My desktop keeps glitching

Status
Not open for further replies.
C

Crazypete3

Baseband Member
Messages
59
I have a major issue and i would love it if someone can help.
Every time my computer is on for about an hour or so, my desktop gets very "glitchy". Parts of the screen would be black, my clock would disappear, my folders would change there icons, my folder sides or corners sometimes would be invisible, my program list would be blacked out. I have some pictures that may help describe what it looks like.

This picture you can see clearly what has happened.

Computer Jacked Up :: untitled5.jpg picture by Holywater72 - Photobucket


This is what my computer is running on
MS Windows XP Professional SP3
Intel Core2 Duo CPU E4500 @ 2.200GHZ, 1.0GB RAM, ATI Radeon HD 2400 PRO


The strange thing is once i restart my computer is all goes away, but unfortunately comes back within a hour. :sick:


please help
 
Hmmm...Im leaning to a hardware issue but just to make sure, run combofix, malwarebytes and then hijackthis in that order and post their logs.

Follow this XP Full
 
Combo fix is too long, so i will send you about 3 replies of the log

ComboFix 10-05-03.03 - Travis Kenyon 05/03/2010 22:58:29.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.693 [GMT -5:00]
Running from: c:\documents and settings\Travis Kenyon\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Travis Kenyon\Application Data\inst.exe
c:\documents and settings\Travis Kenyon\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
c:\program files\HyperCam Toolbar\tbHElper.dll
c:\program files\WindowsUpdate
c:\recycler\S-1-5-21-1757981266-879983540-682003330-1003
c:\windows\system32\_004621_.tmp.dll
c:\windows\system32\_004622_.tmp.dll
c:\windows\system32\Cache

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-05-04 01:01 . 2010-05-04 01:01 -------- d-----w- c:\program files\Lame for Audacity
2010-05-03 23:13 . 2010-05-03 23:13 -------- d-----w- c:\documents and settings\Travis Kenyon\Local Settings\Application Data\WMTools Downloaded Files
2010-05-03 21:09 . 2010-05-03 21:10 -------- d-----w- c:\documents and settings\Travis Kenyon\Local Settings\Application Data\NFS Underground 2
2010-05-03 21:07 . 2010-05-03 21:07 -------- d-----w- c:\program files\Common Files\EasyInfo
2010-05-03 20:57 . 2010-05-03 20:57 -------- d-----w- c:\program files\EA GAMES
2010-05-03 20:52 . 2010-05-03 20:52 -------- d-----w- c:\program files\Common Files\DirectX
2010-04-29 02:37 . 2008-02-14 21:21 180224 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\Mozilla\Firefox\Profiles\6o8gvmob.default\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}\plugins\npmabiwebframe.dll
2010-04-24 20:50 . 2010-05-04 03:00 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Audacity
2010-04-24 20:43 . 2010-04-24 20:43 -------- d-----w- c:\program files\CONEXANT
2010-04-24 20:42 . 2003-11-17 20:59 212224 ----a-w- c:\windows\system32\drivers\HSFHWBS2.sys
2010-04-24 20:42 . 2003-11-17 20:58 680704 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2010-04-24 20:42 . 2003-11-17 20:56 1042432 ----a-w- c:\windows\system32\drivers\HSF_DP.sys
2010-04-24 20:42 . 2003-04-09 19:01 90112 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-04-24 20:42 . 2003-04-09 18:48 11043 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-04-24 20:42 . 2010-04-24 20:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ATI
2010-04-24 20:38 . 2010-04-24 20:38 10134 ----a-r- c:\documents and settings\Travis Kenyon\Application Data\Microsoft\Installer\{F16DCA31-4DB4-F8F6-5ED1-6FAFB7228FFF}\ARPPRODUCTICON.exe
2010-04-24 20:19 . 2010-04-24 20:19 53248 ----a-r- c:\documents and settings\Travis Kenyon\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-04-24 20:18 . 2010-04-24 20:18 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-04-24 20:17 . 2010-04-24 20:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\LogiShrd
2010-04-24 20:12 . 2010-04-24 20:19 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Logitech
2010-04-24 20:12 . 2010-04-24 20:13 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Logishrd
2010-04-24 19:55 . 2010-04-24 19:55 -------- d-----w- c:\program files\Activision
2010-04-24 18:45 . 2010-04-24 18:45 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-24 18:45 . 2010-05-03 20:46 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-04-24 18:45 . 2010-05-03 20:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro
2010-04-24 18:45 . 2010-05-03 20:47 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\DAEMON Tools Pro
2010-04-06 20:12 . 2010-04-06 20:12 119808 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\FFTextLinks.dll
2010-04-06 02:59 . 2010-04-06 02:59 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Broad Intelligence
2010-04-06 02:59 . 2010-04-06 02:59 -------- d-----w- c:\program files\MediaCoder Audio Edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 04:06 . 2010-03-23 08:58 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\uTorrent
2010-05-04 04:03 . 2010-03-29 02:31 -------- d-----w- c:\program files\HyperCam Toolbar
2010-05-03 17:39 . 2010-02-14 21:34 -------- d-----w- c:\program files\uTorrent
2010-05-02 21:17 . 2010-03-11 00:35 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-02 21:17 . 2010-03-11 00:34 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-02 05:59 . 2009-02-24 04:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-02 05:59 . 2010-04-02 05:06 6153352 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-05-02 05:57 . 2009-08-31 03:23 -------- d-----w- c:\program files\Replay Media Catcher
2010-05-02 05:40 . 2010-03-23 08:48 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-05-02 05:40 . 2010-03-23 08:48 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-05-02 05:40 . 2010-03-23 09:01 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-05-01 00:34 . 2010-04-01 22:26 41 ----a-w- c:\documents and settings\Travis Kenyon\jagex_runescape_preferences.dat
2010-05-01 00:34 . 2010-04-01 22:28 75 ----a-w- c:\documents and settings\Travis Kenyon\jagex_runescape_preferences2.dat
2010-04-29 20:39 . 2010-03-07 08:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-03-07 08:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 23:45 . 2010-03-17 02:33 -------- d-----w- c:\program files\Sandboxie
2010-04-25 15:27 . 2010-03-11 00:15 -------- d-----w- c:\program files\ATI
2010-04-24 20:50 . 2009-02-24 23:49 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-04-24 20:39 . 2010-03-07 09:27 -------- d-----w- c:\program files\ATI Technologies
2010-04-24 20:19 . 2010-01-09 21:09 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-04-24 20:18 . 2010-01-09 21:08 -------- d-----w- c:\program files\Logitech
2010-04-24 20:16 . 2009-02-22 20:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-13 23:40 . 2009-06-17 22:10 -------- d-----w- c:\program files\SpeedFan
2010-04-01 22:28 . 2010-04-01 22:28 0 ----a-w- c:\documents and settings\Travis Kenyon\jagex__preferences3.dat
2010-03-30 20:29 . 2010-03-30 20:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-30 20:29 . 2010-03-30 20:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nielprt_01007.Wdf
2010-03-30 20:25 . 2010-03-30 20:25 -------- d-----w- c:\program files\NetRatingsNetSight
2010-03-29 21:16 . 2010-03-24 00:17 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Vso
2010-03-29 06:17 . 2010-03-29 06:17 3774 ----a-r- c:\documents and settings\Travis Kenyon\Application Data\Microsoft\Installer\{DB939A96-0B1A-4588-91E9-2133236D1E8B}\_CF12D5CBF38FEF7C0C142A.exe
2010-03-29 06:17 . 2010-03-29 06:17 3774 ----a-r- c:\documents and settings\Travis Kenyon\Application Data\Microsoft\Installer\{DB939A96-0B1A-4588-91E9-2133236D1E8B}\_2C07D269DB1C9A6B21A80F.exe
2010-03-29 06:17 . 2010-03-29 06:17 10134 ----a-r- c:\documents and settings\Travis Kenyon\Application Data\Microsoft\Installer\{DB939A96-0B1A-4588-91E9-2133236D1E8B}\_3E2FFC67266DB5651EAE44.exe
2010-03-29 06:17 . 2010-03-29 06:17 -------- d-----w- c:\program files\ppr
2010-03-29 02:31 . 2010-03-29 02:31 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Toolbar4
2010-03-29 02:31 . 2010-02-02 22:12 -------- d-----w- c:\program files\HyCam2
2010-03-28 05:45 . 2010-03-28 05:45 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Publish Providers
2010-03-28 05:45 . 2010-03-28 05:16 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Sony
2010-03-28 05:31 . 2010-03-28 05:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Sony
2010-03-28 05:15 . 2009-03-08 23:57 -------- d-----w- c:\program files\Sony
2010-03-27 16:48 . 2010-03-27 09:48 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\DivX
2010-03-27 09:49 . 2010-03-27 09:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX
2010-03-27 09:47 . 2010-03-27 09:47 56969 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-03-27 09:45 . 2010-03-27 09:48 754984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\Resource.dll
2010-03-27 09:44 . 2010-03-27 09:48 986904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\DivXSetup.exe
2010-03-26 21:42 . 2009-02-25 11:13 -------- d-----w- c:\program files\CCleaner
2010-03-24 01:30 . 2010-03-24 01:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\vsosdk
2010-03-24 00:23 . 2010-03-24 00:17 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-24 00:23 . 2010-03-24 00:17 47360 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\pcouffin.sys
2010-03-24 00:23 . 2010-03-24 00:17 47360 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\pcouffin.sys
2010-03-24 00:23 . 2010-02-15 04:08 -------- d-----w- c:\program files\VSO
2010-03-23 10:49 . 2009-02-26 03:21 -------- d-----w- c:\program files\AVS4YOU
2010-03-23 10:49 . 2009-02-26 03:22 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-03-23 10:17 . 2010-03-23 10:17 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\AVS4YOU
2010-03-23 10:17 . 2010-03-23 10:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVS4YOU
2010-03-23 08:48 . 2010-03-23 08:48 -------- d-----w- c:\program files\Applian Director
2010-03-11 00:36 . 2010-03-11 00:36 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Leadertech
2010-03-11 00:29 . 2010-03-11 00:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-03-11 00:29 . 2010-03-11 00:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-03-11 00:29 . 2010-03-11 00:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-03-11 00:27 . 2009-02-24 03:38 -------- d-----w- c:\program files\Intel
2010-03-10 23:39 . 2010-03-10 23:39 -------- d-----w- c:\program files\Driver-Soft
2010-03-10 21:31 . 2010-03-10 21:31 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\McAfee
2010-03-10 06:15 . 2004-08-04 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 23:23 . 2010-03-08 23:17 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\GetRightToGo
2010-03-08 23:19 . 2010-03-08 23:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters Inc
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-07 17:15 . 2010-03-07 03:01 13104 ----a-w- c:\documents and settings\Travis Kenyon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-07 10:39 . 2010-03-07 10:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\RoboForm
2010-03-07 09:35 . 2010-03-07 09:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS
2010-03-07 09:34 . 2010-03-07 09:34 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-07 09:30 . 2010-03-07 09:30 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\ATI
2010-03-07 09:27 . 2009-02-22 20:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-07 09:21 . 2010-03-07 08:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-07 09:20 . 2010-03-07 09:20 98304 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-03-07 09:20 . 2010-03-07 09:20 765952 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMDll.dll
2010-03-07 09:20 . 2010-03-07 09:20 401408 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMResource.dll
2010-03-07 09:20 . 2010-03-07 09:20 258352 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\unicows.dll
2010-03-07 09:20 . 2010-03-07 09:20 172032 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGM.exe
2010-03-07 09:20 . 2010-03-07 09:20 126976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\nxgameus.dll
2010-03-07 09:01 . 2010-03-07 08:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2010-03-07 08:49 . 2010-03-07 08:49 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Malwarebytes
2010-03-07 08:49 . 2010-03-07 08:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-03-07 08:47 . 2010-03-07 08:35 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Systweak
2010-03-07 08:44 . 2010-03-07 08:44 1955472 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-03-07 08:38 . 2010-03-07 08:38 503808 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2bab434a-n\msvcp71.dll
2010-03-07 08:38 . 2010-03-07 08:38 499712 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2bab434a-n\jmc.dll
2010-03-07 08:38 . 2010-03-07 08:38 348160 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2bab434a-n\msvcr71.dll
2010-03-07 08:38 . 2010-03-07 08:38 61440 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2bedfe8b-n\decora-sse.dll
2010-03-07 08:38 . 2010-03-07 08:38 12800 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2bedfe8b-n\decora-d3d.dll
2010-03-07 08:38 . 2010-03-07 08:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 08:29 . 2010-03-07 08:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2010-03-07 08:21 . 2010-03-07 08:21 1923768 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-03-07 08:17 . 2009-08-25 20:30 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-07 08:14 . 2010-03-07 08:14 38784 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-07 08:14 . 2010-03-07 08:14 38784 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-07 08:14 . 2010-03-07 08:00 15849560 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\selfextractor_air_1.5.3.exe
2010-03-07 08:01 . 2010-03-07 08:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2010-03-07 08:00 . 2010-03-07 08:00 86016 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-07 07:37 . 2010-03-07 07:37 0 ----a-w- c:\windows\nsreg.dat
2010-03-07 07:00 . 2010-03-07 06:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PMB Files
2010-03-07 06:31 . 2010-03-07 01:13 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
 
Ok part two of combofix log

.
Code: 
<pre>
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Malwarebytes' Anti-Malware\iyt .exe
c:\program files\Pando Networks\Media Booster\pmb .exe
c:\program files\Siber Systems\AI RoboForm\robotaskbaricon .exe
c:\program files\Unlocker\unlockerassistant .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-07 2937528]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2010-02-13 5933912]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-03 321328]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-04-18 160328]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-04-17 394984]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-22 18791456]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-03 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58620:TCP"= 58620:TCP:pando Media Booster
"58620:UDP"= 58620:UDP:pando Media Booster

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/24/2010 1:45 PM 697328]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/10/2010 7:29 PM 10384]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/7/2010 4:00 AM 1691480]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: {2A253A7E-46D1-40CA-8996-B19A879B274E} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Travis Kenyon\Application Data\Mozilla\Firefox\Profiles\6o8gvmob.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Travis Kenyon\Application Data\Mozilla\Firefox\Profiles\6o8gvmob.default\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}\plugins\npmabiwebframe.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-05-03 23:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'explorer.exe'(4836)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2010-05-03 23:08:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-04 04:08
ComboFix2.txt 2010-01-18 03:34

Pre-Run: 198,971,600,896 bytes free
Post-Run: 200,459,608,064 bytes free

- - End Of File - - 821C4C845A261C48B6359DDF0C891D04
 
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4063

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/3/2010 11:17:53 PM
mbam-log-2010-05-03 (23-17-53).txt

Scan type: Quick scan
Objects scanned: 154114
Time elapsed: 6 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:18:33 PM, on 5/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267941608421
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A253A7E-46D1-40CA-8996-B19A879B274E}: NameServer = 208.67.222.222,208.67.220.220
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 8013 bytes
 
Looking good so far, both programs deleted a lot of stuff, just hope they removed what was causing your problems.

What I need you to do now is make sure system restore is disabled.

Then reboot.

Then run ccleaner and make sure you check all its boxes except the disk wipe because that takes forever and run its registry cleaner.

Then run cleanup!

Then do the scans one last time and post the logs so I can see if they find anything else.
 
ComboFix 10-05-03.03 - Travis Kenyon 05/04/2010 0:17.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.596 [GMT -5:00]
Running from: c:\documents and settings\Travis Kenyon\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-05-04 04:11 . 2010-05-04 04:11 388096 ----a-r- c:\documents and settings\Travis Kenyon\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-04 04:11 . 2010-05-04 04:11 -------- d-----w- c:\program files\Trend Micro
2010-05-04 01:01 . 2010-05-04 01:01 -------- d-----w- c:\program files\Lame for Audacity
2010-05-03 23:13 . 2010-05-03 23:13 -------- d-----w- c:\documents and settings\Travis Kenyon\Local Settings\Application Data\WMTools Downloaded Files
2010-05-03 21:09 . 2010-05-03 21:10 -------- d-----w- c:\documents and settings\Travis Kenyon\Local Settings\Application Data\NFS Underground 2
2010-05-03 21:07 . 2010-05-03 21:07 -------- d-----w- c:\program files\Common Files\EasyInfo
2010-05-03 20:57 . 2010-05-03 20:57 -------- d-----w- c:\program files\EA GAMES
2010-05-03 20:52 . 2010-05-03 20:52 -------- d-----w- c:\program files\Common Files\DirectX
2010-04-29 02:37 . 2008-02-14 21:21 180224 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\Mozilla\Firefox\Profiles\6o8gvmob.default\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}\plugins\npmabiwebframe.dll
2010-04-24 20:50 . 2010-05-04 03:00 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Audacity
2010-04-24 20:43 . 2010-04-24 20:43 -------- d-----w- c:\program files\CONEXANT
2010-04-24 20:42 . 2003-11-17 20:59 212224 ----a-w- c:\windows\system32\drivers\HSFHWBS2.sys
2010-04-24 20:42 . 2003-11-17 20:58 680704 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2010-04-24 20:42 . 2003-11-17 20:56 1042432 ----a-w- c:\windows\system32\drivers\HSF_DP.sys
2010-04-24 20:42 . 2003-04-09 19:01 90112 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-04-24 20:42 . 2003-04-09 18:48 11043 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-04-24 20:42 . 2010-04-24 20:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ATI
2010-04-24 20:38 . 2010-04-24 20:38 10134 ----a-r- c:\documents and settings\Travis Kenyon\Application Data\Microsoft\Installer\{F16DCA31-4DB4-F8F6-5ED1-6FAFB7228FFF}\ARPPRODUCTICON.exe
2010-04-24 20:19 . 2010-04-24 20:19 53248 ----a-r- c:\documents and settings\Travis Kenyon\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-04-24 20:18 . 2010-04-24 20:18 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-04-24 20:17 . 2010-04-24 20:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\LogiShrd
2010-04-24 20:12 . 2010-04-24 20:19 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Logitech
2010-04-24 20:12 . 2010-04-24 20:13 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Logishrd
2010-04-24 19:55 . 2010-04-24 19:55 -------- d-----w- c:\program files\Activision
2010-04-24 18:45 . 2010-04-24 18:45 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-24 18:45 . 2010-05-03 20:46 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-04-24 18:45 . 2010-05-03 20:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro
2010-04-24 18:45 . 2010-05-03 20:47 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\DAEMON Tools Pro
2010-04-06 20:12 . 2010-04-06 20:12 119808 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\FFTextLinks.dll
2010-04-06 02:59 . 2010-04-06 02:59 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Broad Intelligence
2010-04-06 02:59 . 2010-04-06 02:59 -------- d-----w- c:\program files\MediaCoder Audio Edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 05:15 . 2010-03-23 08:58 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\uTorrent
2010-05-04 04:03 . 2010-03-29 02:31 -------- d-----w- c:\program files\HyperCam Toolbar
2010-05-03 17:39 . 2010-02-14 21:34 -------- d-----w- c:\program files\uTorrent
2010-05-02 21:17 . 2010-03-11 00:35 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-02 21:17 . 2010-03-11 00:34 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-02 05:59 . 2009-02-24 04:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-02 05:59 . 2010-04-02 05:06 6153352 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-05-02 05:57 . 2009-08-31 03:23 -------- d-----w- c:\program files\Replay Media Catcher
2010-05-02 05:40 . 2010-03-23 08:48 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-05-02 05:40 . 2010-03-23 08:48 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-05-02 05:40 . 2010-03-23 09:01 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-05-01 00:34 . 2010-04-01 22:26 41 ----a-w- c:\documents and settings\Travis Kenyon\jagex_runescape_preferences.dat
2010-05-01 00:34 . 2010-04-01 22:28 75 ----a-w- c:\documents and settings\Travis Kenyon\jagex_runescape_preferences2.dat
2010-04-29 20:39 . 2010-03-07 08:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-03-07 08:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 23:45 . 2010-03-17 02:33 -------- d-----w- c:\program files\Sandboxie
2010-04-25 15:27 . 2010-03-11 00:15 -------- d-----w- c:\program files\ATI
2010-04-24 20:50 . 2009-02-24 23:49 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-04-24 20:39 . 2010-03-07 09:27 -------- d-----w- c:\program files\ATI Technologies
2010-04-24 20:19 . 2010-01-09 21:09 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-04-24 20:18 . 2010-01-09 21:08 -------- d-----w- c:\program files\Logitech
2010-04-24 20:16 . 2009-02-22 20:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-13 23:40 . 2009-06-17 22:10 -------- d-----w- c:\program files\SpeedFan
2010-04-01 22:28 . 2010-04-01 22:28 0 ----a-w- c:\documents and settings\Travis Kenyon\jagex__preferences3.dat
2010-03-30 20:29 . 2010-03-30 20:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-30 20:29 . 2010-03-30 20:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nielprt_01007.Wdf
2010-03-30 20:25 . 2010-03-30 20:25 -------- d-----w- c:\program files\NetRatingsNetSight
2010-03-29 21:16 . 2010-03-24 00:17 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Vso
2010-03-29 06:17 . 2010-03-29 06:17 3774 ----a-r- c:\documents and settings\Travis Kenyon\Application Data\Microsoft\Installer\{DB939A96-0B1A-4588-91E9-2133236D1E8B}\_CF12D5CBF38FEF7C0C142A.exe
2010-03-29 06:17 . 2010-03-29 06:17 3774 ----a-r- c:\documents and settings\Travis Kenyon\Application Data\Microsoft\Installer\{DB939A96-0B1A-4588-91E9-2133236D1E8B}\_2C07D269DB1C9A6B21A80F.exe
2010-03-29 06:17 . 2010-03-29 06:17 10134 ----a-r- c:\documents and settings\Travis Kenyon\Application Data\Microsoft\Installer\{DB939A96-0B1A-4588-91E9-2133236D1E8B}\_3E2FFC67266DB5651EAE44.exe
2010-03-29 06:17 . 2010-03-29 06:17 -------- d-----w- c:\program files\ppr
2010-03-29 02:31 . 2010-03-29 02:31 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Toolbar4
2010-03-29 02:31 . 2010-02-02 22:12 -------- d-----w- c:\program files\HyCam2
2010-03-28 05:45 . 2010-03-28 05:45 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Publish Providers
2010-03-28 05:45 . 2010-03-28 05:16 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Sony
2010-03-28 05:31 . 2010-03-28 05:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Sony
2010-03-28 05:15 . 2009-03-08 23:57 -------- d-----w- c:\program files\Sony
2010-03-27 16:48 . 2010-03-27 09:48 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\DivX
2010-03-27 09:49 . 2010-03-27 09:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX
2010-03-27 09:47 . 2010-03-27 09:47 56969 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-03-27 09:45 . 2010-03-27 09:48 754984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\Resource.dll
2010-03-27 09:44 . 2010-03-27 09:48 986904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\DivXSetup.exe
2010-03-26 21:42 . 2009-02-25 11:13 -------- d-----w- c:\program files\CCleaner
2010-03-24 01:30 . 2010-03-24 01:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\vsosdk
2010-03-24 00:23 . 2010-03-24 00:17 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-24 00:23 . 2010-03-24 00:17 47360 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\pcouffin.sys
2010-03-24 00:23 . 2010-03-24 00:17 47360 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\pcouffin.sys
2010-03-24 00:23 . 2010-02-15 04:08 -------- d-----w- c:\program files\VSO
2010-03-23 10:49 . 2009-02-26 03:21 -------- d-----w- c:\program files\AVS4YOU
2010-03-23 10:49 . 2009-02-26 03:22 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-03-23 10:17 . 2010-03-23 10:17 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\AVS4YOU
2010-03-23 10:17 . 2010-03-23 10:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVS4YOU
2010-03-23 08:48 . 2010-03-23 08:48 -------- d-----w- c:\program files\Applian Director
2010-03-11 00:36 . 2010-03-11 00:36 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Leadertech
2010-03-11 00:29 . 2010-03-11 00:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-03-11 00:29 . 2010-03-11 00:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-03-11 00:29 . 2010-03-11 00:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-03-11 00:27 . 2009-02-24 03:38 -------- d-----w- c:\program files\Intel
2010-03-10 23:39 . 2010-03-10 23:39 -------- d-----w- c:\program files\Driver-Soft
2010-03-10 21:31 . 2010-03-10 21:31 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\McAfee
2010-03-10 06:15 . 2004-08-04 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 23:23 . 2010-03-08 23:17 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\GetRightToGo
2010-03-08 23:19 . 2010-03-08 23:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters Inc
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-07 17:15 . 2010-03-07 03:01 13104 ----a-w- c:\documents and settings\Travis Kenyon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-07 10:39 . 2010-03-07 10:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\RoboForm
2010-03-07 09:35 . 2010-03-07 09:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS
2010-03-07 09:34 . 2010-03-07 09:34 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-07 09:30 . 2010-03-07 09:30 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\ATI
2010-03-07 09:27 . 2009-02-22 20:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-07 09:21 . 2010-03-07 08:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-07 09:20 . 2010-03-07 09:20 98304 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-03-07 09:20 . 2010-03-07 09:20 765952 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMDll.dll
2010-03-07 09:20 . 2010-03-07 09:20 401408 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMResource.dll
2010-03-07 09:20 . 2010-03-07 09:20 258352 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\unicows.dll
2010-03-07 09:20 . 2010-03-07 09:20 172032 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGM.exe
2010-03-07 09:20 . 2010-03-07 09:20 126976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\nxgameus.dll
2010-03-07 09:01 . 2010-03-07 08:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2010-03-07 08:49 . 2010-03-07 08:49 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Malwarebytes
2010-03-07 08:49 . 2010-03-07 08:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-03-07 08:47 . 2010-03-07 08:35 -------- d-----w- c:\documents and settings\Travis Kenyon\Application Data\Systweak
2010-03-07 08:44 . 2010-03-07 08:44 1955472 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-03-07 08:38 . 2010-03-07 08:38 503808 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2bab434a-n\msvcp71.dll
2010-03-07 08:38 . 2010-03-07 08:38 499712 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2bab434a-n\jmc.dll
2010-03-07 08:38 . 2010-03-07 08:38 348160 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2bab434a-n\msvcr71.dll
2010-03-07 08:38 . 2010-03-07 08:38 61440 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2bedfe8b-n\decora-sse.dll
2010-03-07 08:38 . 2010-03-07 08:38 12800 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2bedfe8b-n\decora-d3d.dll
2010-03-07 08:38 . 2010-03-07 08:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 08:29 . 2010-03-07 08:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2010-03-07 08:21 . 2010-03-07 08:21 1923768 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-03-07 08:17 . 2009-08-25 20:30 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-07 08:14 . 2010-03-07 08:14 38784 ----a-w- c:\documents and settings\Travis Kenyon\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-07 08:14 . 2010-03-07 08:14 38784 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-07 08:14 . 2010-03-07 08:00 15849560 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\selfextractor_air_1.5.3.exe
2010-03-07 08:01 . 2010-03-07 08:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2010-03-07 08:00 . 2010-03-07 08:00 86016 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-07 07:37 . 2010-03-07 07:37 0 ----a-w- c:\windows\nsreg.dat
2010-03-07 07:00 . 2010-03-07 06:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PMB Files
2010-03-07 06:31 . 2010-03-07 01:13 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.
Code: 
<pre>
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Malwarebytes' Anti-Malware\iyt .exe
c:\program files\Pando Networks\Media Booster\pmb .exe
c:\program files\Siber Systems\AI RoboForm\robotaskbaricon .exe
c:\program files\Unlocker\unlockerassistant .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-05-04_04.05.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-04 05:17 . 2010-05-04 05:17 16384 c:\windows\Temp\Perflib_Perfdata_e8.dat
+ 2010-03-13 04:06 . 2010-05-04 05:17 203574 c:\windows\system32\inetsrv\MetaBase.bin
+ 2010-05-04 04:11 . 2010-05-04 04:11 1094656 c:\windows\Installer\60e5d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-07 2937528]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2010-02-13 5933912]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-03 321328]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-04-18 160328]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-04-17 394984]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-22 18791456]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-03 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58620:TCP"= 58620:TCP:pando Media Booster
"58620:UDP"= 58620:UDP:pando Media Booster

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/10/2010 7:29 PM 10384]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/24/2010 1:45 PM 697328]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/7/2010 4:00 AM 1691480]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
.
.
 
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: {2A253A7E-46D1-40CA-8996-B19A879B274E} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Travis Kenyon\Application Data\Mozilla\Firefox\Profiles\6o8gvmob.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Travis Kenyon\Application Data\Mozilla\Firefox\Profiles\6o8gvmob.default\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}\plugins\npmabiwebframe.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-05-04 00:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2010-05-04 00:23:03
ComboFix-quarantined-files.txt 2010-05-04 05:23
ComboFix2.txt 2010-05-04 04:08
ComboFix3.txt 2010-01-18 03:34

Pre-Run: 206,105,255,936 bytes free
Post-Run: 206,093,537,280 bytes free

- - End Of File - - 36E6C74B6A4C4F40ECAE3326007E8122
 
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4063

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/4/2010 12:30:05 AM
mbam-log-2010-05-04 (00-30-05).txt

Scan type: Quick scan
Objects scanned: 153192
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Status
Not open for further replies.

Similar threads

M
How to couple Desktop Gaming PC to Laptop for Streaming?
Replies
0
Views
537
motaro38
M
R
gigabyte GA-H170M-D3H boot loop power issues , and no display
Replies
5
Views
1K
ripo66
R
R
Suddenly there is no display on the computer
Replies
8
Views
909
Flowace
Flowace
A
Microsoft Outlook 2021 Does Not Install Important Add-In Tool Anymore - Please Help
Replies
0
Views
1K
Azam.biz
A
I
Looking for a laptop that's equal to my desktop
Replies
0
Views
1K
iamloco724
I
Back
Top Bottom