Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: I caught a nasty bug... help please!

  1. #1
    Junior Member
    Join Date
    Apr 2010
    Posts
    18

    Default I caught a nasty bug... help please!

    I caught something somewhere but I have no clue what it is. I tried a series of scanners etc to fix the problem (as recommended by another forum). I was using norton internet security when it hit. I installed avg when I thought it was fixed but it came back. I think the bug is mostly gone but I'm not for sure. However, when I try to update some of my drivers I get an error message that says I don't have access. Then I get the wonderful BSOD on restart. I've used combofix, smitfraud, sdfix, malwarebytes, etc. etc. I finally installed vipre and that seemed to take care of most of the problem, but there still seems to be some residual effects. I'm at my wits end. Please help. Here is my HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:55:04, on 4/18/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\RunOnce: [NvRegisterMCTrayNview] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvMCRegisterApp c:\progra~1\NVIDIA~1\nview\nView.dll
    O4 - HKLM\..\RunOnce: [NvRegisterMCTray] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvMCRegisterApp C:\WINDOWS\system32\NvCpl.dll
    O4 - HKLM\..\RunOnce: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\TuneRaft\YouTubeRipper.dll
    O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\TuneRaft\YouTubeRipper.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} (Reuters PlusWeb Excel Macro 1,5,0,9) - https://www.wm-mobile.ubs.com/md/plu...obil/excel.cab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1271650456750
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: VIPRE Antivirus (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
    O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 6731 bytes

  2. #2
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    Hi and welcome to Safer Networking Forums, Sorry for the delay in answering your request for help.
    We have had more logs than we could handle in a timely manner.
    My name is Cypher, and I will be helping you with your malware problems.

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.
    Read Back up your files

    please note the following important guidelines.
    • The instructions being given are for YOUR computer and system only!.
      Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
    • If you don't know or understand something, please don't hesitate to ask.
    • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
    • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
      Absence of symptoms does not mean that everything is clear.
    • Please DO NOT run any other tools or scans whilst I am helping you.
    • Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    • The logs from the tools we use can take some time to research so please be patient.

    • If you haven't done so already, please read this topic READ this Procedure BEFORE Requesting Assistance where the conditions for receiving help here are explained.


    I've used combofix, smitfraud, sdfix, malwarebytes, etc. etc. I finally installed vipre and that seemed to take care of most of the problem
    You should not be running powerfull tools like combofix unsupervised, used incorectly such applications could leave you're PC unbootable.

    Please post the ComboFix log in you're next reply, it can be found at C:\ComboFix.txt .

    Next.

    Please post an Uninstall list.

    • Open HijackThis.
    • Click on the Open the Misc Tools section button.
    • Look under System tools.
    • Click on the Open Uninstall Manager... button.
    • Click on the Save list... button.
    • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
    • Notepad will open. Please post this log in your next reply.




    Logs/Information to Post in your Next Reply

    • ComboFix.txt log.
    • Uninstall list.
    • Please give me an update on your computers performance.

  3. #3
    Junior Member
    Join Date
    Apr 2010
    Posts
    18

    Default combofix log

    ComboFix 10-04-17.07 - Preston 04/18/2010 17:34:22.8.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1580 [GMT -5:00]
    Running from: c:\documents and settings\Preston\Desktop\ComboFix.exe
    AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Internet Explorer\SETD1.tmp
    c:\program files\Internet Explorer\SETD6.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
    .

    2010-04-18 22:13 . 2010-04-18 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2010-04-18 22:13 . 2007-12-05 06:41 35328 ----a-w- c:\windows\system32\nvcodins.dll
    2010-04-18 22:13 . 2007-12-05 06:41 35328 ----a-w- c:\windows\system32\nvcod.dll
    2010-04-18 22:13 . 2007-12-05 06:41 6901760 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-04-18 22:12 . 2007-12-05 06:41 1089536 ----a-w- c:\windows\system32\nvcuda.dll
    2010-04-18 22:12 . 2007-12-05 06:41 385024 ----a-w- c:\windows\system32\nvapi.dll
    2010-04-18 22:12 . 2007-12-05 06:41 5773568 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-04-18 22:12 . 2007-12-05 06:41 7435392 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2010-04-18 22:12 . 2010-04-18 22:12 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-04-18 22:11 . 2010-04-18 22:12 -------- dc-h--w- c:\windows\ie8
    2010-04-18 22:08 . 2008-07-08 13:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
    2010-04-18 22:08 . 2006-03-22 06:21 10240 ----a-r- c:\windows\system32\bdco1ins.dll
    2010-04-18 22:08 . 2006-03-14 13:45 35840 ----a-r- c:\windows\system32\nvconrm.dll
    2010-04-18 22:08 . 2006-03-22 06:24 18944 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
    2010-04-18 22:08 . 2006-03-22 06:23 1068800 ----a-r- c:\windows\system32\drivers\nvnrm.sys
    2010-04-18 22:08 . 2006-03-22 06:21 10240 ----a-r- c:\windows\system32\bdco1.dll
    2010-04-18 22:08 . 2010-04-18 22:08 -------- d-----w- C:\58209d509bb6c760d0
    2010-04-18 22:07 . 2007-04-17 02:46 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys
    2010-04-18 11:00 . 2010-04-18 11:00 -------- d-----w- c:\program files\VS Revo Group
    2010-04-18 07:28 . 2010-01-05 09:40 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys
    2010-04-18 07:28 . 2010-01-05 09:40 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys
    2010-04-18 07:24 . 2010-04-18 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
    2010-04-18 07:24 . 2010-04-18 07:24 -------- d-----w- c:\documents and settings\Preston\Application Data\Sunbelt
    2010-04-18 07:22 . 2010-02-22 01:30 85080 ----a-w- c:\windows\system32\drivers\sbhips.sys
    2010-04-18 07:22 . 2010-02-22 01:30 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys
    2010-04-18 07:22 . 2010-04-18 07:22 -------- d-----w- c:\program files\Sunbelt Software
    2010-04-18 04:40 . 2010-04-18 04:40 146579236 ----a-w- C:\registrybackup.reg
    2010-04-17 12:35 . 2008-04-13 16:39 142592 -c--a-w- c:\windows\system32\dllcache\aec.sys
    2010-04-17 12:35 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
    2010-04-15 07:02 . 2010-04-15 08:35 -------- d-----w- C:\f0b6fdfa5c5738b47c
    2010-04-15 06:53 . 2010-04-15 06:53 -------- d-----w- c:\documents and settings\Preston\Application Data\MSNInstaller
    2010-04-15 06:44 . 2010-04-15 06:44 -------- d-----w- c:\documents and settings\All Users\Uniblue
    2010-04-15 06:43 . 2010-04-15 06:43 -------- d-----w- c:\documents and settings\Preston\Application Data\Uniblue
    2010-04-15 06:09 . 2010-04-15 06:09 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Mozilla
    2010-04-15 06:05 . 2010-04-15 06:05 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Downloaded Installations
    2010-04-15 04:23 . 2010-04-15 04:23 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
    2010-04-15 03:44 . 2010-04-15 03:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-04-13 12:14 . 2010-04-13 12:14 -------- d-----w- c:\windows\Options
    2010-04-12 04:22 . 2010-04-12 04:22 -------- d-----w- c:\documents and settings\Preston\Application Data\Malwarebytes
    2010-04-12 04:21 . 2010-04-12 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-09 15:01 . 2010-04-09 15:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2010-04-08 02:30 . 2010-04-08 02:30 503808 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\msvcp71.dll
    2010-04-08 02:30 . 2010-04-08 02:30 499712 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\jmc.dll
    2010-04-08 02:30 . 2010-04-08 02:30 348160 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\msvcr71.dll
    2010-04-08 02:30 . 2010-04-08 02:30 61440 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6421359f-n\decora-sse.dll
    2010-04-08 02:30 . 2010-04-08 02:30 12800 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6421359f-n\decora-d3d.dll
    2010-04-07 16:20 . 2010-04-07 16:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
    2010-04-07 00:12 . 2010-04-07 00:12 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
    2010-04-06 23:35 . 2010-04-06 23:35 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
    2010-04-06 23:35 . 2010-04-06 23:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-04-06 18:02 . 2010-04-15 03:42 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-06 18:02 . 2010-04-06 18:02 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-04-06 18:02 . 2010-04-06 18:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-18 22:13 . 2007-02-13 08:35 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-04-18 22:08 . 2007-02-13 17:27 -------- d-----w- c:\program files\Windows Media Connect 2
    2010-04-18 21:48 . 2008-03-27 20:54 -------- d-----w- c:\program files\Steam
    2010-04-18 10:05 . 2009-07-21 06:21 -------- d-----w- c:\program files\K-Lite Codec Pack
    2010-04-18 09:53 . 2009-11-02 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-04-17 06:03 . 2008-03-24 22:46 -------- d-----w- c:\documents and settings\Preston\Application Data\SolidWorks
    2010-04-16 21:03 . 2004-08-04 12:00 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
    2010-04-15 06:34 . 2007-02-13 07:32 -------- d-----w- c:\program files\AMD
    2010-04-15 03:42 . 2007-03-01 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2010-04-13 12:19 . 2007-05-05 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-04-13 12:17 . 2007-05-14 05:46 -------- d-----w- c:\documents and settings\Preston\Application Data\ICAClient
    2010-04-13 12:15 . 2007-02-20 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2010-04-10 06:06 . 2007-02-13 08:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-04-10 06:06 . 2007-02-13 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-04-10 06:05 . 2007-04-17 09:06 40 ----a-w- c:\windows\system32\profile.dat
    2010-04-08 02:37 . 2007-04-04 08:16 -------- d--h--w- c:\documents and settings\Preston\Application Data\Move Networks
    2010-03-09 09:28 . 2009-07-09 08:11 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-22 02:39 . 2010-02-22 02:39 27984 ----a-w- c:\windows\system32\sbbd.exe
    2010-02-16 14:08 . 2004-08-04 12:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2004-08-03 22:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2007-02-13 09:43 . 2007-02-13 09:43 35302248 -c--a-w- c:\program files\5.05.25.00_ntune_winxp_international.exe
    .
    Code:
    <pre>
    c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt .exe
    c:\program files\Common Files\Symantec Shared\ccapp .exe
    c:\program files\Creative\MediaSource\Detector\ctdetect .exe
    c:\program files\Creative\Shared Files\Module Loader\dllml .exe
    c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\ctdvddet .exe
    c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\volpanel .exe
    c:\program files\NVIDIA Corporation\nTune\ntunecmd .exe
    </pre>
    ------- Sigcheck -------

    [-] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\SoftwareDistribution\Download\fd907694b9730bf0b6b92a6dbc2f96ef\sp3gdr\mshtml.dll
    [-] 2010-03-11 . 9289EBB759293A1381AB0C326A115AEC . 3602944 . . [7.00.6000.21228] . . c:\windows\SoftwareDistribution\Download\fd907694b9730bf0b6b92a6dbc2f96ef\sp3qfe\mshtml.dll
    [7] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\SoftwareDistribution\Download\bf853aeb396b834ced5a417bda2c636f\SP3GDR\mshtml.dll
    [7] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
    [7] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\SoftwareDistribution\Download\bf853aeb396b834ced5a417bda2c636f\SP3QFE\mshtml.dll
    [7] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
    [7] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
    [7] 2009-10-22 . A6CF28C6E0B6D10098AB601D85EE55E8 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
    [7] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
    [7] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
    [7] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\mshtml.dll
    [7] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
    [7] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\mshtml.dll
    [7] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
    [7] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
    [7] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
    [7] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
    [7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
    [7] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
    [7] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
    [7] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
    [7] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
    [7] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
    [7] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
    [7] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
    [-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\ie8\mshtml.dll
    [-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\system32\mshtml.dll
    [-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\system32\dllcache\mshtml.dll
    [7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB925454$\mshtml.dll

    [-] 2010-03-11 . B6AB2EB1DA4BB29079B84AC842520670 . 832512 . . [7.00.6000.17023] . . c:\windows\SoftwareDistribution\Download\fd907694b9730bf0b6b92a6dbc2f96ef\sp3gdr\wininet.dll
    [-] 2010-03-11 . 7F6A9D2F3CAA7780AAFD478BF3411462 . 841216 . . [7.00.6000.21228] . . c:\windows\SoftwareDistribution\Download\fd907694b9730bf0b6b92a6dbc2f96ef\sp3qfe\wininet.dll
    [7] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\SoftwareDistribution\Download\bf853aeb396b834ced5a417bda2c636f\SP3GDR\wininet.dll
    [7] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
    [7] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\SoftwareDistribution\Download\bf853aeb396b834ced5a417bda2c636f\SP3QFE\wininet.dll
    [7] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
    [7] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
    [7] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
    [7] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
    [7] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
    [7] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
    [7] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
    [7] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
    [7] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
    [7] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
    [7] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
    [7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
    [7] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
    [7] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
    [7] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
    [7] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
    [7] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
    [7] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
    [7] 2007-03-07 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
    [-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\ie8\wininet.dll
    [-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\system32\wininet.dll
    [-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\system32\dllcache\wininet.dll
    [7] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB925454$\wininet.dll
    .
    ((((((((((((((((((((((((((((( SnapShot_2010-04-18_10.38.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2004-08-04 12:00 . 2006-10-19 02:47 99840 c:\windows\system32\wmpshell.dll
    + 2010-04-18 22:08 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll
    - 2010-04-17 10:09 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll
    + 2010-04-18 22:12 . 2007-12-05 06:41 81920 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvwddi.dll
    + 2010-04-18 22:12 . 2007-12-05 06:41 81920 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvmctray.dll
    + 2010-04-18 22:12 . 2007-12-05 06:41 35328 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvcod.dll
    + 2010-04-18 22:08 . 2006-03-22 06:24 18944 c:\windows\system32\ReinstallBackups\0013\DriverFiles\nvnetbus.sys
    + 2010-04-18 22:08 . 2006-03-14 13:45 35840 c:\windows\system32\ReinstallBackups\0013\DriverFiles\nvconrm.dll
    + 2010-04-18 22:08 . 2006-03-22 06:21 10240 c:\windows\system32\ReinstallBackups\0013\DriverFiles\bdco1.dll
    + 2010-04-18 22:07 . 2008-04-13 18:31 35840 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\processr.sys
    + 2010-01-12 17:03 . 2010-01-12 17:03 61440 c:\windows\system32\OpenCL.dll
    - 2006-12-21 17:29 . 2007-12-05 06:41 81920 c:\windows\system32\nvwddi.dll
    + 2010-01-12 03:17 . 2010-01-12 03:17 81920 c:\windows\system32\nvwddi.dll
    + 2009-03-08 09:31 . 2009-03-08 09:31 13312 c:\windows\system32\msfeedssync.exe
    + 2009-03-08 09:31 . 2009-03-08 09:31 55296 c:\windows\system32\msfeedsbs.dll
    + 2009-03-08 09:31 . 2009-03-08 09:31 59904 c:\windows\system32\icardie.dll
    + 2004-08-04 12:00 . 2006-10-19 02:47 99840 c:\windows\system32\dllcache\wmpshell.dll
    + 2007-02-13 07:06 . 2006-10-19 02:46 64000 c:\windows\system32\dllcache\wmplayer.exe
    + 2007-02-13 07:06 . 2006-10-19 02:47 96256 c:\windows\system32\dllcache\wmpband.dll
    + 2010-04-18 22:12 . 2010-04-18 22:12 49664 c:\windows\Installer\d3211.msi
    + 2010-04-18 22:11 . 2004-08-04 12:00 37888 c:\windows\ie8\url.dll
    + 2010-04-18 22:12 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll
    + 2010-04-18 22:11 . 2006-10-23 15:34 39424 c:\windows\ie8\pngfilt.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 96256 c:\windows\ie8\occache.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 56832 c:\windows\ie8\mshtmler.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 29184 c:\windows\ie8\mshta.exe
    + 2010-04-18 22:11 . 2009-04-29 04:55 52224 c:\windows\ie8\msfeedsbs.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 22016 c:\windows\ie8\licmgr10.dll
    + 2010-04-18 22:11 . 2006-10-23 15:34 15872 c:\windows\ie8\jsproxy.dll
    + 2010-04-18 22:11 . 2006-10-23 15:34 96256 c:\windows\ie8\inseng.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 35840 c:\windows\ie8\imgutil.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 93184 c:\windows\ie8\iexplore.exe
    + 2010-04-18 22:11 . 2004-08-04 12:00 62976 c:\windows\ie8\iesetup.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 48640 c:\windows\ie8\iernonce.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 81920 c:\windows\ie8\ieencode.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 34304 c:\windows\ie8\ie4uinit.exe
    + 2010-04-18 22:11 . 2009-04-29 04:55 63488 c:\windows\ie8\icardie.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 38912 c:\windows\ie8\hmmapi.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 35328 c:\windows\ie8\corpol.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 99840 c:\windows\ie8\advpack.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 61440 c:\windows\ie8\admparse.dll
    + 2004-08-04 12:00 . 2006-10-19 02:47 7168 c:\windows\system32\dllcache\asferror.dll
    + 2004-08-04 12:00 . 2006-10-19 02:47 7168 c:\windows\system32\asferror.dll
    + 2010-04-18 20:52 . 2010-04-18 20:52 3460 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
    + 2006-10-19 02:47 . 2006-10-19 02:47 204288 c:\windows\system32\wmpsrcwp.dll
    + 2006-10-19 02:47 . 2006-10-19 02:47 130048 c:\windows\system32\wmpps.dll
    + 2006-10-19 02:47 . 2006-10-19 02:47 613376 c:\windows\system32\wmpmde.dll
    + 2006-10-19 02:47 . 2006-10-19 02:47 295936 c:\windows\system32\wmpeffects.dll
    + 2004-08-04 12:00 . 2006-10-19 02:47 314880 c:\windows\system32\wmpdxm.dll
    + 2004-08-04 12:00 . 2006-10-19 02:47 242688 c:\windows\system32\wmpasf.dll
    + 2004-08-04 12:00 . 2006-10-19 02:47 227328 c:\windows\system32\wmerror.dll
    + 2009-03-08 09:34 . 2009-03-08 09:34 208384 c:\windows\system32\WinFXDocObj.exe
    + 2004-08-04 12:00 . 2008-05-09 10:53 430080 c:\windows\system32\vbscript.dll
    + 2010-04-18 22:12 . 2007-12-05 06:41 155716 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvsvc32.exe
    + 2010-04-18 22:12 . 2007-12-05 06:41 286720 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvnt4cpl.dll
    + 2010-04-18 22:12 . 2007-12-05 06:41 188416 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvmccss.dll
    + 2010-04-18 22:12 . 2007-12-05 06:41 229376 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvmccs.dll
    + 2010-04-18 22:12 . 2007-12-05 06:41 385024 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvapi.dll
    + 2010-04-18 22:08 . 2006-03-22 06:23 261120 c:\windows\system32\ReinstallBackups\0013\DriverFiles\nvsnpu.sys
    + 2007-02-14 23:09 . 2008-07-30 01:33 446464 c:\windows\system32\nvunrm.exe
    + 2007-02-14 22:18 . 2010-01-12 17:03 592488 c:\windows\system32\NVUNINST.EXE
    + 2007-02-14 22:31 . 2010-01-12 17:03 592488 c:\windows\system32\nvudisp.exe
    + 2010-01-12 03:17 . 2010-01-12 03:17 154216 c:\windows\system32\nvsvc32.exe
    + 2010-01-12 03:17 . 2010-01-12 03:17 110696 c:\windows\system32\nvmctray.dll
    + 2010-01-12 03:17 . 2010-01-12 03:17 278120 c:\windows\system32\nvmccs.dll
    + 2010-01-12 03:17 . 2010-01-12 03:17 145000 c:\windows\system32\nvcolor.exe
    + 2009-03-08 09:32 . 2009-03-08 09:32 594432 c:\windows\system32\msfeeds.dll
    + 2004-08-04 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
    + 2009-03-08 09:22 . 2009-03-08 09:22 164352 c:\windows\system32\ieui.dll
    + 2009-03-08 09:11 . 2009-03-08 09:11 445952 c:\windows\system32\ieapfltr.dll
    + 2004-08-04 12:00 . 2006-10-19 02:47 314880 c:\windows\system32\dllcache\wmpdxm.dll
    + 2004-08-04 12:00 . 2006-10-19 02:47 242688 c:\windows\system32\dllcache\wmpasf.dll
    + 2004-08-04 12:00 . 2006-10-19 02:47 227328 c:\windows\system32\dllcache\wmerror.dll
    + 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
    + 2004-08-04 12:00 . 2006-11-01 23:31 315904 c:\windows\system32\dllcache\unregmp2.exe
    + 2009-01-07 23:20 . 2009-01-07 23:20 134144 c:\windows\system32\dllcache\sqmapi.dll
    + 2009-01-07 23:20 . 2009-01-07 23:20 474112 c:\windows\system32\dllcache\shlwapi.dll
    + 2007-02-13 07:06 . 2006-10-19 02:47 243712 c:\windows\system32\dllcache\mpvis.dll
    + 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
    + 2004-08-04 12:00 . 2008-04-14 00:11 640000 c:\windows\system32\dllcache\dbghelp.dll
    + 2004-08-04 12:00 . 2006-11-01 23:31 315904 c:\windows\inf\unregmp2.exe
    + 2010-04-18 22:11 . 2004-08-04 12:00 276480 c:\windows\ie8\webcheck.dll
    + 2010-04-18 22:11 . 2006-12-19 18:08 852480 c:\windows\ie8\vgx.dll
    + 2010-04-18 22:11 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
    + 2010-04-18 22:11 . 2006-10-23 15:34 615936 c:\windows\ie8\urlmon.dll
    + 2010-04-18 22:12 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll
    + 2010-04-18 22:12 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe
    + 2010-04-18 22:11 . 2006-10-23 15:34 532480 c:\windows\ie8\mstime.dll
    + 2010-04-18 22:11 . 2006-10-23 15:34 146432 c:\windows\ie8\msrating.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 146432 c:\windows\ie8\msls31.dll
    + 2010-04-18 22:11 . 2006-10-23 15:34 448512 c:\windows\ie8\mshtmled.dll
    + 2010-04-18 22:11 . 2009-04-29 04:55 459264 c:\windows\ie8\msfeeds.dll
    + 2010-04-18 22:11 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
    + 2010-04-18 22:11 . 2009-04-29 04:55 268288 c:\windows\ie8\iertutil.dll
    + 2010-04-18 22:11 . 2006-10-23 15:34 251904 c:\windows\ie8\iepeers.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 323584 c:\windows\ie8\iedkcs32.dll
    + 2010-04-18 22:11 . 2009-04-29 04:55 383488 c:\windows\ie8\ieapfltr.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 221184 c:\windows\ie8\ieakui.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 216576 c:\windows\ie8\ieaksie.dll
    + 2010-04-18 22:11 . 2004-08-04 12:00 139264 c:\windows\ie8\ieakeng.dll
    + 2010-04-18 22:11 . 2006-10-23 15:34 205312 c:\windows\ie8\dxtrans.dll
    + 2010-04-18 22:11 . 2006-10-23 15:34 357888 c:\windows\ie8\dxtmsft.dll
    + 2004-08-04 12:00 . 2006-10-19 02:47 8231936 c:\windows\system32\wmploc.dll
    + 2006-10-19 02:47 . 2006-10-19 02:47 1661440 c:\windows\system32\wmpencen.dll
    + 2010-04-18 22:12 . 2007-12-05 06:41 2498560 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvwss.dll
    + 2010-04-18 22:12 . 2007-12-05 06:41 3710976 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvvitvs.dll
    + 2010-04-18 22:12 . 2007-12-05 06:41 6901760 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvoglnt.dll
    + 2010-04-18 22:12 . 2007-12-05 06:41 1228800 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvmobls.dll
    + 2010-04-18 22:12 . 2007-12-05 06:41 3420160 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvgames.dll
    + 2010-04-18 22:12 . 2007-12-05 06:41 6549504 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvdisps.dll
    + 2010-04-18 22:12 . 2007-12-05 06:41 1089536 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvcuda.dll
    + 2010-04-18 22:12 . 2007-12-05 06:41 8523776 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvcpl.dll
    + 2010-04-18 22:12 . 2007-12-05 06:41 7435392 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nv4_mini.sys
    + 2010-04-18 22:12 . 2007-12-05 06:41 5773568 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nv4_disp.dll
    + 2010-04-18 22:08 . 2006-03-22 06:23 1068800 c:\windows\system32\ReinstallBackups\0013\DriverFiles\nvnrm.sys
    + 2010-01-12 17:03 . 2010-01-12 17:03 2283526 c:\windows\system32\nvdata.bin
    + 2010-01-12 17:03 . 2010-01-12 17:03 2259560 c:\windows\system32\nvcuvid.dll
    + 2010-01-12 17:03 . 2010-01-12 17:03 4077672 c:\windows\system32\nvcuvenc.dll
    + 2009-03-08 09:32 . 2009-03-08 09:32 1985024 c:\windows\system32\iertutil.dll
    + 2009-02-07 02:07 . 2009-02-07 02:07 3698584 c:\windows\system32\ieapfltr.dat
    + 2004-08-04 12:00 . 2006-10-19 02:47 8231936 c:\windows\system32\dllcache\wmploc.dll
    + 2009-01-07 23:20 . 2009-01-07 23:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
    + 2007-02-13 07:06 . 2006-11-01 23:31 1669120 c:\windows\system32\dllcache\setup_wm.exe
    + 2009-01-07 23:20 . 2009-01-07 23:20 1022976 c:\windows\system32\dllcache\browseui.dll
    + 2010-04-18 22:11 . 2009-04-29 04:55 6066176 c:\windows\ie8\ieframe.dll
    + 2010-04-18 22:11 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
    + 2004-08-04 12:00 . 2006-10-19 02:47 10834432 c:\windows\system32\wmp.dll
    + 2010-01-12 03:17 . 2010-01-12 03:17 13666408 c:\windows\system32\nvcpl.dll
    + 2010-01-12 17:03 . 2010-01-12 17:03 11632640 c:\windows\system32\nvcompiler.dll
    + 2009-03-08 09:39 . 2009-03-08 09:39 11063808 c:\windows\system32\ieframe.dll
    + 2004-08-04 12:00 . 2006-10-19 02:47 10834432 c:\windows\system32\dllcache\wmp.dll
    + 2006-12-12 19:49 . 2010-01-12 17:03 10276768 c:\windows\system32\dllcache\nv4_mini.sys
    + 2010-04-18 22:12 . 2010-04-18 22:12 15710720 c:\windows\Installer\d3217.msp
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
    @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
    [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
    2008-08-08 16:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-02-22 1291600]
    "nwiz"="nwiz.exe" [N/A]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
    backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
    backup=c:\windows\pss\Program Neighborhood Agent.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
    backup=c:\windows\pss\Service Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2008-12-12 13:30 132392 -c--a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2006-08-17 17:32 17920 ----a-w- c:\windows\CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    2006-12-12 15:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    2006-11-12 10:48 157592 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
    2004-09-03 08:58 65536 ------w- c:\program files\Ahead\ODD Toolkit\dvdtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
    2004-06-15 01:54 200704 ----a-w- c:\program files\Gigabyte\ET5\GUI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
    2006-06-02 08:46 385024 ------r- c:\windows\system32\JMRaidTool.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    c:\documents and settings\Preston\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2008-08-08 16:27 1083176 ----a-w- c:\program files\Nero\Nero8\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    c:\program files\iTunes\iTunesHelper.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
    c:\program files\Essentials Codec Pack\update.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    c:\program files\Messenger\msmsgs.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    c:\program files\MSN Messenger\msnmsgr.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
    c:\program files\Microsoft Security Essentials\msseces.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
    2006-03-08 13:56 278528 -c----w- c:\program files\Creative\MediaSource5\MtdAcqu.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    2008-12-02 20:29 2221352 -c--a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-11-06 13:25 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
    c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
    2007-10-10 21:46 226890 -c--a-w- c:\program files\Plaxo\2.13.1.2\PlaxoHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    c:\program files\QuickTime\qttask.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
    c:\program files\Creative\Shared Files\Module Loader\DLLML.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2006-05-27 02:47 16208384 ------r- c:\windows\RTHDCPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
    2008-08-08 16:28 2049320 -c--a-w- c:\program files\Nero\Nero8\InCD\NBHGui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    2006-05-16 10:04 2879488 -c----r- c:\windows\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-03-12 04:08 1217872 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    c:\program files\Java\jre6\bin\jusched.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SolidWorks Licensing Service"=3 (0x3)
    "NeroRegInCDSrv"=2 (0x2)
    "Nero BackItUp Scheduler 3"=2 (0x2)
    "MSSQLServerADHelper"=3 (0x3)
    "MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
    "LightScribeService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "gusvc"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "gupdate"=2 (0x2)
    "WZCSVC"=2 (0x2)
    "UPS"=3 (0x3)
    "TrkWks"=2 (0x2)
    "TermService"=3 (0x3)
    "TapiSrv"=3 (0x3)
    "SoundMovieServer"=3 (0x3)
    "mnmsrvc"=3 (0x3)
    "LiveUpdate"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "ISSVC"=2 (0x2)
    "nTuneService"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [4/18/2010 2:28 AM 13400]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/14/2009 3:39 AM 95024]
    R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/18/2010 2:22 AM 204632]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [4/18/2010 2:28 AM 69720]
    R2 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/18/2010 2:22 AM 85080]
    R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [2/21/2010 9:39 PM 181584]
    R3 TunRDriverV32;TunRDriverV32;c:\windows\system32\drivers\TunRDriverV32.sys [8/9/2007 2:35 AM 506496]
    R3 TunRVideo32;TunRVideo32;c:\windows\system32\drivers\TunRVideo32.sys [3/28/2008 6:19 PM 3768]
    S0 AmdAcpi;AmdAcpi Bus Filter Driver; [x]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/14/2007 12:20 AM 646392]
    S2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2/21/2010 9:40 PM 2726000]
    S3 amdtools;AMD Special Tools Driver; [x]
    S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2/13/2007 4:51 AM 96256]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [8/8/2008 11:28 AM 53032]
    S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [3/28/2008 6:19 PM 184320]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = 127.0.0.1
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} - hxxps://www.wm-mobile.ubs.com/md/plugin/excel_mobil/excel.cab
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-18 17:40
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,91,af,8a,62,28,57,48,91,52,3e,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,91,af,8a,62,28,57,48,91,52,3e,\
    .
    Completion time: 2010-04-18 17:44:20
    ComboFix-quarantined-files.txt 2010-04-18 22:44
    ComboFix2.txt 2010-04-18 11:32
    ComboFix3.txt 2010-04-18 10:42
    ComboFix4.txt 2010-04-18 07:14
    ComboFix5.txt 2010-04-18 22:33

    Pre-Run: 68,782,198,784 bytes free
    Post-Run: 68,754,870,272 bytes free

    Current=3 Default=3 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
    - - End Of File - - FB8BB57ECF35FB4DFE9F375D6D074B6B

  4. #4
    Junior Member
    Join Date
    Apr 2010
    Posts
    18

    Default hjt unistall list

    @BIOS
    3DMark06
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.2
    AlgoLab R2V Converter 2.97.2M
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Calculator Powertoy for Windows XP
    Compatibility Pack for the 2007 Office system
    COSMOSMotion 2007 SP0
    COSMOSWorks 2007 SP0
    Counter-Strike: Source
    Creative Audio Console
    Creative Media Toolbox
    Creative MediaSource
    Creative MediaSource 5
    Creative System Information
    Critical Update for Windows Media Player 11 (KB959772)
    DMIView
    DWGeditor
    EasyTune5
    eDrawings 2007
    Face-wizard
    Fraps
    Gigabyte Raid Configurer
    GIMP 2.6.7
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix 2055 for SQL Server 2000 ENU (KB960082)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    i-Cool
    iTunes
    Java(TM) 6 Update 20
    K-Lite Mega Codec Pack 5.0.0
    LimeWire 5.5.8
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Click-to-Run 2010 (Beta)
    Microsoft Office Click-to-Run 2010 (Beta)
    Microsoft Office Converter Pack
    Microsoft Office Outlook 2003 with Business Contact Manager Update
    Microsoft Office Professional Edition 2003
    Microsoft Report Viewer Redistributable 2005
    Microsoft Silverlight
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows XP Video Decoder Checkup Utility
    Microsoft Works 6-9 Converter
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8
    neroxml
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    NVIDIA nTune
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    OGA Notifier 2.0.0048.0
    Plaxo Toolbar for Outlook and Outlook Express
    QuickTime
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.87
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    SolidWorks 2007 SP0
    SolidWorks Explorer 2007 sp0
    SolidWorks Installation Manager
    Sound Blaster X-Fi
    SSH Secure Shell
    Steam
    Symantec KB-DocID:2003093015493306
    System Requirements Lab
    TuneRaft 3.3.3
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    UPSVCMM
    VCRedistSetup
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3

  5. #5
    Junior Member
    Join Date
    Apr 2010
    Posts
    18

    Default performance

    I haven't been hijacked in a while but every once in a while i will get a bsod on boot up. Seems like vipre is pretty memory hungry but it seems to be working. Vipre scans find a tracking cookie every time it scans even after "cleaning" the file. Something is funky with my graphics drivers and some of the special buttons aren't working on my keyboard. I haven't had much time to mess with it so I don't know what the issue is. I'm pretty sure it had something to do with the rootkit I had. Thanks in advance for your help.

  6. #6
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    Hi mcgilacoty.

    Remove P2P Programs

    • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

      LimeWire 5.5.8
    • Please read the P2P Programs where we explain why it's not a good idea to have them.
    • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
    • Click on start
    • Then Run
    • In the open text entry box please copy/paste appwiz.cpl Then click enter.
    • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
    • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


    Next.

    Please post a new Uninstall list.

    • Open HijackThis.
    • Click on the Open the Misc Tools section button.
    • Look under System tools.
    • Click on the Open Uninstall Manager... button.
    • Click on the Save list... button.
    • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
    • Notepad will open. Please post this log in your next reply.


    Logs/Information to Post in your Next Reply

    • Uninstall list.

  7. #7
    Junior Member
    Join Date
    Apr 2010
    Posts
    18

    Default uninstall log

    @BIOS
    3DMark06
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.2
    AlgoLab R2V Converter 2.97.2M
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Calculator Powertoy for Windows XP
    Compatibility Pack for the 2007 Office system
    COSMOSMotion 2007 SP0
    COSMOSWorks 2007 SP0
    Counter-Strike: Source
    Creative Audio Console
    Creative Media Toolbox
    Creative MediaSource
    Creative MediaSource 5
    Creative System Information
    Critical Update for Windows Media Player 11 (KB959772)
    DMIView
    DWGeditor
    EasyTune5
    eDrawings 2007
    Face-wizard
    Fraps
    Gigabyte Raid Configurer
    GIMP 2.6.7
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix 2055 for SQL Server 2000 ENU (KB960082)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    i-Cool
    iTunes
    Java(TM) 6 Update 20
    K-Lite Mega Codec Pack 5.0.0
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Click-to-Run 2010 (Beta)
    Microsoft Office Click-to-Run 2010 (Beta)
    Microsoft Office Converter Pack
    Microsoft Office Outlook 2003 with Business Contact Manager Update
    Microsoft Office Professional Edition 2003
    Microsoft Report Viewer Redistributable 2005
    Microsoft Silverlight
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows XP Video Decoder Checkup Utility
    Microsoft Works 6-9 Converter
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8
    neroxml
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    NVIDIA nTune
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    OGA Notifier 2.0.0048.0
    Plaxo Toolbar for Outlook and Outlook Express
    QuickTime
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.87
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    SolidWorks 2007 SP0
    SolidWorks Explorer 2007 sp0
    SolidWorks Installation Manager
    Sound Blaster X-Fi
    SSH Secure Shell
    Steam
    Symantec KB-DocID:2003093015493306
    System Requirements Lab
    TuneRaft 3.3.3
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    UPSVCMM
    VCRedistSetup
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3

  8. #8
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    Hi mcgilacoty
    Thank you for you're cooperation.

    First delete you're version of ComboFix if you still have it installed.


    Next.

    Back Up registry with ERUNT

    • Please use the following link and download ERUNT to your desktop. HERE
    • Click on the erunt-setup.exe
    • Follow the prompts to install ERUNT
    • Choose language
    • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO


    • Backup your registry to the default location


    Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

    Next

    Download and Run ComboFix
    • Please download ComboFix from one of the following links.

      Link 1.

      Link 2.

      **IMPORTANT !!! Save ComboFix.exe to your Desktop**
    • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    • Double click on ComboFix.exe & follow the prompts
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

    A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper




    Logs/Information to Post in your Next Reply

    • ComboFix.txt log.
    • Please give me an update on your computers performance.

  9. #9
    Junior Member
    Join Date
    Apr 2010
    Posts
    18

    Default combofix log

    ComboFix 10-04-29.05 - Preston 04/30/2010 8:38.9.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1584 [GMT -5:00]
    Running from: c:\documents and settings\Preston\Desktop\ComboFix.exe
    AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .

    ((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 )))))))))))))))))))))))))))))))
    .

    2010-04-30 13:33 . 2010-04-30 13:33 -------- d-----w- c:\program files\ERUNT
    2010-04-29 04:17 . 2010-04-29 04:17 -------- d-----w- c:\program files\iPod
    2010-04-29 04:17 . 2010-04-29 04:18 -------- d-----w- c:\program files\iTunes
    2010-04-29 04:17 . 2010-04-29 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-29 04:17 . 2010-04-29 04:17 -------- d-----w- c:\program files\QuickTime
    2010-04-29 04:16 . 2010-04-29 04:16 -------- d-----w- c:\program files\Apple Software Update
    2010-04-29 04:16 . 2010-04-29 04:16 -------- d-----w- c:\program files\Bonjour
    2010-04-29 04:16 . 2010-04-29 04:17 -------- d-----w- c:\program files\Common Files\Apple
    2010-04-28 20:45 . 2010-04-28 20:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
    2010-04-19 06:44 . 2010-04-19 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications
    2010-04-19 04:53 . 2010-04-19 04:53 -------- d-----w- c:\program files\Trend Micro
    2010-04-19 04:37 . 2007-12-05 06:41 35328 ----a-w- c:\windows\system32\nvcodins.dll
    2010-04-19 04:37 . 2010-01-12 17:03 2283526 ----a-w- c:\windows\system32\nvdata.bin
    2010-04-19 04:37 . 2007-12-05 06:41 6901760 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-04-19 04:37 . 2007-12-05 06:41 35328 ----a-w- c:\windows\system32\nvcod.dll
    2010-04-19 04:37 . 2010-01-12 17:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-04-19 04:37 . 2010-01-12 17:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-04-19 04:37 . 2007-12-05 06:41 1089536 ----a-w- c:\windows\system32\nvcuda.dll
    2010-04-19 04:37 . 2010-01-12 17:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-04-19 04:37 . 2007-12-05 06:41 385024 ----a-w- c:\windows\system32\nvapi.dll
    2010-04-19 04:36 . 2010-01-12 17:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2010-04-19 04:36 . 2007-12-05 06:41 7435392 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2010-04-19 04:36 . 2007-12-05 06:41 5773568 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-04-19 04:36 . 2006-03-22 06:21 10240 ----a-r- c:\windows\system32\bdco1ins.dll
    2010-04-19 04:36 . 2006-03-14 13:45 35840 ----a-r- c:\windows\system32\nvconrm.dll
    2010-04-19 04:36 . 2006-03-22 06:24 18944 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
    2010-04-19 04:36 . 2006-03-22 06:23 1068800 ----a-r- c:\windows\system32\drivers\nvnrm.sys
    2010-04-19 04:36 . 2006-03-22 06:21 10240 ----a-r- c:\windows\system32\bdco1.dll
    2010-04-19 04:36 . 2007-04-17 02:46 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys
    2010-04-19 04:23 . 2008-04-13 18:31 35840 ----a-w- c:\windows\system32\drivers\processr.sys
    2010-04-19 03:55 . 2010-04-03 22:55 10232128 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
    2010-04-19 03:52 . 2010-04-19 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-04-19 03:52 . 2010-04-19 03:52 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Microsoft Help
    2010-04-19 02:50 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\NVD
    2010-04-19 02:50 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Application Data\NVD
    2010-04-19 02:50 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\SoftGrid Client
    2010-04-19 02:49 . 2010-04-19 07:23 -------- d-----w- c:\documents and settings\Preston\Application Data\SoftGrid Client
    2010-04-19 02:49 . 2010-04-19 02:49 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
    2010-04-19 02:49 . 2010-04-19 02:49 -------- d-----w- c:\documents and settings\All Users\Microsoft
    2010-04-19 02:48 . 2010-04-19 02:50 -------- d-----w- c:\documents and settings\Preston\Application Data\TP
    2010-04-19 02:38 . 2010-04-19 02:39 -------- d-----w- c:\program files\Common Files\Adobe
    2010-04-19 02:36 . 2010-04-19 02:36 -------- d-----w- c:\program files\Common Files\Java
    2010-04-19 02:36 . 2010-04-19 02:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-19 02:36 . 2010-04-19 02:36 -------- d-----w- c:\program files\Java
    2010-04-19 02:35 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-19 02:34 . 2010-04-19 02:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-19 02:34 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-19 01:57 . 2010-04-19 02:40 -------- d-----w- c:\windows\ie8updates
    2010-04-19 01:45 . 2008-04-14 10:42 10752 ----a-w- c:\windows\system32\smtpapi.dll
    2010-04-19 01:45 . 2008-04-14 10:42 9728 ----a-w- c:\windows\system32\rwnh.dll
    2010-04-18 22:13 . 2010-04-18 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2010-04-18 22:12 . 2010-04-18 22:12 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-04-18 22:11 . 2010-04-19 01:56 -------- dc-h--w- c:\windows\ie8
    2010-04-18 22:08 . 2008-07-08 13:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
    2010-04-18 22:08 . 2010-04-18 22:08 -------- d-----w- C:\58209d509bb6c760d0
    2010-04-18 11:00 . 2010-04-18 11:00 -------- d-----w- c:\program files\VS Revo Group
    2010-04-18 07:28 . 2010-01-05 09:40 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys
    2010-04-18 07:28 . 2010-01-05 09:40 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys
    2010-04-18 07:24 . 2010-04-18 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
    2010-04-18 07:24 . 2010-04-18 07:24 -------- d-----w- c:\documents and settings\Preston\Application Data\Sunbelt
    2010-04-18 07:22 . 2010-02-22 01:30 85080 ----a-w- c:\windows\system32\drivers\sbhips.sys
    2010-04-18 07:22 . 2010-02-22 01:30 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys
    2010-04-18 07:22 . 2010-04-18 07:22 -------- d-----w- c:\program files\Sunbelt Software
    2010-04-18 04:40 . 2010-04-18 04:40 146579236 ----a-w- C:\registrybackup.reg
    2010-04-17 12:35 . 2008-04-13 16:39 142592 -c--a-w- c:\windows\system32\dllcache\aec.sys
    2010-04-17 12:35 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
    2010-04-15 07:02 . 2010-04-15 08:35 -------- d-----w- C:\f0b6fdfa5c5738b47c
    2010-04-15 06:53 . 2010-04-15 06:53 -------- d-----w- c:\documents and settings\Preston\Application Data\MSNInstaller
    2010-04-15 06:44 . 2010-04-15 06:44 -------- d-----w- c:\documents and settings\All Users\Uniblue
    2010-04-15 06:43 . 2010-04-15 06:43 -------- d-----w- c:\documents and settings\Preston\Application Data\Uniblue
    2010-04-15 06:09 . 2010-04-15 06:09 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Mozilla
    2010-04-15 06:05 . 2010-04-15 06:05 -------- d-----w- c:\documents and settings\Preston\Local Settings\Application Data\Downloaded Installations
    2010-04-15 04:23 . 2010-04-15 04:23 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
    2010-04-15 03:44 . 2010-04-15 03:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-04-13 12:14 . 2010-04-13 12:14 -------- d-----w- c:\windows\Options
    2010-04-12 04:22 . 2010-04-12 04:22 -------- d-----w- c:\documents and settings\Preston\Application Data\Malwarebytes
    2010-04-12 04:21 . 2010-04-12 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-09 15:01 . 2010-04-09 15:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-04-08 02:30 . 2010-04-08 02:30 503808 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\msvcp71.dll
    2010-04-08 02:30 . 2010-04-08 02:30 499712 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\jmc.dll
    2010-04-08 02:30 . 2010-04-08 02:30 348160 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5c4d5997-n\msvcr71.dll
    2010-04-08 02:30 . 2010-04-08 02:30 61440 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6421359f-n\decora-sse.dll
    2010-04-08 02:30 . 2010-04-08 02:30 12800 ----a-w- c:\documents and settings\Preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6421359f-n\decora-d3d.dll
    2010-04-07 16:20 . 2010-04-07 16:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
    2010-04-07 00:12 . 2010-04-07 00:12 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
    2010-04-06 23:35 . 2010-04-06 23:35 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
    2010-04-06 23:35 . 2010-04-06 23:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-04-06 18:02 . 2010-04-15 03:42 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-06 18:02 . 2010-04-06 18:02 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-04-06 18:02 . 2010-04-06 18:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-04-04 00:23 . 2010-04-04 00:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
    2010-04-04 00:23 . 2010-04-04 00:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
    2010-04-04 00:23 . 2010-04-04 00:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2010-04-04 00:23 . 2010-04-04 00:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
    2010-04-04 00:23 . 2010-04-04 00:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-04-04 00:22 . 2010-04-04 00:22 81920 ----a-w- c:\windows\system32\nvwddi.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-30 03:36 . 2007-03-25 06:45 -------- d-----w- c:\documents and settings\Preston\Application Data\Apple Computer
    2010-04-20 14:14 . 2008-03-24 22:46 -------- d-----w- c:\documents and settings\Preston\Application Data\SolidWorks
    2010-04-20 05:40 . 2007-02-13 09:39 66264 -c--a-w- c:\documents and settings\Preston\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-19 04:42 . 2007-02-13 08:35 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-04-18 22:08 . 2007-02-13 17:27 -------- d-----w- c:\program files\Windows Media Connect 2
    2010-04-18 21:48 . 2008-03-27 20:54 -------- d-----w- c:\program files\Steam
    2010-04-18 10:05 . 2009-07-21 06:21 -------- d-----w- c:\program files\K-Lite Codec Pack
    2010-04-18 09:53 . 2009-11-02 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-04-16 21:03 . 2004-08-04 12:00 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
    2010-04-15 06:34 . 2007-02-13 07:32 -------- d-----w- c:\program files\AMD
    2010-04-15 03:42 . 2007-03-01 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2010-04-13 12:19 . 2007-05-05 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-04-13 12:17 . 2007-05-14 05:46 -------- d-----w- c:\documents and settings\Preston\Application Data\ICAClient
    2010-04-13 12:15 . 2007-02-20 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2010-04-10 06:06 . 2007-02-13 08:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-04-10 06:06 . 2007-02-13 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-04-10 06:05 . 2007-04-17 09:06 40 ----a-w- c:\windows\system32\profile.dat
    2010-04-08 02:37 . 2007-04-04 08:16 -------- d--h--w- c:\documents and settings\Preston\Application Data\Move Networks
    2010-04-03 22:55 . 2010-04-19 04:41 6432128 ----a-w- c:\windows\system32\SET3F.tmp
    2010-04-03 22:55 . 2007-02-14 22:31 600680 -c--a-w- c:\windows\system32\nvudisp.exe
    2010-04-02 21:54 . 2007-02-14 22:18 600680 -c--a-w- c:\windows\system32\NVUNINST.EXE
    2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-22 02:39 . 2010-02-22 02:39 27984 ----a-w- c:\windows\system32\sbbd.exe
    2010-02-16 14:08 . 2004-08-04 12:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2004-08-03 22:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2007-02-13 09:43 . 2007-02-13 09:43 35302248 -c--a-w- c:\program files\5.05.25.00_ntune_winxp_international.exe
    .
    Code:
    <pre>
    c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt .exe
    c:\program files\Common Files\Symantec Shared\ccapp .exe
    c:\program files\Creative\MediaSource\Detector\ctdetect .exe
    c:\program files\Creative\Shared Files\Module Loader\dllml .exe
    c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\ctdvddet .exe
    c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\volpanel .exe
    c:\program files\NVIDIA Corporation\nTune\ntunecmd .exe
    </pre>
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
    @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
    [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
    2008-08-08 16:28 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-02-22 1291600]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "nwiz"="nwiz.exe" [N/A]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
    backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
    backup=c:\windows\pss\Program Neighborhood Agent.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
    backup=c:\windows\pss\Service Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2008-12-12 13:30 132392 -c--a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2006-08-17 17:32 17920 ----a-w- c:\windows\CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    2006-12-12 15:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    2006-11-12 10:48 157592 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
    2004-09-03 08:58 65536 ------w- c:\program files\Ahead\ODD Toolkit\dvdtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
    2004-06-15 01:54 200704 ----a-w- c:\program files\Gigabyte\ET5\GUI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
    2006-06-02 08:46 385024 ------r- c:\windows\system32\JMRaidTool.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    c:\documents and settings\Preston\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2008-08-08 16:27 1083176 ----a-w- c:\program files\Nero\Nero8\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-04-28 20:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
    c:\program files\Essentials Codec Pack\update.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    c:\program files\MSN Messenger\msnmsgr.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
    c:\program files\Microsoft Security Essentials\msseces.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
    2006-03-08 13:56 278528 -c----w- c:\program files\Creative\MediaSource5\MtdAcqu.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    2008-12-02 20:29 2221352 -c--a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-11-06 13:25 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2010-04-04 00:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
    c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2010-04-04 00:23 110696 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
    2007-10-10 21:46 226890 -c--a-w- c:\program files\Plaxo\2.13.1.2\PlaxoHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
    c:\program files\Creative\Shared Files\Module Loader\DLLML.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2006-05-27 02:47 16208384 ------r- c:\windows\RTHDCPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
    2008-08-08 16:28 2049320 -c--a-w- c:\program files\Nero\Nero8\InCD\NBHGui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    2006-05-16 10:04 2879488 -c----r- c:\windows\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-03-12 04:08 1217872 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    c:\program files\Java\jre6\bin\jusched.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SolidWorks Licensing Service"=3 (0x3)
    "NeroRegInCDSrv"=2 (0x2)
    "Nero BackItUp Scheduler 3"=2 (0x2)
    "MSSQLServerADHelper"=3 (0x3)
    "MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
    "LightScribeService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "gusvc"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "gupdate"=2 (0x2)
    "WZCSVC"=2 (0x2)
    "UPS"=3 (0x3)
    "TrkWks"=2 (0x2)
    "TermService"=3 (0x3)
    "TapiSrv"=3 (0x3)
    "SoundMovieServer"=3 (0x3)
    "mnmsrvc"=3 (0x3)
    "LiveUpdate"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "ISSVC"=2 (0x2)
    "nTuneService"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [4/18/2010 2:28 AM 13400]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/14/2009 3:39 AM 95024]
    R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/18/2010 2:22 AM 204632]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 7:35 AM 819600]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [4/18/2010 2:28 AM 69720]
    R2 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/18/2010 2:22 AM 85080]
    R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [2/21/2010 9:39 PM 181584]
    R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 3:04 PM 447832]
    R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 3:04 PM 543064]
    R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 3:04 PM 190312]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 3:05 PM 21864]
    R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 3:04 PM 14680]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 3:04 PM 203608]
    R3 TunRDriverV32;TunRDriverV32;c:\windows\system32\drivers\TunRDriverV32.sys [8/9/2007 2:35 AM 506496]
    R3 TunRVideo32;TunRVideo32;c:\windows\system32\drivers\TunRVideo32.sys [3/28/2008 6:19 PM 3768]
    S0 AmdAcpi;AmdAcpi Bus Filter Driver; [x]
    S2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2/21/2010 9:40 PM 2726000]
    S3 amdtools;AMD Special Tools Driver; [x]
    S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2/13/2007 4:51 AM 96256]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
    S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [8/8/2008 11:28 AM 53032]
    S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [3/28/2008 6:19 PM 184320]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/14/2007 12:20 AM 646392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-30 c:\windows\Tasks\User_Feed_Synchronization-{561DDAE7-884D-4921-9C0C-F2EA28E4F39D}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} - hxxps://www.wm-mobile.ubs.com/md/plugin/excel_mobil/excel.cab
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-30 08:45
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1628)
    c:\windows\system32\WININET.dll
    c:\program files\Nero\Nero8\InCD\NBHShx.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\program files\Nero\Nero8\InCD\NBHStr.dll
    c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-04-30 08:47:58
    ComboFix-quarantined-files.txt 2010-04-30 13:47
    ComboFix2.txt 2010-04-18 22:44

    Pre-Run: 79,277,240,320 bytes free
    Post-Run: 79,292,030,976 bytes free

    Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
    - - End Of File - - FF88C17F991F5E84B77613E8C3D8F3BE



    I haven't had time to check out the performance of the computer but I will soon and give an update in a new post.

  10. #10
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    Hi mcgilacoty.
    I haven't had time to check out the performance of the computer but I will soon and give an update in a new post.
    Let me how how things are after the below fix



    ComboFix - CFScript
    This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
    You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
    1. Please open Notepad and copy/paste all the text below... into the window:
      Code:
      RenV::
      c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt .exe
      c:\program files\Common Files\Symantec Shared\ccapp .exe
      c:\program files\Creative\MediaSource\Detector\ctdetect .exe
      c:\program files\Creative\Shared Files\Module Loader\dllml .exe
      c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\ctdvddet .exe
      c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\volpanel .exe
      c:\program files\NVIDIA Corporation\nTune\ntunecmd .exe
    2. Save it to your desktop as CFScript.txt
    3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
      *Only* when the 2 items above (Step 3) have been taken care of...
    4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

      This will cause ComboFix to run again.
      Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
      Do Not touch your computer when ComboFix is running!
    5. When finished ComboFix will create a log file... you can save this file to a convenient place.

    Please copy/paste the ComboFix log file in your next reply.


    Next.

    Upload a File to Virustotal

    Please go to Virustotal

    Copy/paste this file and path into the white box at the top:
    c:\windows\system32\drivers\Sftredirxp.sys
    Press Submit - this will submit the file for testing.
    Please wait for all the scanners to finish then copy and paste the results in your next response.

    If you have trouble using Virustotal try jotti.org



    Logs/Information to Post in your Next Reply

    • ComboFix
    • Virustotal or jotti results.
    • Please give me an update on your computers performance.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •