I caught a nasty bug... help please!

**Cypher** · 2010-05-04, 12:17

Hi mcgilacoty.

Before I complete the next step I thought you should know that I got the BSOD on restart and had to reboot to a restore point. Does this change anything?

Yes by using a restore point you could of reinfected you're PC again.
We need to start again and get some scans done.

Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
Click on OK within the pop-up menu.
In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
- System registry.
- Current user registry.
Next click on "OK"... at the prompt... reply "Yes".
After a short duration the Registry backup is complete! pop-up message will appear.
Now click on "OK". A registry backup has now been created.

Next.

Please disable you're AV and Run ComboFix again.

Next.

As you have Malwarebytes Anti-Malware: already installed.

Launch the application, Check for Updates >> Perform Quick Scan.
When the scan is complete, click OK, then Show Results to view the results.
Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Logs/Information to Post in your Next Reply

Combofix log.
Malwarebytes log.
Please give me an update on your computers performance.

**mcgilacoty** · 2010-05-06, 07:03

ComboFix 10-05-05.04 - Preston 05/05/2010 23:17:27.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1573 [GMT -5:00]
Running from: c:\documents and settings\Preston\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-05-02 15:42 . 2010-05-02 15:42 -------- d-----w- c:\program files\ESET
2010-05-02 02:51 . 2006-03-22 06:21 10240 ----a-r- c:\windows\system32\bdco1ins.dll
2010-05-02 02:51 . 2006-03-14 13:45 35840 ----a-r- c:\windows\system32\nvconrm.dll
2010-05-02 02:51 . 2006-03-22 06:24 18944 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2010-05-02 02:51 . 2006-03-22 06:23 1068800 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2010-05-02 02:51 . 2006-03-22 06:21 10240 ----a-r- c:\windows\system32\bdco1.dll
2010-05-02 02:25 . 2007-04-17 02:46 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys
2010-04-30 13:33 . 2010-04-30 13:33 -------- d-----w- c:\program files\ERUNT
2010-04-29 04:17 . 2010-04-29 04:17 -------- d-----w- c:\program files\iPod
2010-04-29 04:17 . 2010-04-29 04:18 -------- d-----w- c:\program files\iTunes
2010-04-29 04:17 . 2010-04-29 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-29 04:17 . 2010-04-29 04:17 -------- d-----w- c:\program files\QuickTime
2010-04-29 04:16 . 2010-04-29 04:16 -------- d-----w- c:\program files\Apple Software Update
2010-04-29 04:16 . 2010-04-29 04:16 -------- d-----w- c:\program files\Bonjour
2010-04-29 04:16 . 2010-04-29 04:17 -------- d-----w- c:\program files\Common Files\Apple
2010-04-28 20:45 . 2010-04-28 20:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-19 06:44 . 2010-04-19 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications
2010-04-19 04:53 . 2010-04-19 04:53 -------- d-----w- c:\program files\Trend Micro
2010-04-19 04:37 . 2010-04-03 22:55 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-19 04:37 . 2010-04-03 22:55 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-19 04:37 . 2010-04-03 22:55 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-19 04:37 . 2010-04-03 22:55 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-19 04:37 . 2010-04-03 22:55 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-19 04:37 . 2010-04-03 22:55 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-19 04:37 . 2010-04-03 22:55 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-19 04:37 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-19 04:37 . 2010-04-03 22:55 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-19 04:36 . 2010-04-03 22:55 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-19 04:36 . 2010-04-03 22:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-19 04:36 . 2010-04-03 22:55 10232128 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-04-19 04:36 . 2010-04-03 22:55 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-04-19 04:23 . 2008-04-13 18:31 35840 ----a-w- c:\windows\system32\drivers\processr.sys
2010-04-19 03:52 . 2010-04-19 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-19 03:52 . 2010-04-19 03:52 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Microsoft Help
2010-04-19 02:50 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\NVD
2010-04-19 02:50 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Application Data\NVD
2010-04-19 02:50 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\SoftGrid Client
2010-04-19 02:49 . 2010-04-19 07:23 -------- d-----w- c:\documents and settings\Preston\Application Data\SoftGrid Client
2010-04-19 02:49 . 2010-04-19 02:49 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2010-04-19 02:49 . 2010-04-19 02:49 -------- d-----w- c:\documents and settings\All Users\Microsoft
2010-04-19 02:48 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Application Data\TP
2010-04-19 02:38 . 2010-04-19 02:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-19 02:36 . 2010-04-19 02:36 -------- d-----w- c:\program files\Common Files\Java
2010-04-19 02:36 . 2010-04-19 02:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-19 02:36 . 2010-04-19 02:36 -------- d-----w- c:\program files\Java
2010-04-19 02:35 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-19 02:34 . 2010-04-19 02:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 02:34 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-19 01:57 . 2010-04-19 02:40 -------- d-----w- c:\windows\ie8updates
2010-04-19 01:45 . 2008-04-14 10:42 10752 ----a-w- c:\windows\system32\smtpapi.dll
2010-04-19 01:45 . 2008-04-14 10:42 9728 ----a-w- c:\windows\system32\rwnh.dll
2010-04-18 22:13 . 2010-04-18 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-04-18 22:12 . 2010-04-18 22:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-18 22:11 . 2010-04-19 01:56 -------- dc-h--w- c:\windows\ie8
2010-04-18 22:08 . 2008-07-08 13:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-04-18 22:08 . 2010-04-18 22:08 -------- d-----w- C:\58209d509bb6c760d0
2010-04-18 11:00 . 2010-04-18 11:00 -------- d-----w- c:\program files\VS Revo Group
2010-04-18 07:28 . 2010-01-05 09:40 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-04-18 07:28 . 2010-01-05 09:40 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-04-18 07:24 . 2010-04-18 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-04-18 07:24 . 2010-04-18 07:24 -------- d-----w- c:\documents and settings\Preston\Application Data\Sunbelt
2010-04-18 07:22 . 2010-02-22 01:30 85080 ----a-w- c:\windows\system32\drivers\sbhips.sys
2010-04-18 07:22 . 2010-02-22 01:30 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys
2010-04-18 07:22 . 2010-04-18 07:22 -------- d-----w- c:\program files\Sunbelt Software
2010-04-18 04:40 . 2010-04-18 04:40 146579236 ----a-w- C:\registrybackup.reg
2010-04-17 12:35 . 2008-04-13 16:39 142592 -c--a-w- c:\windows\system32\dllcache\aec.sys
2010-04-17 12:35 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-04-15 07:02 . 2010-04-15 08:35 -------- d-----w- C:\f0b6fdfa5c5738b47c
2010-04-15 06:53 . 2010-04-15 06:53 -------- d-----w- c:\documents and settings\Preston\Application Data\MSNInstaller
2010-04-15 06:44 . 2010-04-15 06:44 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-04-15 06:43 . 2010-04-15 06:43 -------- d-----w- c:\documents and settings\Preston\Application Data\Uniblue
2010-04-15 06:09 . 2010-04-15 06:09 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Mozilla
2010-04-15 06:05 . 2010-04-15 06:05 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Downloaded Installations
2010-04-15 04:23 . 2010-04-15 04:23 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-04-15 03:44 . 2010-04-15 03:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-13 12:14 . 2010-04-13 12:14 -------- d-----w- c:\windows\Options
2010-04-12 04:22 . 2010-04-12 04:22 -------- d-----w- c:\documents and settings\Preston\Application Data\Malwarebytes
2010-04-12 04:21 . 2010-04-12 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-09 15:01 . 2010-04-09 15:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-08 02:30 . 2010-04-08 02:30 503808 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\msvcp71.dll
2010-04-08 02:30 . 2010-04-08 02:30 499712 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\jmc.dll
2010-04-08 02:30 . 2010-04-08 02:30 348160 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\msvcr71.dll
2010-04-08 02:30 . 2010-04-08 02:30 61440 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6421359f-n\decora-sse.dll
2010-04-08 02:30 . 2010-04-08 02:30 12800 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6421359f-n\decora-d3d.dll
2010-04-07 16:20 . 2010-04-07 16:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-04-07 00:12 . 2010-04-07 00:12 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-04-06 23:35 . 2010-04-06 23:35 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-04-06 23:35 . 2010-04-06 23:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-06 18:02 . 2010-04-15 03:42 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-06 18:02 . 2010-04-06 18:02 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-06 18:02 . 2010-04-06 18:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 05:56 . 2008-03-27 20:54 -------- d-----w- c:\program files\Steam
2010-05-02 00:07 . 2007-02-13 07:32 -------- d-----w- c:\program files\AMD
2010-05-01 13:47 . 2007-02-13 08:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-30 03:36 . 2007-03-25 06:45 -------- d-----w- c:\documents and settings\Preston\Application Data\Apple Computer
2010-04-20 14:14 . 2008-03-24 22:46 -------- d-----w- c:\documents and settings\Preston\Application Data\SolidWorks
2010-04-20 05:40 . 2007-02-13 09:39 66264 -c--a-w- c:\documents and settings\Preston\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-19 04:42 . 2007-02-13 08:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-18 22:08 . 2007-02-13 17:27 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-18 10:05 . 2009-07-21 06:21 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-04-18 09:53 . 2009-11-02 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-16 21:03 . 2004-08-04 12:00 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2010-04-15 03:42 . 2007-03-01 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-13 12:19 . 2007-05-05 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-13 12:17 . 2007-05-14 05:46 -------- d-----w- c:\documents and settings\Preston\Application Data\ICAClient
2010-04-13 12:15 . 2007-02-20 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-04-10 06:06 . 2007-02-13 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-10 06:05 . 2007-04-17 09:06 40 ----a-w- c:\windows\system32\profile.dat
2010-04-08 02:37 . 2007-04-04 08:16 -------- d--h--w- c:\documents and settings\Preston\Application Data\Move Networks
2010-04-04 00:23 . 2010-04-04 00:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-04 00:23 . 2010-04-04 00:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-04 00:23 . 2010-04-04 00:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-04 00:23 . 2010-04-04 00:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 00:23 . 2010-04-04 00:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-04 00:22 . 2010-04-04 00:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55 . 2010-04-19 04:41 6432128 ----a-w- c:\windows\system32\SET3F.tmp
2010-04-03 22:55 . 2007-02-14 22:31 600680 -c--a-w- c:\windows\system32\nvudisp.exe
2010-04-02 21:54 . 2007-02-14 22:18 600680 -c--a-w- c:\windows\system32\NVUNINST.EXE
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 02:39 . 2010-02-22 02:39 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-02-16 14:08 . 2004-08-04 12:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2007-02-13 09:43 . 2007-02-13 09:43 35302248 -c--a-w- c:\program files\5.05.25.00_ntune_winxp_international.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-30_13.45.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-06 02:13 . 2010-05-06 02:13 16384 c:\windows\temp\Perflib_Perfdata_1dc.dat
+ 2010-05-02 02:25 . 2008-04-13 18:31 35840 c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\processr.sys
+ 2010-05-02 02:25 . 2008-04-13 18:31 35840 c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\processr.sys
+ 2010-05-02 00:13 . 2010-04-04 00:22 81920 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvwddi.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 35328 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvcod.dll
+ 2010-05-02 02:51 . 2006-03-22 06:24 18944 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvnetbus.sys
+ 2010-05-02 02:51 . 2006-03-14 13:45 35840 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvconrm.dll
+ 2010-05-02 02:51 . 2006-03-22 06:21 10240 c:\windows\system32\ReinstallBackups\0007\DriverFiles\bdco1.dll
+ 2010-04-18 20:52 . 2010-05-01 13:44 3460 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
- 2010-04-18 20:52 . 2010-04-20 10:24 3460 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2010-05-02 00:13 . 2010-04-04 00:23 154216 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvsvc32.exe
+ 2010-05-02 00:13 . 2007-12-05 06:41 286720 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvnt4cpl.dll
+ 2010-05-02 00:13 . 2010-04-04 00:23 110696 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmctray.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 188416 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmccss.dll
+ 2010-05-02 00:13 . 2010-04-04 00:23 278120 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmccs.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 385024 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvapi.dll
+ 2010-05-02 02:51 . 2006-03-22 06:23 261120 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvsnpu.sys
+ 2010-05-06 04:14 . 2010-05-06 04:14 335872 c:\windows\ERDNT\5-5-2010\Users\00000002\UsrClass.dat
+ 2010-05-06 04:14 . 2005-10-20 17:02 163328 c:\windows\ERDNT\5-5-2010\ERDNT.EXE
+ 2010-05-02 00:13 . 2007-12-05 06:41 2498560 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvwss.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 3710976 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvvitvs.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 6901760 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvoglnt.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 1228800 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvmobls.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 3420160 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvgames.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 6549504 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvdisps.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 1089536 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvcuda.dll
+ 2010-05-02 00:13 . 2007-12-05 06:41 7435392 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nv4_mini.sys
+ 2010-05-02 00:13 . 2007-12-05 06:41 5773568 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nv4_disp.dll
+ 2010-05-02 02:51 . 2006-03-22 06:23 1068800 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvnrm.sys
+ 2010-05-02 00:13 . 2010-04-04 00:23 13670504 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvcpl.dll
+ 2010-05-06 04:14 . 2010-05-06 04:14 17776640 c:\windows\ERDNT\5-5-2010\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-08-08 16:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-02-22 1291600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"nwiz"="nwiz.exe" [BU]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
backup=c:\windows\pss\Program Neighborhood Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 13:30 132392 -c--a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-17 17:32 17920 ----a-w- c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-12-12 15:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
2004-09-03 08:58 65536 ------w- c:\program files\Ahead\ODD Toolkit\dvdtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
2004-06-15 01:54 200704 ----a-w- c:\program files\Gigabyte\ET5\GUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
2006-06-02 08:46 385024 ------r- c:\windows\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2008-08-08 16:27 1083176 ----a-w- c:\program files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 20:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
2006-03-08 13:56 278528 -c----w- c:\program files\Creative\MediaSource5\MtdAcqu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 20:29 2221352 -c--a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-06 13:25 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-04 00:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-01-22 23:22 81920 -c--a-w- c:\program files\NVIDIA Corporation\nTune\ntunecmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-04 00:23 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2007-10-10 21:46 226890 -c--a-w- c:\program files\Plaxo\2.13.1.2\PlaxoHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
2005-06-17 00:25 49152 ----a-w- c:\program files\Creative\Shared Files\Module Loader\dllml.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-27 02:47 16208384 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2008-08-08 16:28 2049320 -c--a-w- c:\program files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 -c----r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-02 05:54 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SolidWorks Licensing Service"=3 (0x3)
"NeroRegInCDSrv"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"gupdate"=2 (0x2)
"WZCSVC"=2 (0x2)
"UPS"=3 (0x3)
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SoundMovieServer"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"ISSVC"=2 (0x2)
"nTuneService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [4/18/2010 2:28 AM 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/14/2009 3:39 AM 95024]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/18/2010 2:22 AM 204632]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 7:35 AM 819600]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [4/18/2010 2:28 AM 69720]
R2 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/18/2010 2:22 AM 85080]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [2/21/2010 9:39 PM 181584]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 3:04 PM 447832]
R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 3:04 PM 543064]
R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 3:04 PM 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 3:05 PM 21864]
R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 3:04 PM 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 3:04 PM 203608]
R3 TunRDriverV32;TunRDriverV32;c:\windows\system32\drivers\TunRDriverV32.sys [8/9/2007 2:35 AM 506496]
R3 TunRVideo32;TunRVideo32;c:\windows\system32\drivers\TunRVideo32.sys [3/28/2008 6:19 PM 3768]
S0 AmdAcpi;AmdAcpi Bus Filter Driver; [x]
S2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2/21/2010 9:40 PM 2726000]
S3 amdtools;AMD Special Tools Driver; [x]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2/13/2007 4:51 AM 96256]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [8/8/2008 11:28 AM 53032]
S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [3/28/2008 6:19 PM 184320]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/14/2007 12:20 AM 646392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-05-05 c:\windows\Tasks\User_Feed_Synchronization-{561DDAE7-884D-4921-9C0C-F2EA28E4F39D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} - hxxps://www.wm-mobile.ubs.com/md/plugin/excel_mobil/excel.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 23:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\WININET.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-05 23:26:55
ComboFix-quarantined-files.txt 2010-05-06 04:26
ComboFix2.txt 2010-05-01 13:57
ComboFix3.txt 2010-04-30 13:48
ComboFix4.txt 2010-04-18 22:44

Pre-Run: 79,832,543,232 bytes free
Post-Run: 79,785,873,408 bytes free

Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 8776A7A5A2A927EE7C0372B334E9CAC2

**mcgilacoty** · 2010-05-06, 07:04

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/6/2010 12:00:22 AM
mbam-log-2010-05-06 (00-00-22).txt

Scan type: Quick scan
Objects scanned: 128769
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**mcgilacoty** · 2010-05-06, 07:04

I haven't noticed any chenges in performance but i haven't been able to check thoroughly...

**Cypher** · 2010-05-06, 11:07

Hi mcgilacoty.
Please follow the instructions i posted Here for running the ESET online scan.
Post the log form the scan in in you're next reply.

**Cypher** · 2010-05-09, 13:33

This topic has been archived due to inactivity.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start a new topic.

Thread: I caught a nasty bug... help please!

Thread Tools

Display

combofix

mabm

performance

Posting Permissions