08 03:27 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2011-02-07 01:04 . 2011-01-08 03:27 6397824 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
    2011-02-07 01:04 . 2011-01-08 03:27 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-02-07 01:01 . 2011-01-08 03:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2011-02-07 01:01 . 2011-01-08 03:27 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-02-07 01:01 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
    2011-02-07 01:01 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
    2011-02-07 01:01 . 2011-01-08 03:27 2292678 ----a-w- c:\windows\system32\nvdata.bin
    2011-02-07 01:01 . 2011-01-08 03:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-02-07 01:01 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-02-07 01:01 . 2011-01-08 03:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll
    2011-02-07 01:01 . 2011-01-08 03:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-02-07 01:01 . 2011-01-08 03:27 1958400 ----a-w- c:\windows\system32\nvapi.dll
    2011-02-07 01:01 . 2011-02-07 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
    2011-02-06 17:55 . 2011-02-11 22:19 -------- d-----w- c:\program files\winguard
    2011-02-06 17:55 . 2006-10-07 21:31 221184 ----a-w- c:\windows\system32\rspencr330.ocx
    2011-02-06 17:55 . 2006-02-13 06:22 933888 ----a-w- c:\windows\system32\SmartTabs29.ocx
    2011-02-06 08:18 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
    2011-02-06 08:18 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2011-02-06 08:18 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
    2011-02-06 08:18 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
    2011-02-06 08:18 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
    2011-02-06 08:18 . 2011-01-28 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
    2011-02-06 08:18 . 2011-02-06 08:19 -------- d-----w- c:\program files\K-Lite Codec Pack
    2011-02-06 04:55 . 2011-02-06 04:55 -------- d-----w- c:\windows\system32\Macromed
    2011-02-06 04:23 . 2011-02-06 04:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2011-02-06 04:12 . 2011-02-06 04:13 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\Deployment
    2011-02-06 04:00 . 2011-02-06 04:53 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\Google
    2011-02-06 04:00 . 2011-02-06 04:18 -------- d-----w- c:\program files\Google
    2011-02-03 20:47 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-02-03 20:47 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2011-02-03 20:46 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-02-03 20:45 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-02-03 20:41 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-02-03 09:55 . 2011-02-03 09:55 -------- d-----w- C:\NVIDIA
    2011-02-03 07:28 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
    2011-02-03 01:47 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2011-02-03 01:47 . 2009-07-31 15:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2011-02-03 01:42 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
    2011-02-03 01:41 . 2008-04-14 10:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
    2011-02-03 01:37 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-02-03 01:37 . 2010-12-20 23:59 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-02-03 01:37 . 2010-12-20 23:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-02-03 01:37 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-02-03 01:37 . 2010-12-20 23:59 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-02-03 01:37 . 2010-12-21 10:29 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-02-03 01:37 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-02-03 00:37 . 2011-02-07 12:17 -------- d-----w- c:\windows\system32\Adobe
    2011-02-02 23:51 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-02-02 23:51 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-02-02 23:50 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-02-02 23:49 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-02-02 23:47 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2011-02-02 23:47 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2011-02-02 23:47 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2011-02-02 23:47 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-02-02 23:47 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-02-02 23:47 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-02-02 23:47 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
    2011-02-02 23:47 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-02-02 23:47 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2011-02-02 23:46 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-02-02 23:46 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2011-02-02 23:46 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-02-02 23:46 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-02-02 23:46 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-02-02 11:42 . 2004-08-04 12:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
    2011-02-02 11:42 . 2004-08-04 12:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
    2011-02-02 11:42 . 2004-08-04 12:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
    2011-02-02 11:42 . 2004-08-04 12:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
    2011-02-02 11:42 . 2004-08-04 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
    2011-02-02 11:42 . 2004-08-04 12:00 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
    2011-02-02 11:40 . 2004-08-04 12:00 131584 -c--a-w- c:\windows\system32\dllcache\pmxviceo.dll
    2011-02-02 11:40 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\pmxmcro.dll
    2011-02-02 11:40 . 2008-04-14 00:10 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll
    2011-02-02 11:40 . 2008-04-13 16:43 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
    2011-02-02 11:40 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\pmxgl.dll
    2011-02-02 11:40 . 2008-04-14 00:10 53760 -c--a-w- c:\windows\system32\dllcache\pintlcsd.dll
    2011-02-02 11:40 . 2008-04-14 00:10 175104 -c--a-w- c:\windows\system32\dllcache\pintlcsa.dll
    2011-02-02 11:40 . 2008-04-14 00:10 15360 -c--a-w- c:\windows\system32\dllcache\padrs804.dll
    2011-02-02 11:40 . 2008-04-14 00:10 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll
    2011-02-02 11:40 . 2004-08-04 12:00 36927 -c--a-w- c:\windows\system32\dllcache\padrs411.dll
    2011-02-02 11:40 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\padrs412.dll
    2011-02-02 11:40 . 2001-08-18 03:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
    2011-02-02 11:40 . 2004-08-04 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
    2011-02-02 11:39 . 2004-08-04 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
    2011-02-02 11:39 . 2004-08-04 12:00 126976 -c--a-w- c:\windows\system32\dllcache\mshearts.exe
    2011-02-02 11:39 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
    2011-02-02 11:39 . 2004-08-04 12:00 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
    2011-02-02 11:36 . 2008-04-14 00:09 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
    2011-02-02 11:35 . 2004-08-04 12:00 780885 -c--a-w- c:\windows\system32\dllcache\chkrres.dll
    2011-02-02 11:03 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2011-02-02 11:03 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
    2011-02-02 11:02 . 2008-04-14 00:11 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
    2011-02-02 11:02 . 2008-04-14 00:12 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
    2011-02-02 11:02 . 2008-04-14 00:12 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
    2011-02-02 11:02 . 2008-04-14 00:12 214528 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
    2011-02-02 10:14 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2011-02-02 10:14 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
    2011-02-02 10:14 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2011-02-02 10:14 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2011-02-02 10:12 . 2011-02-08 19:38 -------- d--h--w- c:\documents and settings\Default User
    2011-02-01 07:13 . 2011-02-01 07:14 -------- d-----w- c:\program files\Common Files\Adobe
    2011-01-27 07:00 . 2011-01-27 07:00 -------- d-----w- c:\windows\UMStor
    2011-01-27 06:59 . 2011-01-27 06:59 161 ----a-w- c:\windows\DelToolbox.bat
    2011-01-26 04:08 . 2006-09-29 18:26 176165 ----a-w- c:\windows\system32\drv23260.dll
    2011-01-26 04:08 . 2006-09-29 18:25 208935 ----a-w- c:\windows\system32\drv33260.dll
    2011-01-26 04:08 . 2006-09-29 18:24 217127 ----a-w- c:\windows\system32\drv43260.dll
    2011-01-26 04:08 . 2006-05-20 22:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
    2011-01-26 04:08 . 2006-05-12 01:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
    2011-01-26 04:08 . 2004-05-04 17:53 1645320 ----a-w- c:\windows\gdiplus.dll
    2011-01-21 19:44 . 2011-01-21 19:44 -------- d-----w- c:\documents and settings\TRAVIS\Local Settings\Application Data\SupportSoft
    2011-01-21 19:44 . 2011-01-21 19:44 -------- d-----w- c:\program files\Common Files\SupportSoft
    2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-27 10:57 . 2010-03-22 06:19 94208 ----a-w- c:\windows\system32\drivers\ezplay.sys
    2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-10 02:32 . 2011-01-10 02:32 45056 ----a-w- c:\windows\system32\UTSCSI.EXE
    2011-01-08 00:56 . 2011-01-08 00:56 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2011-01-08 00:56 . 2011-01-08 00:56 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-01-08 00:56 . 2011-01-08 00:56 277608 ----a-w- c:\windows\system32\nvmccs.dll
    2011-01-08 00:56 . 2011-01-08 00:56 156776 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-01-08 00:56 . 2011-01-08 00:56 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2011-01-08 00:56 . 2011-01-08 00:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-08 00:56 . 2011-01-08 00:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 23:09 . 2010-09-26 08:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-09-26 08:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-13 01:40 . 2010-12-13 01:40 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:38 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-11-18 18:12 . 2010-03-19 12:37 81920 ----a-w- c:\windows\system32\isign32.dll
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    --- c:\windows\system32\rspencr330.ocx ---
    Company: RSP Software - http://rspsoftware.clic3.net
    File Description: AES RC4 Encryption OCX
    File Version: 3.03
    Product Name: RSP Encrypt OCX 3.3.0
    Copyright: RSP Software 2005
    Original Filename: rspencr330.ocx
    File size: 221184
    Created time: 2011-02-06 17:55
    Modified time: 2006-10-07 21:31
    MD5: 1FA6A26122C72EC9655C21E5899BFED9
    SHA1: 2B659F47061E9C42C46039C4D795A226A1B190BE


    --- c:\windows\system32\SmartTabs29.ocx ---
    Company: Adroit Technologies
    File Description: Smart Tabbed Dialog Control [ActiveX]
    File Version: 2.09.0014
    Product Name: Smart Tabbed Dialog Control
    Copyright: (c) 2003-2006 Adroit Technologies
    Original Filename: SmartTabs29.ocx
    File size: 933888
    Created time: 2011-02-06 17:55
    Modified time: 2006-02-13 06:22
    MD5: 87984BEEAA14A131E588179E7C359AED
    SHA1: 815DDB6A3EDF7133294C05702744F54D5A8A439C


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\documents and settings\TRAVIS\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinGuard Pro"="c:\program files\winguard\wgpro7.exe" [2011-02-06 217088]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Documents and Settings\\TRAVIS\\Application Data\\mjusbsp\\magicJack.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [10/26/2010 6:37 PM 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [10/26/2010 6:37 PM 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [1/21/2011 5:40 PM 691248]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [10/26/2010 6:37 PM 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [10/26/2010 6:37 PM 116784]
    R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [3/23/2010 5:36 AM 5152]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/26/2010 3:37 AM 363344]
    R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [10/26/2010 5:46 PM 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2011 5:36 AM 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110211.002\IDSXpx86.sys [2/11/2011 8:30 PM 341944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/26/2010 3:37 AM 20952]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/12/2010 8:40 PM 436792]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2011 11:18 PM 136176]
    S3 AM10;Cisco AM10 Driver;c:\windows\system32\drivers\AM10XP.sys [1/9/2011 9:32 PM 816672]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
    S3 SnowBird_usb;NBCHIP USB;c:\windows\system32\drivers\SnowBird_usb.sys [12/19/2010 3:01 AM 75717]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 04:17]

    2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 04:17]

    2011-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-854245398-2147074499-1004Core.job
    - c:\documents and settings\TRAVIS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-06 04:13]

    2011-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-854245398-2147074499-1004UA.job
    - c:\documents and settings\TRAVIS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-06 04:13]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-11 22:05
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(188)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\hnetcfg.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-02-11 22:12:04
    ComboFix-quarantined-files.txt 2011-02-12 03:11
    ComboFix2.txt 2011-02-11 02:18
    ComboFix3.txt 2011-02-10 02:36

    Pre-Run: 29,544,914,944 bytes free
    Post-Run: 29,526,986,752 bytes free

    Current=4 Default=4 Failed=0 LastKnownGood=3 Sets=1,2,3,4
    - - End Of File - - 2FC3B8F55D8A8757D17429E4A5A3CAE6
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    That error message was just a 'Combofix thing.' The script wouldn't work again because the processes had been removed.

    Your logs look fine- is there any reason you still suspect infection? One thing I will mention is that you have a lot of unneeded processes running in the background. When you get a chance, take a look at the Startup Menu- the only processes that need to start on boot are the AV,F/W, touchpad if on laptop and network process if using Pure/Cisco Networks>>> nothing else!

    You have very many Nvidia-related processes running. Are you actually always using them? And if I didn't do this earlier, I will warn you about file sharing:
    c:\\Program Files\\Vuze\\Azureus.exe
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall Vuze/Azureus for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...