PDA

View Full Version : I caught a nasty bug... help please!



mcgilacoty
2010-04-19, 08:10
I caught something somewhere but I have no clue what it is. I tried a series of scanners etc to fix the problem (as recommended by another forum). I was using norton internet security when it hit. I installed avg when I thought it was fixed but it came back. I think the bug is mostly gone but I'm not for sure. However, when I try to update some of my drivers I get an error message that says I don't have access. Then I get the wonderful BSOD on restart. I've used combofix, smitfraud, sdfix, malwarebytes, etc. etc. I finally installed vipre and that seemed to take care of most of the problem, but there still seems to be some residual effects. I'm at my wits end. Please help. Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:55:04, on 4/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [NvRegisterMCTrayNview] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvMCRegisterApp c:\progra~1\NVIDIA~1\nview\nView.dll
O4 - HKLM\..\RunOnce: [NvRegisterMCTray] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvMCRegisterApp C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\RunOnce: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\TuneRaft\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\TuneRaft\YouTubeRipper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} (Reuters PlusWeb Excel Macro 1,5,0,9) - https://www.wm-mobile.ubs.com/md/plugin/excel_mobil/excel.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1271650456750
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: VIPRE Antivirus (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6731 bytes

Cypher
2010-04-29, 13:48
Hi and welcome to Safer Networking Forums, Sorry for the delay in answering your request for help.
We have had more logs than we could handle in a timely manner.
My name is Cypher, and I will be helping you with your malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Back up your files (http://windows.microsoft.com/en-us/windows7/Back-up-your-files)

please note the following important guidelines.

The instructions being given are for YOUR computer and system only!.
Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
If you don't know or understand something, please don't hesitate to ask.
Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
Absence of symptoms does not mean that everything is clear.
Please DO NOT run any other tools or scans whilst I am helping you.
Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
The logs from the tools we use can take some time to research so please be patient.


If you haven't done so already, please read this topic READ this Procedure BEFORE Requesting Assistance (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.


I've used combofix, smitfraud, sdfix, malwarebytes, etc. etc. I finally installed vipre and that seemed to take care of most of the problem
You should not be running powerfull tools like combofix unsupervised, used incorectly such applications could leave you're PC unbootable.

Please post the ComboFix log in you're next reply, it can be found at C:\ComboFix.txt .

Next.

Please post an Uninstall list.

Open HijackThis.
Click on the Open the Misc Tools section button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please post this log in your next reply.



Logs/Information to Post in your Next Reply


ComboFix.txt log.
Uninstall list.
Please give me an update on your computers performance.

mcgilacoty
2010-04-29, 17:11
ComboFix 10-04-17.07 - Preston 04/18/2010 17:34:22.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1580 [GMT -5:00]
Running from: c:\documents and settings\Preston\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\SETD1.tmp
c:\program files\Internet Explorer\SETD6.tmp

.
((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-18 22:13 . 2010-04-18 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-04-18 22:13 . 2007-12-05 06:41 35328 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-18 22:13 . 2007-12-05 06:41 35328 ----a-w- c:\windows\system32\nvcod.dll
2010-04-18 22:13 . 2007-12-05 06:41 6901760 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-18 22:12 . 2007-12-05 06:41 1089536 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-18 22:12 . 2007-12-05 06:41 385024 ----a-w- c:\windows\system32\nvapi.dll
2010-04-18 22:12 . 2007-12-05 06:41 5773568 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-18 22:12 . 2007-12-05 06:41 7435392 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-04-18 22:12 . 2010-04-18 22:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-18 22:11 . 2010-04-18 22:12 -------- dc-h--w- c:\windows\ie8
2010-04-18 22:08 . 2008-07-08 13:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-04-18 22:08 . 2006-03-22 06:21 10240 ----a-r- c:\windows\system32\bdco1ins.dll
2010-04-18 22:08 . 2006-03-14 13:45 35840 ----a-r- c:\windows\system32\nvconrm.dll
2010-04-18 22:08 . 2006-03-22 06:24 18944 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2010-04-18 22:08 . 2006-03-22 06:23 1068800 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2010-04-18 22:08 . 2006-03-22 06:21 10240 ----a-r- c:\windows\system32\bdco1.dll
2010-04-18 22:08 . 2010-04-18 22:08 -------- d-----w- C:\58209d509bb6c760d0
2010-04-18 22:07 . 2007-04-17 02:46 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys
2010-04-18 11:00 . 2010-04-18 11:00 -------- d-----w- c:\program files\VS Revo Group
2010-04-18 07:28 . 2010-01-05 09:40 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-04-18 07:28 . 2010-01-05 09:40 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-04-18 07:24 . 2010-04-18 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-04-18 07:24 . 2010-04-18 07:24 -------- d-----w- c:\documents and settings\Preston\Application Data\Sunbelt
2010-04-18 07:22 . 2010-02-22 01:30 85080 ----a-w- c:\windows\system32\drivers\sbhips.sys
2010-04-18 07:22 . 2010-02-22 01:30 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys
2010-04-18 07:22 . 2010-04-18 07:22 -------- d-----w- c:\program files\Sunbelt Software
2010-04-18 04:40 . 2010-04-18 04:40 146579236 ----a-w- C:\registrybackup.reg
2010-04-17 12:35 . 2008-04-13 16:39 142592 -c--a-w- c:\windows\system32\dllcache\aec.sys
2010-04-17 12:35 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-04-15 07:02 . 2010-04-15 08:35 -------- d-----w- C:\f0b6fdfa5c5738b47c
2010-04-15 06:53 . 2010-04-15 06:53 -------- d-----w- c:\documents and settings\Preston\Application Data\MSNInstaller
2010-04-15 06:44 . 2010-04-15 06:44 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-04-15 06:43 . 2010-04-15 06:43 -------- d-----w- c:\documents and settings\Preston\Application Data\Uniblue
2010-04-15 06:09 . 2010-04-15 06:09 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Mozilla
2010-04-15 06:05 . 2010-04-15 06:05 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Downloaded Installations
2010-04-15 04:23 . 2010-04-15 04:23 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-04-15 03:44 . 2010-04-15 03:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-13 12:14 . 2010-04-13 12:14 -------- d-----w- c:\windows\Options
2010-04-12 04:22 . 2010-04-12 04:22 -------- d-----w- c:\documents and settings\Preston\Application Data\Malwarebytes
2010-04-12 04:21 . 2010-04-12 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-09 15:01 . 2010-04-09 15:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-08 02:30 . 2010-04-08 02:30 503808 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\msvcp71.dll
2010-04-08 02:30 . 2010-04-08 02:30 499712 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\jmc.dll
2010-04-08 02:30 . 2010-04-08 02:30 348160 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\msvcr71.dll
2010-04-08 02:30 . 2010-04-08 02:30 61440 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6421359f-n\decora-sse.dll
2010-04-08 02:30 . 2010-04-08 02:30 12800 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6421359f-n\decora-d3d.dll
2010-04-07 16:20 . 2010-04-07 16:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-04-07 00:12 . 2010-04-07 00:12 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-04-06 23:35 . 2010-04-06 23:35 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-04-06 23:35 . 2010-04-06 23:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-06 18:02 . 2010-04-15 03:42 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-06 18:02 . 2010-04-06 18:02 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-06 18:02 . 2010-04-06 18:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 22:13 . 2007-02-13 08:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-18 22:08 . 2007-02-13 17:27 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-18 21:48 . 2008-03-27 20:54 -------- d-----w- c:\program files\Steam
2010-04-18 10:05 . 2009-07-21 06:21 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-04-18 09:53 . 2009-11-02 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-17 06:03 . 2008-03-24 22:46 -------- d-----w- c:\documents and settings\Preston\Application Data\SolidWorks
2010-04-16 21:03 . 2004-08-04 12:00 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2010-04-15 06:34 . 2007-02-13 07:32 -------- d-----w- c:\program files\AMD
2010-04-15 03:42 . 2007-03-01 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-13 12:19 . 2007-05-05 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-13 12:17 . 2007-05-14 05:46 -------- d-----w- c:\documents and settings\Preston\Application Data\ICAClient
2010-04-13 12:15 . 2007-02-20 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-04-10 06:06 . 2007-02-13 08:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-10 06:06 . 2007-02-13 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-10 06:05 . 2007-04-17 09:06 40 ----a-w- c:\windows\system32\profile.dat
2010-04-08 02:37 . 2007-04-04 08:16 -------- d--h--w- c:\documents and settings\Preston\Application Data\Move Networks
2010-03-09 09:28 . 2009-07-09 08:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 02:39 . 2010-02-22 02:39 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-02-16 14:08 . 2004-08-04 12:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2007-02-13 09:43 . 2007-02-13 09:43 35302248 -c--a-w- c:\program files\5.05.25.00_ntune_winxp_international.exe
.

<pre>
c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\Creative\MediaSource\Detector\ctdetect .exe
c:\program files\Creative\Shared Files\Module Loader\dllml .exe
c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\ctdvddet .exe
c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\volpanel .exe
c:\program files\NVIDIA Corporation\nTune\ntunecmd .exe
</pre>

------- Sigcheck -------

[-] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\SoftwareDistribution\Download\fd907694b9730bf0b6b92a6dbc2f96ef\sp3gdr\mshtml.dll
[-] 2010-03-11 . 9289EBB759293A1381AB0C326A115AEC . 3602944 . . [7.00.6000.21228] . . c:\windows\SoftwareDistribution\Download\fd907694b9730bf0b6b92a6dbc2f96ef\sp3qfe\mshtml.dll
[7] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\SoftwareDistribution\Download\bf853aeb396b834ced5a417bda2c636f\SP3GDR\mshtml.dll
[7] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[7] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\SoftwareDistribution\Download\bf853aeb396b834ced5a417bda2c636f\SP3QFE\mshtml.dll
[7] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-22 . A6CF28C6E0B6D10098AB601D85EE55E8 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[7] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\mshtml.dll
[7] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\mshtml.dll
[7] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[7] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[7] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[7] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[7] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[7] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[7] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[7] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[7] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[7] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\ie8\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\system32\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB925454$\mshtml.dll

[-] 2010-03-11 . B6AB2EB1DA4BB29079B84AC842520670 . 832512 . . [7.00.6000.17023] . . c:\windows\SoftwareDistribution\Download\fd907694b9730bf0b6b92a6dbc2f96ef\sp3gdr\wininet.dll
[-] 2010-03-11 . 7F6A9D2F3CAA7780AAFD478BF3411462 . 841216 . . [7.00.6000.21228] . . c:\windows\SoftwareDistribution\Download\fd907694b9730bf0b6b92a6dbc2f96ef\sp3qfe\wininet.dll
[7] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\SoftwareDistribution\Download\bf853aeb396b834ced5a417bda2c636f\SP3GDR\wininet.dll
[7] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\SoftwareDistribution\Download\bf853aeb396b834ced5a417bda2c636f\SP3QFE\wininet.dll
[7] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[7] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[7] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-03-07 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\ie8\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\system32\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\system32\dllcache\wininet.dll
[7] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB925454$\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-04-18_10.38.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00 . 2006-10-19 02:47 99840 c:\windows\system32\wmpshell.dll
+ 2010-04-18 22:08 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll
- 2010-04-17 10:09 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll
+ 2010-04-18 22:12 . 2007-12-05 06:41 81920 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvwddi.dll
+ 2010-04-18 22:12 . 2007-12-05 06:41 81920 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvmctray.dll
+ 2010-04-18 22:12 . 2007-12-05 06:41 35328 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvcod.dll
+ 2010-04-18 22:08 . 2006-03-22 06:24 18944 c:\windows\system32\ReinstallBackups\0013\DriverFiles\nvnetbus.sys
+ 2010-04-18 22:08 . 2006-03-14 13:45 35840 c:\windows\system32\ReinstallBackups\0013\DriverFiles\nvconrm.dll
+ 2010-04-18 22:08 . 2006-03-22 06:21 10240 c:\windows\system32\ReinstallBackups\0013\DriverFiles\bdco1.dll
+ 2010-04-18 22:07 . 2008-04-13 18:31 35840 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\processr.sys
+ 2010-01-12 17:03 . 2010-01-12 17:03 61440 c:\windows\system32\OpenCL.dll
- 2006-12-21 17:29 . 2007-12-05 06:41 81920 c:\windows\system32\nvwddi.dll
+ 2010-01-12 03:17 . 2010-01-12 03:17 81920 c:\windows\system32\nvwddi.dll
+ 2009-03-08 09:31 . 2009-03-08 09:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 09:31 . 2009-03-08 09:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 09:31 . 2009-03-08 09:31 59904 c:\windows\system32\icardie.dll
+ 2004-08-04 12:00 . 2006-10-19 02:47 99840 c:\windows\system32\dllcache\wmpshell.dll
+ 2007-02-13 07:06 . 2006-10-19 02:46 64000 c:\windows\system32\dllcache\wmplayer.exe
+ 2007-02-13 07:06 . 2006-10-19 02:47 96256 c:\windows\system32\dllcache\wmpband.dll
+ 2010-04-18 22:12 . 2010-04-18 22:12 49664 c:\windows\Installer\d3211.msi
+ 2010-04-18 22:11 . 2004-08-04 12:00 37888 c:\windows\ie8\url.dll
+ 2010-04-18 22:12 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-04-18 22:11 . 2006-10-23 15:34 39424 c:\windows\ie8\pngfilt.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 96256 c:\windows\ie8\occache.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 56832 c:\windows\ie8\mshtmler.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 29184 c:\windows\ie8\mshta.exe
+ 2010-04-18 22:11 . 2009-04-29 04:55 52224 c:\windows\ie8\msfeedsbs.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 22016 c:\windows\ie8\licmgr10.dll
+ 2010-04-18 22:11 . 2006-10-23 15:34 15872 c:\windows\ie8\jsproxy.dll
+ 2010-04-18 22:11 . 2006-10-23 15:34 96256 c:\windows\ie8\inseng.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 35840 c:\windows\ie8\imgutil.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 93184 c:\windows\ie8\iexplore.exe
+ 2010-04-18 22:11 . 2004-08-04 12:00 62976 c:\windows\ie8\iesetup.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 48640 c:\windows\ie8\iernonce.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 81920 c:\windows\ie8\ieencode.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 34304 c:\windows\ie8\ie4uinit.exe
+ 2010-04-18 22:11 . 2009-04-29 04:55 63488 c:\windows\ie8\icardie.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 38912 c:\windows\ie8\hmmapi.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 35328 c:\windows\ie8\corpol.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 99840 c:\windows\ie8\advpack.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 61440 c:\windows\ie8\admparse.dll
+ 2004-08-04 12:00 . 2006-10-19 02:47 7168 c:\windows\system32\dllcache\asferror.dll
+ 2004-08-04 12:00 . 2006-10-19 02:47 7168 c:\windows\system32\asferror.dll
+ 2010-04-18 20:52 . 2010-04-18 20:52 3460 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2006-10-19 02:47 . 2006-10-19 02:47 204288 c:\windows\system32\wmpsrcwp.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 130048 c:\windows\system32\wmpps.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 613376 c:\windows\system32\wmpmde.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-04 12:00 . 2006-10-19 02:47 314880 c:\windows\system32\wmpdxm.dll
+ 2004-08-04 12:00 . 2006-10-19 02:47 242688 c:\windows\system32\wmpasf.dll
+ 2004-08-04 12:00 . 2006-10-19 02:47 227328 c:\windows\system32\wmerror.dll
+ 2009-03-08 09:34 . 2009-03-08 09:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-04 12:00 . 2008-05-09 10:53 430080 c:\windows\system32\vbscript.dll
+ 2010-04-18 22:12 . 2007-12-05 06:41 155716 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvsvc32.exe
+ 2010-04-18 22:12 . 2007-12-05 06:41 286720 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvnt4cpl.dll
+ 2010-04-18 22:12 . 2007-12-05 06:41 188416 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvmccss.dll
+ 2010-04-18 22:12 . 2007-12-05 06:41 229376 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvmccs.dll
+ 2010-04-18 22:12 . 2007-12-05 06:41 385024 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvapi.dll
+ 2010-04-18 22:08 . 2006-03-22 06:23 261120 c:\windows\system32\ReinstallBackups\0013\DriverFiles\nvsnpu.sys
+ 2007-02-14 23:09 . 2008-07-30 01:33 446464 c:\windows\system32\nvunrm.exe
+ 2007-02-14 22:18 . 2010-01-12 17:03 592488 c:\windows\system32\NVUNINST.EXE
+ 2007-02-14 22:31 . 2010-01-12 17:03 592488 c:\windows\system32\nvudisp.exe
+ 2010-01-12 03:17 . 2010-01-12 03:17 154216 c:\windows\system32\nvsvc32.exe
+ 2010-01-12 03:17 . 2010-01-12 03:17 110696 c:\windows\system32\nvmctray.dll
+ 2010-01-12 03:17 . 2010-01-12 03:17 278120 c:\windows\system32\nvmccs.dll
+ 2010-01-12 03:17 . 2010-01-12 03:17 145000 c:\windows\system32\nvcolor.exe
+ 2009-03-08 09:32 . 2009-03-08 09:32 594432 c:\windows\system32\msfeeds.dll
+ 2004-08-04 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2009-03-08 09:22 . 2009-03-08 09:22 164352 c:\windows\system32\ieui.dll
+ 2009-03-08 09:11 . 2009-03-08 09:11 445952 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 12:00 . 2006-10-19 02:47 314880 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-04 12:00 . 2006-10-19 02:47 242688 c:\windows\system32\dllcache\wmpasf.dll
+ 2004-08-04 12:00 . 2006-10-19 02:47 227328 c:\windows\system32\dllcache\wmerror.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 12:00 . 2006-11-01 23:31 315904 c:\windows\system32\dllcache\unregmp2.exe
+ 2009-01-07 23:20 . 2009-01-07 23:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2007-02-13 07:06 . 2006-10-19 02:47 243712 c:\windows\system32\dllcache\mpvis.dll
+ 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-04 12:00 . 2008-04-14 00:11 640000 c:\windows\system32\dllcache\dbghelp.dll
+ 2004-08-04 12:00 . 2006-11-01 23:31 315904 c:\windows\inf\unregmp2.exe
+ 2010-04-18 22:11 . 2004-08-04 12:00 276480 c:\windows\ie8\webcheck.dll
+ 2010-04-18 22:11 . 2006-12-19 18:08 852480 c:\windows\ie8\vgx.dll
+ 2010-04-18 22:11 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2010-04-18 22:11 . 2006-10-23 15:34 615936 c:\windows\ie8\urlmon.dll
+ 2010-04-18 22:12 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2010-04-18 22:12 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-04-18 22:11 . 2006-10-23 15:34 532480 c:\windows\ie8\mstime.dll
+ 2010-04-18 22:11 . 2006-10-23 15:34 146432 c:\windows\ie8\msrating.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 146432 c:\windows\ie8\msls31.dll
+ 2010-04-18 22:11 . 2006-10-23 15:34 448512 c:\windows\ie8\mshtmled.dll
+ 2010-04-18 22:11 . 2009-04-29 04:55 459264 c:\windows\ie8\msfeeds.dll
+ 2010-04-18 22:11 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
+ 2010-04-18 22:11 . 2009-04-29 04:55 268288 c:\windows\ie8\iertutil.dll
+ 2010-04-18 22:11 . 2006-10-23 15:34 251904 c:\windows\ie8\iepeers.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 323584 c:\windows\ie8\iedkcs32.dll
+ 2010-04-18 22:11 . 2009-04-29 04:55 383488 c:\windows\ie8\ieapfltr.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 221184 c:\windows\ie8\ieakui.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 216576 c:\windows\ie8\ieaksie.dll
+ 2010-04-18 22:11 . 2004-08-04 12:00 139264 c:\windows\ie8\ieakeng.dll
+ 2010-04-18 22:11 . 2006-10-23 15:34 205312 c:\windows\ie8\dxtrans.dll
+ 2010-04-18 22:11 . 2006-10-23 15:34 357888 c:\windows\ie8\dxtmsft.dll
+ 2004-08-04 12:00 . 2006-10-19 02:47 8231936 c:\windows\system32\wmploc.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 1661440 c:\windows\system32\wmpencen.dll
+ 2010-04-18 22:12 . 2007-12-05 06:41 2498560 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvwss.dll
+ 2010-04-18 22:12 . 2007-12-05 06:41 3710976 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvvitvs.dll
+ 2010-04-18 22:12 . 2007-12-05 06:41 6901760 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvoglnt.dll
+ 2010-04-18 22:12 . 2007-12-05 06:41 1228800 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvmobls.dll
+ 2010-04-18 22:12 . 2007-12-05 06:41 3420160 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvgames.dll
+ 2010-04-18 22:12 . 2007-12-05 06:41 6549504 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvdisps.dll
+ 2010-04-18 22:12 . 2007-12-05 06:41 1089536 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvcuda.dll
+ 2010-04-18 22:12 . 2007-12-05 06:41 8523776 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvcpl.dll
+ 2010-04-18 22:12 . 2007-12-05 06:41 7435392 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nv4_mini.sys
+ 2010-04-18 22:12 . 2007-12-05 06:41 5773568 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nv4_disp.dll
+ 2010-04-18 22:08 . 2006-03-22 06:23 1068800 c:\windows\system32\ReinstallBackups\0013\DriverFiles\nvnrm.sys
+ 2010-01-12 17:03 . 2010-01-12 17:03 2283526 c:\windows\system32\nvdata.bin
+ 2010-01-12 17:03 . 2010-01-12 17:03 2259560 c:\windows\system32\nvcuvid.dll
+ 2010-01-12 17:03 . 2010-01-12 17:03 4077672 c:\windows\system32\nvcuvenc.dll
+ 2009-03-08 09:32 . 2009-03-08 09:32 1985024 c:\windows\system32\iertutil.dll
+ 2009-02-07 02:07 . 2009-02-07 02:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2004-08-04 12:00 . 2006-10-19 02:47 8231936 c:\windows\system32\dllcache\wmploc.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2007-02-13 07:06 . 2006-11-01 23:31 1669120 c:\windows\system32\dllcache\setup_wm.exe
+ 2009-01-07 23:20 . 2009-01-07 23:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2010-04-18 22:11 . 2009-04-29 04:55 6066176 c:\windows\ie8\ieframe.dll
+ 2010-04-18 22:11 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
+ 2004-08-04 12:00 . 2006-10-19 02:47 10834432 c:\windows\system32\wmp.dll
+ 2010-01-12 03:17 . 2010-01-12 03:17 13666408 c:\windows\system32\nvcpl.dll
+ 2010-01-12 17:03 . 2010-01-12 17:03 11632640 c:\windows\system32\nvcompiler.dll
+ 2009-03-08 09:39 . 2009-03-08 09:39 11063808 c:\windows\system32\ieframe.dll
+ 2004-08-04 12:00 . 2006-10-19 02:47 10834432 c:\windows\system32\dllcache\wmp.dll
+ 2006-12-12 19:49 . 2010-01-12 17:03 10276768 c:\windows\system32\dllcache\nv4_mini.sys
+ 2010-04-18 22:12 . 2010-04-18 22:12 15710720 c:\windows\Installer\d3217.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-08-08 16:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-02-22 1291600]
"nwiz"="nwiz.exe" [N/A]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
backup=c:\windows\pss\Program Neighborhood Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 13:30 132392 -c--a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-17 17:32 17920 ----a-w- c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-12-12 15:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
2004-09-03 08:58 65536 ------w- c:\program files\Ahead\ODD Toolkit\dvdtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
2004-06-15 01:54 200704 ----a-w- c:\program files\Gigabyte\ET5\GUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
2006-06-02 08:46 385024 ------r- c:\windows\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
c:\documents and settings\Preston\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2008-08-08 16:27 1083176 ----a-w- c:\program files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
c:\program files\iTunes\iTunesHelper.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
c:\program files\Essentials Codec Pack\update.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
c:\program files\Messenger\msmsgs.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
c:\program files\MSN Messenger\msnmsgr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
c:\program files\Microsoft Security Essentials\msseces.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
2006-03-08 13:56 278528 -c----w- c:\program files\Creative\MediaSource5\MtdAcqu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 20:29 2221352 -c--a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-06 13:25 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2007-10-10 21:46 226890 -c--a-w- c:\program files\Plaxo\2.13.1.2\PlaxoHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
c:\program files\Creative\Shared Files\Module Loader\DLLML.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-27 02:47 16208384 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2008-08-08 16:28 2049320 -c--a-w- c:\program files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 -c----r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-03-12 04:08 1217872 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre6\bin\jusched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SolidWorks Licensing Service"=3 (0x3)
"NeroRegInCDSrv"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"gupdate"=2 (0x2)
"WZCSVC"=2 (0x2)
"UPS"=3 (0x3)
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SoundMovieServer"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"ISSVC"=2 (0x2)
"nTuneService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [4/18/2010 2:28 AM 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/14/2009 3:39 AM 95024]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/18/2010 2:22 AM 204632]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [4/18/2010 2:28 AM 69720]
R2 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/18/2010 2:22 AM 85080]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [2/21/2010 9:39 PM 181584]
R3 TunRDriverV32;TunRDriverV32;c:\windows\system32\drivers\TunRDriverV32.sys [8/9/2007 2:35 AM 506496]
R3 TunRVideo32;TunRVideo32;c:\windows\system32\drivers\TunRVideo32.sys [3/28/2008 6:19 PM 3768]
S0 AmdAcpi;AmdAcpi Bus Filter Driver; [x]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/14/2007 12:20 AM 646392]
S2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2/21/2010 9:40 PM 2726000]
S3 amdtools;AMD Special Tools Driver; [x]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2/13/2007 4:51 AM 96256]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [8/8/2008 11:28 AM 53032]
S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [3/28/2008 6:19 PM 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} - hxxps://www.wm-mobile.ubs.com/md/plugin/excel_mobil/excel.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-18 17:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,91,af,8a,62,28,57,48,91,52,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,91,af,8a,62,28,57,48,91,52,3e,\
.
Completion time: 2010-04-18 17:44:20
ComboFix-quarantined-files.txt 2010-04-18 22:44
ComboFix2.txt 2010-04-18 11:32
ComboFix3.txt 2010-04-18 10:42
ComboFix4.txt 2010-04-18 07:14
ComboFix5.txt 2010-04-18 22:33

Pre-Run: 68,782,198,784 bytes free
Post-Run: 68,754,870,272 bytes free

Current=3 Default=3 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - FB8BB57ECF35FB4DFE9F375D6D074B6B

mcgilacoty
2010-04-29, 17:13
@BIOS
3DMark06
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
AlgoLab R2V Converter 2.97.2M
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Calculator Powertoy for Windows XP
Compatibility Pack for the 2007 Office system
COSMOSMotion 2007 SP0
COSMOSWorks 2007 SP0
Counter-Strike: Source
Creative Audio Console
Creative Media Toolbox
Creative MediaSource
Creative MediaSource 5
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
DMIView
DWGeditor
EasyTune5
eDrawings 2007
Face-wizard
Fraps
Gigabyte Raid Configurer
GIMP 2.6.7
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
i-Cool
iTunes
Java(TM) 6 Update 20
K-Lite Mega Codec Pack 5.0.0
LimeWire 5.5.8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Click-to-Run 2010 (Beta)
Microsoft Office Click-to-Run 2010 (Beta)
Microsoft Office Converter Pack
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Professional Edition 2003
Microsoft Report Viewer Redistributable 2005
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works 6-9 Converter
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA nTune
NVIDIA nView Desktop Manager
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Plaxo Toolbar for Outlook and Outlook Express
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.87
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SolidWorks 2007 SP0
SolidWorks Explorer 2007 sp0
SolidWorks Installation Manager
Sound Blaster X-Fi
SSH Secure Shell
Steam
Symantec KB-DocID:2003093015493306
System Requirements Lab
TuneRaft 3.3.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
UPSVCMM
VCRedistSetup
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3

mcgilacoty
2010-04-29, 17:20
I haven't been hijacked in a while but every once in a while i will get a bsod on boot up. Seems like vipre is pretty memory hungry but it seems to be working. Vipre scans find a tracking cookie every time it scans even after "cleaning" the file. Something is funky with my graphics drivers and some of the special buttons aren't working on my keyboard. I haven't had much time to mess with it so I don't know what the issue is. I'm pretty sure it had something to do with the rootkit I had. Thanks in advance for your help.

Cypher
2010-04-29, 18:16
Hi mcgilacoty.

Remove P2P Programs


I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.


LimeWire 5.5.8

Please read the P2P Programs (http://forums.spybot.info/showthread.php?t=282) where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Click on start
Then Run
In the open text entry box please copy/paste appwiz.cpl Then click enter.
Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Next.

Please post a new Uninstall list.

Open HijackThis.
Click on the Open the Misc Tools section button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please post this log in your next reply.

Logs/Information to Post in your Next Reply


Uninstall list.

mcgilacoty
2010-04-29, 21:27
@BIOS
3DMark06
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
AlgoLab R2V Converter 2.97.2M
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Calculator Powertoy for Windows XP
Compatibility Pack for the 2007 Office system
COSMOSMotion 2007 SP0
COSMOSWorks 2007 SP0
Counter-Strike: Source
Creative Audio Console
Creative Media Toolbox
Creative MediaSource
Creative MediaSource 5
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
DMIView
DWGeditor
EasyTune5
eDrawings 2007
Face-wizard
Fraps
Gigabyte Raid Configurer
GIMP 2.6.7
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
i-Cool
iTunes
Java(TM) 6 Update 20
K-Lite Mega Codec Pack 5.0.0
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Click-to-Run 2010 (Beta)
Microsoft Office Click-to-Run 2010 (Beta)
Microsoft Office Converter Pack
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Professional Edition 2003
Microsoft Report Viewer Redistributable 2005
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works 6-9 Converter
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA nTune
NVIDIA nView Desktop Manager
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Plaxo Toolbar for Outlook and Outlook Express
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.87
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SolidWorks 2007 SP0
SolidWorks Explorer 2007 sp0
SolidWorks Installation Manager
Sound Blaster X-Fi
SSH Secure Shell
Steam
Symantec KB-DocID:2003093015493306
System Requirements Lab
TuneRaft 3.3.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
UPSVCMM
VCRedistSetup
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3

Cypher
2010-04-30, 12:13
Hi mcgilacoty
Thank you for you're cooperation.

First delete you're version of ComboFix if you still have it installed.


Next.

Back Up registry with ERUNT

Please use the following link and download ERUNT to your desktop. HERE (http://www.derfisch.de/lars/erunt-setup.exe)
Click on the erunt-setup.exe
Follow the prompts to install ERUNT
Choose language
A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

http://i219.photobucket.com/albums/cc99/BioHazard_030/erunt.png

Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next

Download and Run ComboFix

Please download ComboFix from one of the following links.

Link 1. (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

Link 2. (http://www.forospyware.com/sUBs/ComboFix.exe)

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

Please disable any Antivirus or Firewall you have active, as shown in this topic (http://www.bleepingcomputer.com/forums/topic114351.html). Please close all open application windows.
Double click on ComboFix.exe & follow the prompts
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Consolehttp://img.photobucket.com/albums/v666/sUBs/Query_RC.gif
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



Logs/Information to Post in your Next Reply


ComboFix.txt log.
Please give me an update on your computers performance.

mcgilacoty
2010-05-01, 07:44
ComboFix 10-04-29.05 - Preston 04/30/2010 8:38.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1584 [GMT -5:00]
Running from: c:\documents and settings\Preston\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 )))))))))))))))))))))))))))))))
.

2010-04-30 13:33 . 2010-04-30 13:33 -------- d-----w- c:\program files\ERUNT
2010-04-29 04:17 . 2010-04-29 04:17 -------- d-----w- c:\program files\iPod
2010-04-29 04:17 . 2010-04-29 04:18 -------- d-----w- c:\program files\iTunes
2010-04-29 04:17 . 2010-04-29 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-29 04:17 . 2010-04-29 04:17 -------- d-----w- c:\program files\QuickTime
2010-04-29 04:16 . 2010-04-29 04:16 -------- d-----w- c:\program files\Apple Software Update
2010-04-29 04:16 . 2010-04-29 04:16 -------- d-----w- c:\program files\Bonjour
2010-04-29 04:16 . 2010-04-29 04:17 -------- d-----w- c:\program files\Common Files\Apple
2010-04-28 20:45 . 2010-04-28 20:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-19 06:44 . 2010-04-19 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications
2010-04-19 04:53 . 2010-04-19 04:53 -------- d-----w- c:\program files\Trend Micro
2010-04-19 04:37 . 2007-12-05 06:41 35328 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-19 04:37 . 2010-01-12 17:03 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-04-19 04:37 . 2007-12-05 06:41 6901760 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-19 04:37 . 2007-12-05 06:41 35328 ----a-w- c:\windows\system32\nvcod.dll
2010-04-19 04:37 . 2010-01-12 17:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-19 04:37 . 2010-01-12 17:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-19 04:37 . 2007-12-05 06:41 1089536 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-19 04:37 . 2010-01-12 17:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-19 04:37 . 2007-12-05 06:41 385024 ----a-w- c:\windows\system32\nvapi.dll
2010-04-19 04:36 . 2010-01-12 17:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-19 04:36 . 2007-12-05 06:41 7435392 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-04-19 04:36 . 2007-12-05 06:41 5773568 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-19 04:36 . 2006-03-22 06:21 10240 ----a-r- c:\windows\system32\bdco1ins.dll
2010-04-19 04:36 . 2006-03-14 13:45 35840 ----a-r- c:\windows\system32\nvconrm.dll
2010-04-19 04:36 . 2006-03-22 06:24 18944 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2010-04-19 04:36 . 2006-03-22 06:23 1068800 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2010-04-19 04:36 . 2006-03-22 06:21 10240 ----a-r- c:\windows\system32\bdco1.dll
2010-04-19 04:36 . 2007-04-17 02:46 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys
2010-04-19 04:23 . 2008-04-13 18:31 35840 ----a-w- c:\windows\system32\drivers\processr.sys
2010-04-19 03:55 . 2010-04-03 22:55 10232128 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-04-19 03:52 . 2010-04-19 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-19 03:52 . 2010-04-19 03:52 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Microsoft Help
2010-04-19 02:50 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\NVD
2010-04-19 02:50 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Application Data\NVD
2010-04-19 02:50 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\SoftGrid Client
2010-04-19 02:49 . 2010-04-19 07:23 -------- d-----w- c:\documents and settings\Preston\Application Data\SoftGrid Client
2010-04-19 02:49 . 2010-04-19 02:49 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2010-04-19 02:49 . 2010-04-19 02:49 -------- d-----w- c:\documents and settings\All Users\Microsoft
2010-04-19 02:48 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Application Data\TP
2010-04-19 02:38 . 2010-04-19 02:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-19 02:36 . 2010-04-19 02:36 -------- d-----w- c:\program files\Common Files\Java
2010-04-19 02:36 . 2010-04-19 02:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-19 02:36 . 2010-04-19 02:36 -------- d-----w- c:\program files\Java
2010-04-19 02:35 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-19 02:34 . 2010-04-19 02:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 02:34 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-19 01:57 . 2010-04-19 02:40 -------- d-----w- c:\windows\ie8updates
2010-04-19 01:45 . 2008-04-14 10:42 10752 ----a-w- c:\windows\system32\smtpapi.dll
2010-04-19 01:45 . 2008-04-14 10:42 9728 ----a-w- c:\windows\system32\rwnh.dll
2010-04-18 22:13 . 2010-04-18 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-04-18 22:12 . 2010-04-18 22:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-18 22:11 . 2010-04-19 01:56 -------- dc-h--w- c:\windows\ie8
2010-04-18 22:08 . 2008-07-08 13:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-04-18 22:08 . 2010-04-18 22:08 -------- d-----w- C:\58209d509bb6c760d0
2010-04-18 11:00 . 2010-04-18 11:00 -------- d-----w- c:\program files\VS Revo Group
2010-04-18 07:28 . 2010-01-05 09:40 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-04-18 07:28 . 2010-01-05 09:40 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-04-18 07:24 . 2010-04-18 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-04-18 07:24 . 2010-04-18 07:24 -------- d-----w- c:\documents and settings\Preston\Application Data\Sunbelt
2010-04-18 07:22 . 2010-02-22 01:30 85080 ----a-w- c:\windows\system32\drivers\sbhips.sys
2010-04-18 07:22 . 2010-02-22 01:30 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys
2010-04-18 07:22 . 2010-04-18 07:22 -------- d-----w- c:\program files\Sunbelt Software
2010-04-18 04:40 . 2010-04-18 04:40 146579236 ----a-w- C:\registrybackup.reg
2010-04-17 12:35 . 2008-04-13 16:39 142592 -c--a-w- c:\windows\system32\dllcache\aec.sys
2010-04-17 12:35 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-04-15 07:02 . 2010-04-15 08:35 -------- d-----w- C:\f0b6fdfa5c5738b47c
2010-04-15 06:53 . 2010-04-15 06:53 -------- d-----w- c:\documents and settings\Preston\Application Data\MSNInstaller
2010-04-15 06:44 . 2010-04-15 06:44 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-04-15 06:43 . 2010-04-15 06:43 -------- d-----w- c:\documents and settings\Preston\Application Data\Uniblue
2010-04-15 06:09 . 2010-04-15 06:09 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Mozilla
2010-04-15 06:05 . 2010-04-15 06:05 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Downloaded Installations
2010-04-15 04:23 . 2010-04-15 04:23 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-04-15 03:44 . 2010-04-15 03:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-13 12:14 . 2010-04-13 12:14 -------- d-----w- c:\windows\Options
2010-04-12 04:22 . 2010-04-12 04:22 -------- d-----w- c:\documents and settings\Preston\Application Data\Malwarebytes
2010-04-12 04:21 . 2010-04-12 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-09 15:01 . 2010-04-09 15:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-08 02:30 . 2010-04-08 02:30 503808 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\msvcp71.dll
2010-04-08 02:30 . 2010-04-08 02:30 499712 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\jmc.dll
2010-04-08 02:30 . 2010-04-08 02:30 348160 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\msvcr71.dll
2010-04-08 02:30 . 2010-04-08 02:30 61440 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6421359f-n\decora-sse.dll
2010-04-08 02:30 . 2010-04-08 02:30 12800 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6421359f-n\decora-d3d.dll
2010-04-07 16:20 . 2010-04-07 16:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-04-07 00:12 . 2010-04-07 00:12 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-04-06 23:35 . 2010-04-06 23:35 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-04-06 23:35 . 2010-04-06 23:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-06 18:02 . 2010-04-15 03:42 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-06 18:02 . 2010-04-06 18:02 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-06 18:02 . 2010-04-06 18:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-04 00:23 . 2010-04-04 00:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-04 00:23 . 2010-04-04 00:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-04 00:23 . 2010-04-04 00:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-04 00:23 . 2010-04-04 00:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 00:23 . 2010-04-04 00:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-04 00:22 . 2010-04-04 00:22 81920 ----a-w- c:\windows\system32\nvwddi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 03:36 . 2007-03-25 06:45 -------- d-----w- c:\documents and settings\Preston\Application Data\Apple Computer
2010-04-20 14:14 . 2008-03-24 22:46 -------- d-----w- c:\documents and settings\Preston\Application Data\SolidWorks
2010-04-20 05:40 . 2007-02-13 09:39 66264 -c--a-w- c:\documents and settings\Preston\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-19 04:42 . 2007-02-13 08:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-18 22:08 . 2007-02-13 17:27 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-18 21:48 . 2008-03-27 20:54 -------- d-----w- c:\program files\Steam
2010-04-18 10:05 . 2009-07-21 06:21 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-04-18 09:53 . 2009-11-02 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-16 21:03 . 2004-08-04 12:00 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2010-04-15 06:34 . 2007-02-13 07:32 -------- d-----w- c:\program files\AMD
2010-04-15 03:42 . 2007-03-01 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-13 12:19 . 2007-05-05 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-13 12:17 . 2007-05-14 05:46 -------- d-----w- c:\documents and settings\Preston\Application Data\ICAClient
2010-04-13 12:15 . 2007-02-20 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-04-10 06:06 . 2007-02-13 08:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-10 06:06 . 2007-02-13 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-10 06:05 . 2007-04-17 09:06 40 ----a-w- c:\windows\system32\profile.dat
2010-04-08 02:37 . 2007-04-04 08:16 -------- d--h--w- c:\documents and settings\Preston\Application Data\Move Networks
2010-04-03 22:55 . 2010-04-19 04:41 6432128 ----a-w- c:\windows\system32\SET3F.tmp
2010-04-03 22:55 . 2007-02-14 22:31 600680 -c--a-w- c:\windows\system32\nvudisp.exe
2010-04-02 21:54 . 2007-02-14 22:18 600680 -c--a-w- c:\windows\system32\NVUNINST.EXE
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 02:39 . 2010-02-22 02:39 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-02-16 14:08 . 2004-08-04 12:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2007-02-13 09:43 . 2007-02-13 09:43 35302248 -c--a-w- c:\program files\5.05.25.00_ntune_winxp_international.exe
.

<pre>
c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\Creative\MediaSource\Detector\ctdetect .exe
c:\program files\Creative\Shared Files\Module Loader\dllml .exe
c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\ctdvddet .exe
c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\volpanel .exe
c:\program files\NVIDIA Corporation\nTune\ntunecmd .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-08-08 16:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-02-22 1291600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"nwiz"="nwiz.exe" [N/A]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
backup=c:\windows\pss\Program Neighborhood Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 13:30 132392 -c--a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-17 17:32 17920 ----a-w- c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-12-12 15:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
2004-09-03 08:58 65536 ------w- c:\program files\Ahead\ODD Toolkit\dvdtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
2004-06-15 01:54 200704 ----a-w- c:\program files\Gigabyte\ET5\GUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
2006-06-02 08:46 385024 ------r- c:\windows\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
c:\documents and settings\Preston\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2008-08-08 16:27 1083176 ----a-w- c:\program files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 20:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
c:\program files\Essentials Codec Pack\update.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
c:\program files\MSN Messenger\msnmsgr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
c:\program files\Microsoft Security Essentials\msseces.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
2006-03-08 13:56 278528 -c----w- c:\program files\Creative\MediaSource5\MtdAcqu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 20:29 2221352 -c--a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-06 13:25 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-04 00:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-04 00:23 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2007-10-10 21:46 226890 -c--a-w- c:\program files\Plaxo\2.13.1.2\PlaxoHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
c:\program files\Creative\Shared Files\Module Loader\DLLML.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-27 02:47 16208384 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2008-08-08 16:28 2049320 -c--a-w- c:\program files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 -c----r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-03-12 04:08 1217872 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre6\bin\jusched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SolidWorks Licensing Service"=3 (0x3)
"NeroRegInCDSrv"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"gupdate"=2 (0x2)
"WZCSVC"=2 (0x2)
"UPS"=3 (0x3)
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SoundMovieServer"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"ISSVC"=2 (0x2)
"nTuneService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [4/18/2010 2:28 AM 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/14/2009 3:39 AM 95024]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/18/2010 2:22 AM 204632]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 7:35 AM 819600]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [4/18/2010 2:28 AM 69720]
R2 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/18/2010 2:22 AM 85080]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [2/21/2010 9:39 PM 181584]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 3:04 PM 447832]
R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 3:04 PM 543064]
R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 3:04 PM 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 3:05 PM 21864]
R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 3:04 PM 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 3:04 PM 203608]
R3 TunRDriverV32;TunRDriverV32;c:\windows\system32\drivers\TunRDriverV32.sys [8/9/2007 2:35 AM 506496]
R3 TunRVideo32;TunRVideo32;c:\windows\system32\drivers\TunRVideo32.sys [3/28/2008 6:19 PM 3768]
S0 AmdAcpi;AmdAcpi Bus Filter Driver; [x]
S2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2/21/2010 9:40 PM 2726000]
S3 amdtools;AMD Special Tools Driver; [x]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2/13/2007 4:51 AM 96256]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [8/8/2008 11:28 AM 53032]
S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [3/28/2008 6:19 PM 184320]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/14/2007 12:20 AM 646392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-30 c:\windows\Tasks\User_Feed_Synchronization-{561DDAE7-884D-4921-9C0C-F2EA28E4F39D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} - hxxps://www.wm-mobile.ubs.com/md/plugin/excel_mobil/excel.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-30 08:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1628)
c:\windows\system32\WININET.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-30 08:47:58
ComboFix-quarantined-files.txt 2010-04-30 13:47
ComboFix2.txt 2010-04-18 22:44

Pre-Run: 79,277,240,320 bytes free
Post-Run: 79,292,030,976 bytes free

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
- - End Of File - - FF88C17F991F5E84B77613E8C3D8F3BE



I haven't had time to check out the performance of the computer but I will soon and give an update in a new post.

Cypher
2010-05-01, 14:31
Hi mcgilacoty.

I haven't had time to check out the performance of the computer but I will soon and give an update in a new post.
Let me how how things are after the below fix :)



ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
Please open Notepad and copy/paste all the text below... into the window:


RenV::
c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\Creative\MediaSource\Detector\ctdetect .exe
c:\program files\Creative\Shared Files\Module Loader\dllml .exe
c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\ctdvddet .exe
c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\volpanel .exe
c:\program files\NVIDIA Corporation\nTune\ntunecmd .exe


Save it to your desktop as CFScript.txt
Please disable any Antivirus or Firewall you have active, as shown in this topic (http://www.bleepingcomputer.com/forums/topic114351.html). Please close all open application windows.
*Only* when the 2 items above (Step 3) have been taken care of...
Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
http://i526.photobucket.com/albums/cc345/MPKwings/ComboFixScriptDrag.gif
This will cause ComboFix to run again.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
Do Not touch your computer when ComboFix is running!
When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.


Next.

Upload a File to Virustotal

Please go to Virustotal (http://www.virustotal.com/)

Copy/paste this file and path into the white box at the top:

c:\windows\system32\drivers\Sftredirxp.sys
Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

If you have trouble using Virustotal try jotti.org (http://virusscan.jotti.org/en)



Logs/Information to Post in your Next Reply


ComboFix
Virustotal or jotti results.
Please give me an update on your computers performance.

mcgilacoty
2010-05-02, 02:55
ComboFix 10-04-30.03 - Preston 05/01/2010 8:47.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1601 [GMT -5:00]
Running from: c:\documents and settings\Preston\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Preston\Desktop\CFScript.txt
AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate

.
((((((((((((((((((((((((( Files Created from 2010-04-01 to 2010-05-01 )))))))))))))))))))))))))))))))
.

2010-04-30 13:33 . 2010-04-30 13:33 -------- d-----w- c:\program files\ERUNT
2010-04-29 04:17 . 2010-04-29 04:17 -------- d-----w- c:\program files\iPod
2010-04-29 04:17 . 2010-04-29 04:18 -------- d-----w- c:\program files\iTunes
2010-04-29 04:17 . 2010-04-29 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-29 04:17 . 2010-04-29 04:17 -------- d-----w- c:\program files\QuickTime
2010-04-29 04:16 . 2010-04-29 04:16 -------- d-----w- c:\program files\Apple Software Update
2010-04-29 04:16 . 2010-04-29 04:16 -------- d-----w- c:\program files\Bonjour
2010-04-29 04:16 . 2010-04-29 04:17 -------- d-----w- c:\program files\Common Files\Apple
2010-04-28 20:45 . 2010-04-28 20:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-19 06:44 . 2010-04-19 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications
2010-04-19 04:53 . 2010-04-19 04:53 -------- d-----w- c:\program files\Trend Micro
2010-04-19 04:37 . 2007-12-05 06:41 35328 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-19 04:37 . 2010-01-12 17:03 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-04-19 04:37 . 2007-12-05 06:41 6901760 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-19 04:37 . 2007-12-05 06:41 35328 ----a-w- c:\windows\system32\nvcod.dll
2010-04-19 04:37 . 2010-01-12 17:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-19 04:37 . 2010-01-12 17:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-19 04:37 . 2007-12-05 06:41 1089536 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-19 04:37 . 2010-01-12 17:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-19 04:37 . 2007-12-05 06:41 385024 ----a-w- c:\windows\system32\nvapi.dll
2010-04-19 04:36 . 2010-01-12 17:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-19 04:36 . 2007-12-05 06:41 7435392 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-04-19 04:36 . 2007-12-05 06:41 5773568 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-19 04:36 . 2006-03-22 06:21 10240 ----a-r- c:\windows\system32\bdco1ins.dll
2010-04-19 04:36 . 2006-03-14 13:45 35840 ----a-r- c:\windows\system32\nvconrm.dll
2010-04-19 04:36 . 2006-03-22 06:24 18944 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2010-04-19 04:36 . 2006-03-22 06:23 1068800 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2010-04-19 04:36 . 2006-03-22 06:21 10240 ----a-r- c:\windows\system32\bdco1.dll
2010-04-19 04:36 . 2007-04-17 02:46 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys
2010-04-19 04:23 . 2008-04-13 18:31 35840 ----a-w- c:\windows\system32\drivers\processr.sys
2010-04-19 03:55 . 2010-04-03 22:55 10232128 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-04-19 03:52 . 2010-04-19 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-19 03:52 . 2010-04-19 03:52 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Microsoft Help
2010-04-19 02:50 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\NVD
2010-04-19 02:50 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Application Data\NVD
2010-04-19 02:50 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\SoftGrid Client
2010-04-19 02:49 . 2010-04-19 07:23 -------- d-----w- c:\documents and settings\Preston\Application Data\SoftGrid Client
2010-04-19 02:49 . 2010-04-19 02:49 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2010-04-19 02:49 . 2010-04-19 02:49 -------- d-----w- c:\documents and settings\All Users\Microsoft
2010-04-19 02:48 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Application Data\TP
2010-04-19 02:38 . 2010-04-19 02:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-19 02:36 . 2010-04-19 02:36 -------- d-----w- c:\program files\Common Files\Java
2010-04-19 02:36 . 2010-04-19 02:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-19 02:36 . 2010-04-19 02:36 -------- d-----w- c:\program files\Java
2010-04-19 02:35 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-19 02:34 . 2010-04-19 02:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 02:34 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-19 01:57 . 2010-04-19 02:40 -------- d-----w- c:\windows\ie8updates
2010-04-19 01:45 . 2008-04-14 10:42 10752 ----a-w- c:\windows\system32\smtpapi.dll
2010-04-19 01:45 . 2008-04-14 10:42 9728 ----a-w- c:\windows\system32\rwnh.dll
2010-04-18 22:13 . 2010-04-18 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-04-18 22:12 . 2010-04-18 22:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-18 22:11 . 2010-04-19 01:56 -------- dc-h--w- c:\windows\ie8
2010-04-18 22:08 . 2008-07-08 13:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-04-18 22:08 . 2010-04-18 22:08 -------- d-----w- C:\58209d509bb6c760d0
2010-04-18 11:00 . 2010-04-18 11:00 -------- d-----w- c:\program files\VS Revo Group
2010-04-18 07:28 . 2010-01-05 09:40 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-04-18 07:28 . 2010-01-05 09:40 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-04-18 07:24 . 2010-04-18 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-04-18 07:24 . 2010-04-18 07:24 -------- d-----w- c:\documents and settings\Preston\Application Data\Sunbelt
2010-04-18 07:22 . 2010-02-22 01:30 85080 ----a-w- c:\windows\system32\drivers\sbhips.sys
2010-04-18 07:22 . 2010-02-22 01:30 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys
2010-04-18 07:22 . 2010-04-18 07:22 -------- d-----w- c:\program files\Sunbelt Software
2010-04-18 04:40 . 2010-04-18 04:40 146579236 ----a-w- C:\registrybackup.reg
2010-04-17 12:35 . 2008-04-13 16:39 142592 -c--a-w- c:\windows\system32\dllcache\aec.sys
2010-04-17 12:35 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-04-15 07:02 . 2010-04-15 08:35 -------- d-----w- C:\f0b6fdfa5c5738b47c
2010-04-15 06:53 . 2010-04-15 06:53 -------- d-----w- c:\documents and settings\Preston\Application Data\MSNInstaller
2010-04-15 06:44 . 2010-04-15 06:44 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-04-15 06:43 . 2010-04-15 06:43 -------- d-----w- c:\documents and settings\Preston\Application Data\Uniblue
2010-04-15 06:09 . 2010-04-15 06:09 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Mozilla
2010-04-15 06:05 . 2010-04-15 06:05 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Downloaded Installations
2010-04-15 04:23 . 2010-04-15 04:23 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-04-15 03:44 . 2010-04-15 03:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-13 12:14 . 2010-04-13 12:14 -------- d-----w- c:\windows\Options
2010-04-12 04:22 . 2010-04-12 04:22 -------- d-----w- c:\documents and settings\Preston\Application Data\Malwarebytes
2010-04-12 04:21 . 2010-04-12 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-09 15:01 . 2010-04-09 15:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-08 02:30 . 2010-04-08 02:30 503808 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\msvcp71.dll
2010-04-08 02:30 . 2010-04-08 02:30 499712 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\jmc.dll
2010-04-08 02:30 . 2010-04-08 02:30 348160 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\msvcr71.dll
2010-04-08 02:30 . 2010-04-08 02:30 61440 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6421359f-n\decora-sse.dll
2010-04-08 02:30 . 2010-04-08 02:30 12800 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6421359f-n\decora-d3d.dll
2010-04-07 16:20 . 2010-04-07 16:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-04-07 00:12 . 2010-04-07 00:12 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-04-06 23:35 . 2010-04-06 23:35 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-04-06 23:35 . 2010-04-06 23:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-06 18:02 . 2010-04-15 03:42 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-06 18:02 . 2010-04-06 18:02 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-06 18:02 . 2010-04-06 18:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-04 00:23 . 2010-04-04 00:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-04 00:23 . 2010-04-04 00:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-04 00:23 . 2010-04-04 00:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-04 00:23 . 2010-04-04 00:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 00:23 . 2010-04-04 00:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-04 00:22 . 2010-04-04 00:22 81920 ----a-w- c:\windows\system32\nvwddi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 13:47 . 2007-02-13 08:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-30 03:36 . 2007-03-25 06:45 -------- d-----w- c:\documents and settings\Preston\Application Data\Apple Computer
2010-04-20 14:14 . 2008-03-24 22:46 -------- d-----w- c:\documents and settings\Preston\Application Data\SolidWorks
2010-04-20 05:40 . 2007-02-13 09:39 66264 -c--a-w- c:\documents and settings\Preston\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-19 04:42 . 2007-02-13 08:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-18 22:08 . 2007-02-13 17:27 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-18 21:48 . 2008-03-27 20:54 -------- d-----w- c:\program files\Steam
2010-04-18 10:05 . 2009-07-21 06:21 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-04-18 09:53 . 2009-11-02 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-16 21:03 . 2004-08-04 12:00 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2010-04-15 06:34 . 2007-02-13 07:32 -------- d-----w- c:\program files\AMD
2010-04-15 03:42 . 2007-03-01 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-13 12:19 . 2007-05-05 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-13 12:17 . 2007-05-14 05:46 -------- d-----w- c:\documents and settings\Preston\Application Data\ICAClient
2010-04-13 12:15 . 2007-02-20 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-04-10 06:06 . 2007-02-13 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-10 06:05 . 2007-04-17 09:06 40 ----a-w- c:\windows\system32\profile.dat
2010-04-08 02:37 . 2007-04-04 08:16 -------- d--h--w- c:\documents and settings\Preston\Application Data\Move Networks
2010-04-03 22:55 . 2010-04-19 04:41 6432128 ----a-w- c:\windows\system32\SET3F.tmp
2010-04-03 22:55 . 2007-02-14 22:31 600680 -c--a-w- c:\windows\system32\nvudisp.exe
2010-04-02 21:54 . 2007-02-14 22:18 600680 -c--a-w- c:\windows\system32\NVUNINST.EXE
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 02:39 . 2010-02-22 02:39 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-02-16 14:08 . 2004-08-04 12:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2007-02-13 09:43 . 2007-02-13 09:43 35302248 -c--a-w- c:\program files\5.05.25.00_ntune_winxp_international.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-30_13.45.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-01 13:39 . 2010-05-01 13:39 16384 c:\windows\temp\Perflib_Perfdata_7d8.dat
+ 2010-04-18 20:52 . 2010-05-01 13:44 3460 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
- 2010-04-18 20:52 . 2010-04-20 10:24 3460 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-08-08 16:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-02-22 1291600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
backup=c:\windows\pss\Program Neighborhood Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 13:30 132392 -c--a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-17 17:32 17920 ----a-w- c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-12-12 15:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
2004-09-03 08:58 65536 ------w- c:\program files\Ahead\ODD Toolkit\dvdtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
2004-06-15 01:54 200704 ----a-w- c:\program files\Gigabyte\ET5\GUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
2006-06-02 08:46 385024 ------r- c:\windows\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2008-08-08 16:27 1083176 ----a-w- c:\program files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 20:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
2006-03-08 13:56 278528 -c----w- c:\program files\Creative\MediaSource5\MtdAcqu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 20:29 2221352 -c--a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-06 13:25 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-04 00:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-01-22 23:22 81920 -c--a-w- c:\program files\NVIDIA Corporation\nTune\ntunecmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-04 00:23 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2007-10-10 21:46 226890 -c--a-w- c:\program files\Plaxo\2.13.1.2\PlaxoHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
2005-06-17 00:25 49152 ----a-w- c:\program files\Creative\Shared Files\Module Loader\dllml.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-27 02:47 16208384 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2008-08-08 16:28 2049320 -c--a-w- c:\program files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 -c----r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-03-12 04:08 1217872 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SolidWorks Licensing Service"=3 (0x3)
"NeroRegInCDSrv"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"gupdate"=2 (0x2)
"WZCSVC"=2 (0x2)
"UPS"=3 (0x3)
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SoundMovieServer"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"ISSVC"=2 (0x2)
"nTuneService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [4/18/2010 2:28 AM 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/14/2009 3:39 AM 95024]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/18/2010 2:22 AM 204632]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 7:35 AM 819600]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [4/18/2010 2:28 AM 69720]
R2 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/18/2010 2:22 AM 85080]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [2/21/2010 9:39 PM 181584]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 3:04 PM 447832]
R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 3:04 PM 543064]
R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 3:04 PM 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 3:05 PM 21864]
R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 3:04 PM 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 3:04 PM 203608]
R3 TunRDriverV32;TunRDriverV32;c:\windows\system32\drivers\TunRDriverV32.sys [8/9/2007 2:35 AM 506496]
R3 TunRVideo32;TunRVideo32;c:\windows\system32\drivers\TunRVideo32.sys [3/28/2008 6:19 PM 3768]
S0 AmdAcpi;AmdAcpi Bus Filter Driver; [x]
S2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2/21/2010 9:40 PM 2726000]
S3 amdtools;AMD Special Tools Driver; [x]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2/13/2007 4:51 AM 96256]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [8/8/2008 11:28 AM 53032]
S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [3/28/2008 6:19 PM 184320]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/14/2007 12:20 AM 646392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-30 c:\windows\Tasks\User_Feed_Synchronization-{561DDAE7-884D-4921-9C0C-F2EA28E4F39D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} - hxxps://www.wm-mobile.ubs.com/md/plugin/excel_mobil/excel.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-Google Update - c:\documents and settings\Preston\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-Media Codec Update Service - c:\program files\Essentials Codec Pack\update.exe
MSConfigStartUp-Motive SmartBridge - c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 08:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2760)
c:\windows\system32\WININET.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-01 08:57:05
ComboFix-quarantined-files.txt 2010-05-01 13:57
ComboFix2.txt 2010-04-30 13:48
ComboFix3.txt 2010-04-18 22:44

Pre-Run: 79,296,909,312 bytes free
Post-Run: 79,250,092,032 bytes free

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
- - End Of File - - B98B1BFD3A4BD82584A2B3A1F72AF903

mcgilacoty
2010-05-02, 02:57
File Sftredirxp.sys received on 2010.05.01 23:54:39 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/41 (0%)

mcgilacoty
2010-05-02, 03:04
Filename: Sftredirxp.sys
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sun 2 May 2010 01:58:40 (CET) Permalink

mcgilacoty
2010-05-02, 03:16
I attempted to update my processor driver (amd athlon x64) and the installshield wizard gave me two errors. The first error said that it could not complete the install. Then it said it could not complete the uninstall. I haven't explored it further but my clock is still stuck on 24hr mode and none of the special buttons on my keyboard work. The computer still seems to be running the same as it was before.

I just updated my graphics driver and the install worked. I will try to restart the computer now and see what happens...

mcgilacoty
2010-05-02, 03:42
The restart was successful and it appears that the graphics driver was successfully installed. Nothing else appears to have changed.

Cypher
2010-05-02, 12:52
Hi mcgilacoty.
I need you to run another scan for me.

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.If you use Firefox browser Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Next.

Please Disable you're anti virus so it doesn't interfere with the below scan.
Re-enable it after the scan.


Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.


Please go Here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log in you're next reply.

mcgilacoty
2010-05-03, 06:14
I ran the program as requested and it detected two different infected files that were a variant of the win32/... (can't remember what the file was) virus which it cleaned. I couldn't find a scan log even before I closed it out, but I will run it again to see if I can come up with something.

In the meantime I will try windows update again and explore around a little.

mcgilacoty
2010-05-03, 06:18
Referring to my previous post, I think it was a variant of win32.agent.

Windows update failed again.

Cypher
2010-05-03, 12:09
Hi mcgilacoty.

I couldn't find a scan log even before I closed it out, but I will run it again to see if I can come up with something.
The log should be saved on you're PC.
C:\Program Files\ESET\EsetOnlineScanner\log.txt. << Here.
If it's not there please run the scan again, be sure to disable you're AV first..

Next run through the below instructions then try windows updates again.

Dial-A-Fix

We need to repair some of windows' internal registration settings

Please download Dial-A-Fix from one of the following mirrors:
Primary Mirror (http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip)
Secondary Mirror (http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip)
Extract the zip file to your desktop.
Double click Dial-a-Fix.exe to start the program.
Press the green double checkmark box (Looks like this: http://billy-oneal.com/BleepingComputer/ScreenShots/DialAFix/checkmark.png)
UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:

http://billy-oneal.com/BleepingComputer/ScreenShots/DialAFix/toUncheck.png

http://billy-oneal.com/BleepingComputer/ScreenShots/DialAFix/mainWindow.png
Now I want you to uncheck all areas except what is under the SSL/HTTPS/Crytography this section leave checked
Click on go.
Exit/Close Dial-A-Fix.

mcgilacoty
2010-05-04, 06:54
Before I complete the next step I thought you should know that I got the BSOD on restart and had to reboot to a restore point. Does this change anything?

Also, I made a list of some of the stranger things going on with the cp:

-windows update continually fails

-vipre keeps locating the same cookie threat during each scan

-drivers won't install

-the clock is stuck in 24 hr mode

-BSOD: driver_irql_not_less_or_equal

Cypher
2010-05-04, 13:17
Hi mcgilacoty.

Before I complete the next step I thought you should know that I got the BSOD on restart and had to reboot to a restore point. Does this change anything?
Yes by using a restore point you could of reinfected you're PC again.
We need to start again and get some scans done.



Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
Click on OK within the pop-up menu.
In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
System registry.
Current user registry.
Next click on "OK"... at the prompt... reply "Yes".
After a short duration the Registry backup is complete! pop-up message will appear.
Now click on "OK". A registry backup has now been created.

Next.

Please disable you're AV and Run ComboFix again.

Next.

As you have Malwarebytes Anti-Malware: already installed.


Launch the application, Check for Updates >> Perform Quick Scan.
When the scan is complete, click OK, then Show Results to view the results.
Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Logs/Information to Post in your Next Reply


Combofix log.
Malwarebytes log.
Please give me an update on your computers performance.

mcgilacoty
2010-05-06, 08:03
ComboFix 10-05-05.04 - Preston 05/05/2010 23:17:27.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1573 [GMT -5:00]
Running from: c:\documents and settings\Preston\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-05-02 15:42 . 2010-05-02 15:42 -------- d-----w- c:\program files\ESET
2010-05-02 02:51 . 2006-03-22 06:21 10240 ----a-r- c:\windows\system32\bdco1ins.dll
2010-05-02 02:51 . 2006-03-14 13:45 35840 ----a-r- c:\windows\system32\nvconrm.dll
2010-05-02 02:51 . 2006-03-22 06:24 18944 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2010-05-02 02:51 . 2006-03-22 06:23 1068800 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2010-05-02 02:51 . 2006-03-22 06:21 10240 ----a-r- c:\windows\system32\bdco1.dll
2010-05-02 02:25 . 2007-04-17 02:46 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys
2010-04-30 13:33 . 2010-04-30 13:33 -------- d-----w- c:\program files\ERUNT
2010-04-29 04:17 . 2010-04-29 04:17 -------- d-----w- c:\program files\iPod
2010-04-29 04:17 . 2010-04-29 04:18 -------- d-----w- c:\program files\iTunes
2010-04-29 04:17 . 2010-04-29 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-29 04:17 . 2010-04-29 04:17 -------- d-----w- c:\program files\QuickTime
2010-04-29 04:16 . 2010-04-29 04:16 -------- d-----w- c:\program files\Apple Software Update
2010-04-29 04:16 . 2010-04-29 04:16 -------- d-----w- c:\program files\Bonjour
2010-04-29 04:16 . 2010-04-29 04:17 -------- d-----w- c:\program files\Common Files\Apple
2010-04-28 20:45 . 2010-04-28 20:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-19 06:44 . 2010-04-19 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications
2010-04-19 04:53 . 2010-04-19 04:53 -------- d-----w- c:\program files\Trend Micro
2010-04-19 04:37 . 2010-04-03 22:55 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-19 04:37 . 2010-04-03 22:55 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-19 04:37 . 2010-04-03 22:55 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-19 04:37 . 2010-04-03 22:55 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-19 04:37 . 2010-04-03 22:55 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-19 04:37 . 2010-04-03 22:55 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-19 04:37 . 2010-04-03 22:55 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-19 04:37 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-19 04:37 . 2010-04-03 22:55 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-19 04:36 . 2010-04-03 22:55 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-19 04:36 . 2010-04-03 22:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-19 04:36 . 2010-04-03 22:55 10232128 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-04-19 04:36 . 2010-04-03 22:55 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-04-19 04:23 . 2008-04-13 18:31 35840 ----a-w- c:\windows\system32\drivers\processr.sys
2010-04-19 03:52 . 2010-04-19 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-19 03:52 . 2010-04-19 03:52 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Microsoft Help
2010-04-19 02:50 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\NVD
2010-04-19 02:50 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Application Data\NVD
2010-04-19 02:50 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\SoftGrid Client
2010-04-19 02:49 . 2010-04-19 07:23 -------- d-----w- c:\documents and settings\Preston\Application Data\SoftGrid Client
2010-04-19 02:49 . 2010-04-19 02:49 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2010-04-19 02:49 . 2010-04-19 02:49 -------- d-----w- c:\documents and settings\All Users\Microsoft
2010-04-19 02:48 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Application Data\TP
2010-04-19 02:38 . 2010-04-19 02:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-19 02:36 . 2010-04-19 02:36 -------- d-----w- c:\program files\Common Files\Java
2010-04-19 02:36 . 2010-04-19 02:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-19 02:36 . 2010-04-19 02:36 -------- d-----w- c:\program files\Java
2010-04-19 02:35 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-19 02:34 . 2010-04-19 02:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 02:34 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-19 01:57 . 2010-04-19 02:40 -------- d-----w- c:\windows\ie8updates
2010-04-19 01:45 . 2008-04-14 10:42 10752 ----a-w- c:\windows\system32\smtpapi.dll
2010-04-19 01:45 . 2008-04-14 10:42 9728 ----a-w- c:\windows\system32\rwnh.dll
2010-04-18 22:13 . 2010-04-18 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-04-18 22:12 . 2010-04-18 22:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-18 22:11 . 2010-04-19 01:56 -------- dc-h--w- c:\windows\ie8
2010-04-18 22:08 . 2008-07-08 13:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-04-18 22:08 . 2010-04-18 22:08 -------- d-----w- C:\58209d509bb6c760d0
2010-04-18 11:00 . 2010-04-18 11:00 -------- d-----w- c:\program files\VS Revo Group
2010-04-18 07:28 . 2010-01-05 09:40 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-04-18 07:28 . 2010-01-05 09:40 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-04-18 07:24 . 2010-04-18 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-04-18 07:24 . 2010-04-18 07:24 -------- d-----w- c:\documents and settings\Preston\Application Data\Sunbelt
2010-04-18 07:22 . 2010-02-22 01:30 85080 ----a-w- c:\windows\system32\drivers\sbhips.sys
2010-04-18 07:22 . 2010-02-22 01:30 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys
2010-04-18 07:22 . 2010-04-18 07:22 -------- d-----w- c:\program files\Sunbelt Software
2010-04-18 04:40 . 2010-04-18 04:40 146579236 ----a-w- C:\registrybackup.reg
2010-04-17 12:35 . 2008-04-13 16:39 142592 -c--a-w- c:\windows\system32\dllcache\aec.sys
2010-04-17 12:35 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-04-15 07:02 . 2010-04-15 08:35 -------- d-----w- C:\f0b6fdfa5c5738b47c
2010-04-15 06:53 . 2010-04-15 06:53 -------- d-----w- c:\documents and settings\Preston\Application Data\MSNInstaller
2010-04-15 06:44 . 2010-04-15 06:44 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-04-15 06:43 . 2010-04-15 06:43 -------- d-----w- c:\documents and settings\Preston\Application Data\Uniblue
2010-04-15 06:09 . 2010-04-15 06:09 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Mozilla
2010-04-15 06:05 . 2010-04-15 06:05 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Downloaded Installations
2010-04-15 04:23 . 2010-04-15 04:23 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-04-15 03:44 . 2010-04-15 03:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-13 12:14 . 2010-04-13 12:14 -------- d-----w- c:\windows\Options
2010-04-12 04:22 . 2010-04-12 04:22 -------- d-----w- c:\documents and settings\Preston\Application Data\Malwarebytes
2010-04-12 04:21 . 2010-04-12 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-09 15:01 . 2010-04-09 15:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-08 02:30 . 2010-04-08 02:30 503808 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\msvcp71.dll
2010-04-08 02:30 . 2010-04-08 02:30 499712 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\jmc.dll
2010-04-08 02:30 . 2010-04-08 02:30 348160 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\msvcr71.dll
2010-04-08 02:30 . 2010-04-08 02:30 61440 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6421359f-n\decora-sse.dll
2010-04-08 02:30 . 2010-04-08 02:30 12800 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6421359f-n\decora-d3d.dll
2010-04-07 16:20 . 2010-04-07 16:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-04-07 00:12 . 2010-04-07 00:12 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-04-06 23:35 . 2010-04-06 23:35 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-04-06 23:35 . 2010-04-06 23:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-06 18:02 . 2010-04-15 03:42 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-06 18:02 . 2010-04-06 18:02 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-06 18:02 . 2010-04-06 18:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 05:56 . 2008-03-27 20:54 -------- d-----w- c:\program files\Steam
2010-05-02 00:07 . 2007-02-13 07:32 -------- d-----w- c:\program files\AMD
2010-05-01 13:47 . 2007-02-13 08:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-30 03:36 . 2007-03-25 06:45 -------- d-----w- c:\documents and settings\Preston\Application Data\Apple Computer
2010-04-20 14:14 . 2008-03-24 22:46 -------- d-----w- c:\documents and settings\Preston\Application Data\SolidWorks
2010-04-20 05:40 . 2007-02-13 09:39 66264 -c--a-w- c:\documents and settings\Preston\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-19 04:42 . 2007-02-13 08:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-18 22:08 . 2007-02-13 17:27 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-18 10:05 . 2009-07-21 06:21 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-04-18 09:53 . 2009-11-02 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-16 21:03 . 2004-08-04 12:00 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2010-04-15 03:42 . 2007-03-01 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-13 12:19 . 2007-05-05 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-13 12:17 . 2007-05-14 05:46 -------- d-----w- c:\documents and settings\Preston\Application Data\ICAClient
2010-04-13 12:15 . 2007-02-20 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-04-10 06:06 . 2007-02-13 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-10 06:05 . 2007-04-17 09:06 40 ----a-w- c:\windows\system32\profile.dat
2010-04-08 02:37 . 2007-04-04 08:16 -------- d--h--w- c:\documents and settings\Preston\Application Data\Move Networks
2010-04-04 00:23 . 2010-04-04 00:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-04 00:23 . 2010-04-04 00:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-04 00:23 . 2010-04-04 00:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-04 00:23 . 2010-04-04 00:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 00:23 . 2010-04-04 00:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-04 00:22 . 2010-04-04 00:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55 . 2010-04-19 04:41 6432128 ----a-w- c:\windows\system32\SET3F.tmp
2010-04-03 22:55 . 2007-02-14 22:31 600680 -c--a-w- c:\windows\system32\nvudisp.exe
2010-04-02 21:54 . 2007-02-14 22:18 600680 -c--a-w- c:\windows\system32\NVUNINST.EXE
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 02:39 . 2010-02-22 02:39 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-02-16 14:08 . 2004-08-04 12:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2007-02-13 09:43 . 2007-02-13 09:43 35302248 -c--a-w- c:\program files\5.05.25.00_ntune_winxp_international.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-30_13.45.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-06 02:13 . 2010-05-06 02:13 16384 c:\windows\temp\Perflib_Perfdata_1dc.dat
+ 2010-05-02 02:25 . 2008-04-13 18:31 35840 c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\processr.sys
+ 2010-05-02 02:25 . 2008-04-13 18:31 35840 c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\processr.sys
+ 2010-05-02 00:13 . 2010-04-04 00:22 81920 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvwddi.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 35328 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvcod.dll
+ 2010-05-02 02:51 . 2006-03-22 06:24 18944 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvnetbus.sys
+ 2010-05-02 02:51 . 2006-03-14 13:45 35840 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvconrm.dll
+ 2010-05-02 02:51 . 2006-03-22 06:21 10240 c:\windows\system32\ReinstallBackups\0007\DriverFiles\bdco1.dll
+ 2010-04-18 20:52 . 2010-05-01 13:44 3460 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
- 2010-04-18 20:52 . 2010-04-20 10:24 3460 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2010-05-02 00:13 . 2010-04-04 00:23 154216 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvsvc32.exe
+ 2010-05-02 00:13 . 2007-12-05 06:41 286720 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvnt4cpl.dll
+ 2010-05-02 00:13 . 2010-04-04 00:23 110696 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmctray.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 188416 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmccss.dll
+ 2010-05-02 00:13 . 2010-04-04 00:23 278120 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmccs.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 385024 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvapi.dll
+ 2010-05-02 02:51 . 2006-03-22 06:23 261120 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvsnpu.sys
+ 2010-05-06 04:14 . 2010-05-06 04:14 335872 c:\windows\ERDNT\5-5-2010\Users\00000002\UsrClass.dat
+ 2010-05-06 04:14 . 2005-10-20 17:02 163328 c:\windows\ERDNT\5-5-2010\ERDNT.EXE
+ 2010-05-02 00:13 . 2007-12-05 06:41 2498560 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvwss.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 3710976 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvvitvs.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 6901760 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvoglnt.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 1228800 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmobls.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 3420160 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvgames.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 6549504 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvdisps.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 1089536 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvcuda.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 7435392 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nv4_mini.sys
+ 2010-05-02 00:13 . 2007-12-05 06:41 5773568 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nv4_disp.dll
+ 2010-05-02 02:51 . 2006-03-22 06:23 1068800 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvnrm.sys
+ 2010-05-02 00:13 . 2010-04-04 00:23 13670504 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvcpl.dll
+ 2010-05-06 04:14 . 2010-05-06 04:14 17776640 c:\windows\ERDNT\5-5-2010\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-08-08 16:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-02-22 1291600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"nwiz"="nwiz.exe" [BU]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
backup=c:\windows\pss\Program Neighborhood Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 13:30 132392 -c--a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-17 17:32 17920 ----a-w- c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-12-12 15:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
2004-09-03 08:58 65536 ------w- c:\program files\Ahead\ODD Toolkit\dvdtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
2004-06-15 01:54 200704 ----a-w- c:\program files\Gigabyte\ET5\GUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
2006-06-02 08:46 385024 ------r- c:\windows\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2008-08-08 16:27 1083176 ----a-w- c:\program files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 20:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
2006-03-08 13:56 278528 -c----w- c:\program files\Creative\MediaSource5\MtdAcqu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 20:29 2221352 -c--a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-06 13:25 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-04 00:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-01-22 23:22 81920 -c--a-w- c:\program files\NVIDIA Corporation\nTune\ntunecmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-04 00:23 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2007-10-10 21:46 226890 -c--a-w- c:\program files\Plaxo\2.13.1.2\PlaxoHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
2005-06-17 00:25 49152 ----a-w- c:\program files\Creative\Shared Files\Module Loader\dllml.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-27 02:47 16208384 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2008-08-08 16:28 2049320 -c--a-w- c:\program files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 -c----r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-02 05:54 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SolidWorks Licensing Service"=3 (0x3)
"NeroRegInCDSrv"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"gupdate"=2 (0x2)
"WZCSVC"=2 (0x2)
"UPS"=3 (0x3)
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SoundMovieServer"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"ISSVC"=2 (0x2)
"nTuneService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [4/18/2010 2:28 AM 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/14/2009 3:39 AM 95024]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/18/2010 2:22 AM 204632]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 7:35 AM 819600]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [4/18/2010 2:28 AM 69720]
R2 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/18/2010 2:22 AM 85080]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [2/21/2010 9:39 PM 181584]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 3:04 PM 447832]
R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 3:04 PM 543064]
R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 3:04 PM 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 3:05 PM 21864]
R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 3:04 PM 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 3:04 PM 203608]
R3 TunRDriverV32;TunRDriverV32;c:\windows\system32\drivers\TunRDriverV32.sys [8/9/2007 2:35 AM 506496]
R3 TunRVideo32;TunRVideo32;c:\windows\system32\drivers\TunRVideo32.sys [3/28/2008 6:19 PM 3768]
S0 AmdAcpi;AmdAcpi Bus Filter Driver; [x]
S2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2/21/2010 9:40 PM 2726000]
S3 amdtools;AMD Special Tools Driver; [x]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2/13/2007 4:51 AM 96256]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [8/8/2008 11:28 AM 53032]
S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [3/28/2008 6:19 PM 184320]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/14/2007 12:20 AM 646392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-05-05 c:\windows\Tasks\User_Feed_Synchronization-{561DDAE7-884D-4921-9C0C-F2EA28E4F39D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} - hxxps://www.wm-mobile.ubs.com/md/plugin/excel_mobil/excel.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 23:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\WININET.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-05 23:26:55
ComboFix-quarantined-files.txt 2010-05-06 04:26
ComboFix2.txt 2010-05-01 13:57
ComboFix3.txt 2010-04-30 13:48
ComboFix4.txt 2010-04-18 22:44

Pre-Run: 79,832,543,232 bytes free
Post-Run: 79,785,873,408 bytes free

Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 8776A7A5A2A927EE7C0372B334E9CAC2

mcgilacoty
2010-05-06, 08:04
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/6/2010 12:00:22 AM
mbam-log-2010-05-06 (00-00-22).txt

Scan type: Quick scan
Objects scanned: 128769
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

mcgilacoty
2010-05-06, 08:04
I haven't noticed any chenges in performance but i haven't been able to check thoroughly...

Cypher
2010-05-06, 12:07
Hi mcgilacoty.
Please follow the instructions i posted Here (http://forums.spybot.info/showpost.php?p=369753&postcount=16) for running the ESET online scan.
Post the log form the scan in in you're next reply.

Cypher
2010-05-09, 14:33
This topic has been archived due to inactivity.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start a new topic.