ComboFix 11-01-10.04 - me 01/10/2011  15:56:13.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.1.1033.18.1915.828 [GMT -5:00]
Running from: c:\users\me\Documents\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\SysWoW32
c:\programdata\SysWoW32\mu1989486576v4
c:\programdata\SysWoW32\mu1989486576v4.kwd
c:\programdata\SysWoW32\mu1989486576v5
c:\programdata\SysWoW32\mu1989486576v5.kwd
c:\programdata\SysWoW32\mu1989486576v6
c:\programdata\SysWoW32\mu1989486576v6.kwd
c:\programdata\SysWoW32\mu1989486576v7
c:\programdata\SysWoW32\mu1989486576v7.kwd
c:\programdata\SysWoW32\wu1989486576v0
c:\programdata\SysWoW32\wu1989486576v0.kwd
c:\programdata\SysWoW32\wu1989486576v1
c:\programdata\SysWoW32\wu1989486576v1.kwd
c:\programdata\SysWoW32\wu1989486576v2
c:\programdata\SysWoW32\wu1989486576v2.kwd
c:\programdata\SysWoW32\wu1989486576v3
c:\programdata\SysWoW32\wu1989486576v3.kwd
c:\windows\system32\scvideo.dll

.
(((((((((((((((((((((((((   Files Created from 2010-12-10 to 2011-01-10  )))))))))))))))))))))))))))))))
.

2011-01-10 21:24 . 2011-01-10 21:24	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-01-10 21:24 . 2011-01-10 21:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-01-10 21:24 . 2011-01-10 21:24	--------	d-----w-	c:\users\Boop\AppData\Local\temp
2011-01-10 21:24 . 2011-01-10 21:24	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-01-10 19:59 . 2011-01-10 19:59	--------	d-----w-	c:\users\me\AppData\Roaming\Registry Mechanic
2011-01-10 19:58 . 2011-01-10 20:12	--------	d-----w-	c:\program files\Registry Easy
2011-01-10 19:46 . 2010-09-16 17:26	37336	----a-w-	c:\windows\system32\CleanMFT32.exe
2011-01-10 19:46 . 2008-04-02 21:54	1101824	----a-w-	c:\windows\system32\UniBox210.ocx
2011-01-10 19:46 . 2008-04-02 21:53	212992	----a-w-	c:\windows\system32\UniBoxVB12.ocx
2011-01-10 19:46 . 2008-04-02 21:53	880640	----a-w-	c:\windows\system32\UniBox10.ocx
2011-01-10 19:46 . 2004-08-04 13:00	506368	----a-w-	c:\windows\system32\msxml.dll
2011-01-10 19:46 . 2008-09-18 03:17	658432	----a-w-	c:\windows\system32\MSCOMCT2.OCX
2011-01-10 18:18 . 2011-01-10 18:18	--------	d-----w-	c:\users\me\AppData\Roaming\Uniblue
2011-01-10 18:16 . 2011-01-10 18:16	--------	dc-h--w-	c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-01-10 18:15 . 2011-01-10 18:15	--------	d-----w-	c:\program files\Uniblue
2011-01-10 18:11 . 2011-01-10 18:11	--------	d-----w-	c:\users\me\AppData\Local\PackageAware
2010-12-26 22:02 . 2010-12-26 22:02	--------	d-----w-	c:\users\me\AppData\Roaming\DAEMON Tools Lite
2010-12-26 22:02 . 2010-12-26 22:02	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2010-12-26 21:04 . 2010-12-26 21:04	--------	d-----w-	C:\extensions
2010-12-20 03:03 . 2010-12-20 03:03	--------	d-----w-	c:\users\me\AppData\Local\Yahoo
2010-12-20 02:47 . 2010-12-20 02:48	--------	d-----w-	c:\programdata\Yahoo! Companion
2010-12-15 17:42 . 2010-10-28 12:56	2048	----a-w-	c:\windows\system32\tzres.dll
2010-12-15 17:40 . 2010-10-12 13:52	515584	----a-w-	c:\program files\Windows Mail\wab.exe
2010-12-15 17:40 . 2010-10-12 13:52	66048	----a-w-	c:\program files\Windows Mail\wabmig.exe
2010-12-15 17:40 . 2010-10-12 15:48	33280	----a-w-	c:\program files\Windows Mail\wabfind.dll
2010-12-15 17:37 . 2010-10-18 13:56	2037248	----a-w-	c:\windows\system32\win32k.sys
2010-12-15 17:35 . 2010-11-06 11:09	603648	----a-w-	c:\windows\system32\schedsvc.dll
2010-12-15 17:35 . 2010-11-06 11:10	357376	----a-w-	c:\windows\system32\taskschd.dll
2010-12-15 17:35 . 2010-11-06 11:10	345088	----a-w-	c:\windows\system32\wmicmiplugin.dll
2010-12-15 17:35 . 2010-11-05 00:53	171520	----a-w-	c:\windows\system32\taskeng.exe
2010-12-15 17:35 . 2010-11-06 11:10	270336	----a-w-	c:\windows\system32\taskcomp.dll
2010-12-15 17:35 . 2010-10-18 14:01	81920	----a-w-	c:\windows\system32\consent.exe
2010-12-15 17:34 . 2010-10-28 13:03	292352	----a-w-	c:\windows\system32\atmfd.dll
2010-12-15 17:34 . 2010-10-28 15:02	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-12-15 17:34 . 2010-06-16 15:12	72704	----a-w-	c:\windows\system32\fontsub.dll
2010-12-15 17:20 . 2010-11-03 10:51	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2010-09-16 4425048]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-08-18 1287120]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]

c:\users\Boop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^me^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-10-17 22:52	51048	----a-w-	c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-02 13:13	133104	----atw-	c:\users\me\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36	2793304	----a-w-	c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2008-02-26 07:50	988512	----a-w-	c:\program files\Norton 360\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-07 01:12	1029416	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2008-08-04 21:46	1242424	----a-w-	c:\program files\Toshiba\TOSHIBA Service Station\TSS.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 135664]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\DRIVERS\mausb.sys [2008-03-11 143624]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-08-18 218592]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2010-03-25 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-03-25 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-03-25 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101223.002\IDSvix86.sys [2010-11-09 353912]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2010-03-25 117640]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2010-03-25 48688]


--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 17:49]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 17:49]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146225478-2751266370-3618135412-1000Core1cac7b23bd32580.job
- c:\users\me\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-02 13:13]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146225478-2751266370-3618135412-1002Core.job
- c:\users\Boop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-07 16:00]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146225478-2751266370-3618135412-1002UA.job
- c:\users\Boop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-07 16:00]

2010-12-23 c:\windows\Tasks\Norton Security Scan for me.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-12 16:50]

2011-01-10 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-01-10 22:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-HotbarSA - c:\program files\Hotbar\bin\11.0.78.0\HotbarSA.exe
MSConfigStartUp-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-ooVoo - c:\program files\ooVoo\ooVoo.exe
MSConfigStartUp-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSConfigStartUp-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSConfigStartUp-WeatherDPA - c:\program files\Hotbar\bin\11.0.78.0\Weather.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 16:25
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-10  16:34:17
ComboFix-quarantined-files.txt  2011-01-10 21:33

Pre-Run: 53,577,379,840 bytes free
Post-Run: 60,968,976,384 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
- - End Of File - - 09D1C9E673ADC7E8609E3856F7B7F256