Lelldorianx
2010-06-28, 15:14
I've been battling this issue for about a full week now, luckily installing Norton has helped get me to the point where I can use the computer again. I've already changed all my passwords and stuff, but here are my symptoms:
OS - Win XP Pro SP3
1 - Occasional (down about 50% since installing Norton) pop-ups that are often very similar to search terms I enter. i.e., I searched for a Creative driver and had a search engine redirect to some BS page.
2 - Constant intrusion attempts blocked by Norton. I am assuming this is due to some sort of rootkit. A JPG of this is attached (the attackers vary).
3 - Decreased start-up performance
4 - A background SVCHost which does not belong - ending the process results in a cmd prompt initiated shutdown sequence, something about NT Authority \ DCOM or RPC (or RCP, something like that). Typing shutdown /a stops this.
What I have done:
Run Spybot S&D, Malwarebytes' Anti-Malware, SUPERAntiSpyware, Norton 360 4.0, Avast pre-boot scans.
Spybot removed all issues but one, it finds a cookie of some sort called MediaPlex. When I try to 'fix' this problem using Spybot, the program freezes and must be closed by ending the process.
Norton fixed several trojans and backdoors, but some reason is not removing whatever is attempting to intrude.
Uninstalled all web-browsers as many of the issues were rooted within them (for future information, visiting a gaming website which is normally safe on FireFox proved unsafe on Chrome).
Logs
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:16 PM, on 6/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\IPSBHO.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - e:\games\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SJMTIDWPNL - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SJMTIDWPNL.exe (file missing)
--
End of file - 8439 bytes
DDS
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 19:17:12.60 on Sun 06/27/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2929 [GMT -4:00]
AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton 360 Premier Edition *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Xfire\xfire.exe
I:\virus\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\4.2.0.12\IPSBHO.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\4.2.0.12\coIEPlg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SkyTel] SkyTel.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
============= SERVICES / DRIVERS ===============
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-6-27 328752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-17 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-17 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-17 40384]
R2 HPW5ECP;HPW5ECP;c:\windows\system32\drivers\HPW5ECP.sys [1999-12-17 44032]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\4.2.0.12\ccsvchst.exe [2010-6-27 126392]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-4-21 70912]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-17 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-17 40384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-27 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100625.001\IDSXpx86.sys [2010-6-27 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100627.003\naveng.sys [2010-6-27 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100627.003\navex15.sys [2010-6-27 1347504]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-8-24 21920]
S0 igsvcngq;igsvcngq;c:\windows\system32\drivers\hxhxrfau.sys --> c:\windows\system32\drivers\hxhxrfau.sys [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0400000.07f\symefa.sys --> c:\windows\system32\drivers\n360\0400000.07f\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100619.001\BHDrvx86.sys [2010-6-19 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0400000.07f\cchpx86.sys --> c:\windows\system32\drivers\n360\0400000.07f\ccHPx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-6-27 116784]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\administrator\desktop\vcdrom.sys --> c:\documents and settings\administrator\desktop\VCdRom.sys [?]
S2 chhrwx;Shell Image;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\games\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-4-2 25832]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-18 38224]
S3 rindar;rindar;c:\windows\system32\rindar.sys [2010-6-23 2304]
S3 SJMTIDWPNL;SJMTIDWPNL;c:\docume~1\admini~1\locals~1\temp\sjmtidwpnl.exe --> c:\docume~1\admini~1\locals~1\temp\SJMTIDWPNL.exe [?]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-6-15 79360]
S4 gupdate1c98670ad476eee;Google Update Service (gupdate1c98670ad476eee);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-23 24652]
=============== Created Last 30 ================
2010-06-27 22:30:59 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2010-06-27 22:29:56 8192 -c--a-w- c:\windows\system32\dllcache\httpmb51.dll
2010-06-27 22:26:51 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-06-27 22:26:44 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-06-27 22:26:44 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-06-27 22:26:44 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-06-27 22:26:44 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-06-27 22:26:44 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-06-27 22:26:21 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx4.dll
2010-06-27 22:26:21 7168 ----a-w- c:\windows\system32\bitsprx4.dll
2010-06-27 22:26:21 162304 -c--a-w- c:\windows\system32\dllcache\wuaucpl.cpl
2010-06-27 22:26:21 162304 ----a-w- c:\windows\system32\wuaucpl.cpl
2010-06-27 22:24:49 53248 -c--a-w- c:\windows\system32\dllcache\tsgqec.dll
2010-06-27 22:24:49 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-06-27 22:24:49 290304 -c--a-w- c:\windows\system32\dllcache\rhttpaa.dll
2010-06-27 22:24:49 290304 ----a-w- c:\windows\system32\rhttpaa.dll
2010-06-27 22:24:49 136192 -c--a-w- c:\windows\system32\dllcache\aaclient.dll
2010-06-27 22:24:49 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-06-27 22:14:38 4444 ----a-w- c:\windows\system32\pid.PNF
2010-06-27 21:59:44 0 d-----w- c:\program files\common files\ODBC
2010-06-27 21:58:56 1088840 ----a-r- c:\windows\SETE5.tmp
2010-06-27 21:58:50 1296669 ----a-r- c:\windows\SETE4.tmp
2010-06-27 21:27:39 0 d-----w- c:\docume~1\admini~1\applic~1\Tific
2010-06-27 20:25:59 536576 -c--a-w- c:\windows\system32\dllcache\msado15.dll
2010-06-27 20:25:59 331776 -c--a-w- c:\windows\system32\dllcache\msadce.dll
2010-06-27 20:25:59 200704 -c--a-w- c:\windows\system32\dllcache\msadox.dll
2010-06-27 20:25:59 180224 -c--a-w- c:\windows\system32\dllcache\msadomd.dll
2010-06-27 20:25:59 153088 -c--a-w- c:\windows\system32\dllcache\triedit.dll
2010-06-27 20:25:59 143360 -c--a-w- c:\windows\system32\dllcache\msadco.dll
2010-06-27 20:25:59 102400 -c--a-w- c:\windows\system32\dllcache\msjro.dll
2010-06-27 20:25:58 128512 -c--a-w- c:\windows\system32\dllcache\dhtmled.ocx
2010-06-27 20:24:53 0 d--h--w- c:\program files\WindowsUpdate
2010-06-27 20:07:39 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-06-27 19:57:07 13608 ----a-r- c:\windows\SET178.tmp
2010-06-27 19:57:03 1086182 ----a-r- c:\windows\SET163.tmp
2010-06-26 15:51:13 118 ----a-w- C:\norton.bat
2010-06-26 15:34:58 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-26 15:34:58 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-26 15:34:58 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-26 15:34:58 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-26 15:34:58 0 d-----w- c:\program files\Symantec
2010-06-26 15:33:04 0 d-----w- c:\windows\system32\drivers\N360
2010-06-26 15:33:02 0 d-----w- c:\program files\Norton 360 Premier Edition
2010-06-26 15:21:18 0 d-----w- c:\docume~1\alluse~1\applic~1\PCSettings
2010-06-26 15:19:10 0 d-----w- c:\program files\NortonInstaller
2010-06-26 15:19:10 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-06-26 07:33:08 0 --sh--w- c:\windows\S2A9329DB.tmp
2010-06-25 19:28:07 0 d-----w- c:\program files\CleanUp!
2010-06-25 15:35:22 419451 ----a-w- c:\windows\setupapi.old
2010-06-23 19:26:26 2304 ----a-w- c:\windows\system32\rindar.sys
2010-06-23 01:55:39 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-23 01:55:39 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2010-06-23 01:55:31 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-21 05:47:33 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-21 05:47:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-20 23:27:09 0 d-sha-r- C:\cmdcons
2010-06-20 17:25:22 98816 ----a-w- c:\windows\sed.exe
2010-06-20 17:25:22 77312 ----a-w- c:\windows\MBR.exe
2010-06-20 17:25:22 256512 ----a-w- c:\windows\PEV.exe
2010-06-20 17:25:22 161792 ----a-w- c:\windows\SWREG.exe
2010-06-20 17:22:11 388608 ----a-w- c:\windows\system32\CF4850.exe
2010-06-20 17:17:12 0 d-----w- c:\program files\Trend Micro
2010-06-19 02:07:11 0 d-----w- c:\documents and settings\administrator\Saved Games
2010-06-18 14:37:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-18 14:37:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-18 14:37:44 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-18 14:26:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-06-17 19:41:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-06-17 19:17:59 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-15 17:18:31 31056 ----a-w- c:\windows\system32\BMXStateBkp-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
2010-06-15 17:18:31 31056 ----a-w- c:\windows\system32\BMXState-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
2010-06-15 17:18:31 30528 ----a-w- c:\windows\system32\BMXCtrlState-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
2010-06-15 17:18:31 30528 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
2010-06-15 17:18:31 11564 ----a-w- c:\windows\system32\DVCState-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
2010-06-15 17:18:15 4931715 ----a-w- c:\windows\{00000003-00000000-00000007-00001102-00000004-20021102}.BAK
2010-06-15 17:17:18 4174814 ------w- c:\windows\system32\CT4MGM.SF2
2010-06-15 17:17:18 0 d-----w- c:\windows\system32\Defaults
2010-06-15 17:12:54 4931715 ----a-w- c:\windows\{00000003-00000000-00000007-00001102-00000004-20021102}.CDF
2010-06-15 17:12:51 7062 ----a-w- c:\windows\system32\audiopid.vxd
2010-06-15 17:12:36 0 d-----w- c:\program files\common files\Creative Labs Shared
2010-06-15 17:10:50 0 d-----w- c:\windows\system32\Data
2010-06-15 15:03:18 0 d-----w- c:\program files\Vizati
2010-06-14 05:57:23 0 d-----w- c:\docume~1\admini~1\applic~1\Titanium
2010-06-14 05:29:03 0 d-----w- c:\program files\Akeeba eXtract Wizard
2010-06-13 20:28:09 2444656 ----a-w- c:\windows\system32\pbsvc_apb.exe
2010-06-12 18:52:49 87 ----a-w- c:\documents and settings\administrator\jagex_runescape_preferences2.dat
2010-06-12 18:52:49 0 ----a-w- c:\documents and settings\administrator\jagex__preferences3.dat
2010-06-11 04:49:44 0 d-----w- c:\docume~1\admini~1\applic~1\ICE Game Studios AB
2010-06-10 18:19:19 0 d-----w- c:\docume~1\alluse~1\applic~1\DinsCurse
2010-06-10 18:18:50 0 d-----w- c:\program files\Din's Curse
==================== Find3M ====================
2010-06-27 22:25:19 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-27 17:02:55 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-27 17:02:55 138056 ----a-w- c:\docume~1\admini~1\applic~1\PnkBstrK.sys
2010-06-27 17:02:39 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-27 17:02:28 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-19 02:53:53 45 ----a-w- c:\documents and settings\administrator\jagex_runescape_preferences.dat
2010-06-15 17:11:50 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-15 17:11:50 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-28 00:09:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
2008-02-05 22:16:40 114349681 ----a-w- c:\program files\Starcraft.rar
2007-12-30 08:55:07 8 --sha-r- c:\windows\system32\3289F22200.sys
============= FINISH: 19:18:11.20 ===============
This machine is crucial to my school work... any help is extremely appreciated. I have already spent about a week's worth of time on it and fixed most of the problems, but have only these remaining.
Thanks in advance!!!
-Steve
OS - Win XP Pro SP3
1 - Occasional (down about 50% since installing Norton) pop-ups that are often very similar to search terms I enter. i.e., I searched for a Creative driver and had a search engine redirect to some BS page.
2 - Constant intrusion attempts blocked by Norton. I am assuming this is due to some sort of rootkit. A JPG of this is attached (the attackers vary).
3 - Decreased start-up performance
4 - A background SVCHost which does not belong - ending the process results in a cmd prompt initiated shutdown sequence, something about NT Authority \ DCOM or RPC (or RCP, something like that). Typing shutdown /a stops this.
What I have done:
Run Spybot S&D, Malwarebytes' Anti-Malware, SUPERAntiSpyware, Norton 360 4.0, Avast pre-boot scans.
Spybot removed all issues but one, it finds a cookie of some sort called MediaPlex. When I try to 'fix' this problem using Spybot, the program freezes and must be closed by ending the process.
Norton fixed several trojans and backdoors, but some reason is not removing whatever is attempting to intrude.
Uninstalled all web-browsers as many of the issues were rooted within them (for future information, visiting a gaming website which is normally safe on FireFox proved unsafe on Chrome).
Logs
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:16 PM, on 6/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\IPSBHO.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - e:\games\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SJMTIDWPNL - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SJMTIDWPNL.exe (file missing)
--
End of file - 8439 bytes
DDS
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 19:17:12.60 on Sun 06/27/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2929 [GMT -4:00]
AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton 360 Premier Edition *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Xfire\xfire.exe
I:\virus\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\4.2.0.12\IPSBHO.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\4.2.0.12\coIEPlg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SkyTel] SkyTel.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
============= SERVICES / DRIVERS ===============
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-6-27 328752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-17 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-17 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-17 40384]
R2 HPW5ECP;HPW5ECP;c:\windows\system32\drivers\HPW5ECP.sys [1999-12-17 44032]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\4.2.0.12\ccsvchst.exe [2010-6-27 126392]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-4-21 70912]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-17 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-17 40384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-27 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100625.001\IDSXpx86.sys [2010-6-27 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100627.003\naveng.sys [2010-6-27 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100627.003\navex15.sys [2010-6-27 1347504]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-8-24 21920]
S0 igsvcngq;igsvcngq;c:\windows\system32\drivers\hxhxrfau.sys --> c:\windows\system32\drivers\hxhxrfau.sys [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0400000.07f\symefa.sys --> c:\windows\system32\drivers\n360\0400000.07f\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100619.001\BHDrvx86.sys [2010-6-19 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0400000.07f\cchpx86.sys --> c:\windows\system32\drivers\n360\0400000.07f\ccHPx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-6-27 116784]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\administrator\desktop\vcdrom.sys --> c:\documents and settings\administrator\desktop\VCdRom.sys [?]
S2 chhrwx;Shell Image;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\games\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-4-2 25832]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-18 38224]
S3 rindar;rindar;c:\windows\system32\rindar.sys [2010-6-23 2304]
S3 SJMTIDWPNL;SJMTIDWPNL;c:\docume~1\admini~1\locals~1\temp\sjmtidwpnl.exe --> c:\docume~1\admini~1\locals~1\temp\SJMTIDWPNL.exe [?]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-6-15 79360]
S4 gupdate1c98670ad476eee;Google Update Service (gupdate1c98670ad476eee);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-23 24652]
=============== Created Last 30 ================
2010-06-27 22:30:59 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2010-06-27 22:29:56 8192 -c--a-w- c:\windows\system32\dllcache\httpmb51.dll
2010-06-27 22:26:51 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-06-27 22:26:44 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-06-27 22:26:44 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-06-27 22:26:44 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-06-27 22:26:44 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-06-27 22:26:44 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-06-27 22:26:21 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx4.dll
2010-06-27 22:26:21 7168 ----a-w- c:\windows\system32\bitsprx4.dll
2010-06-27 22:26:21 162304 -c--a-w- c:\windows\system32\dllcache\wuaucpl.cpl
2010-06-27 22:26:21 162304 ----a-w- c:\windows\system32\wuaucpl.cpl
2010-06-27 22:24:49 53248 -c--a-w- c:\windows\system32\dllcache\tsgqec.dll
2010-06-27 22:24:49 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-06-27 22:24:49 290304 -c--a-w- c:\windows\system32\dllcache\rhttpaa.dll
2010-06-27 22:24:49 290304 ----a-w- c:\windows\system32\rhttpaa.dll
2010-06-27 22:24:49 136192 -c--a-w- c:\windows\system32\dllcache\aaclient.dll
2010-06-27 22:24:49 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-06-27 22:14:38 4444 ----a-w- c:\windows\system32\pid.PNF
2010-06-27 21:59:44 0 d-----w- c:\program files\common files\ODBC
2010-06-27 21:58:56 1088840 ----a-r- c:\windows\SETE5.tmp
2010-06-27 21:58:50 1296669 ----a-r- c:\windows\SETE4.tmp
2010-06-27 21:27:39 0 d-----w- c:\docume~1\admini~1\applic~1\Tific
2010-06-27 20:25:59 536576 -c--a-w- c:\windows\system32\dllcache\msado15.dll
2010-06-27 20:25:59 331776 -c--a-w- c:\windows\system32\dllcache\msadce.dll
2010-06-27 20:25:59 200704 -c--a-w- c:\windows\system32\dllcache\msadox.dll
2010-06-27 20:25:59 180224 -c--a-w- c:\windows\system32\dllcache\msadomd.dll
2010-06-27 20:25:59 153088 -c--a-w- c:\windows\system32\dllcache\triedit.dll
2010-06-27 20:25:59 143360 -c--a-w- c:\windows\system32\dllcache\msadco.dll
2010-06-27 20:25:59 102400 -c--a-w- c:\windows\system32\dllcache\msjro.dll
2010-06-27 20:25:58 128512 -c--a-w- c:\windows\system32\dllcache\dhtmled.ocx
2010-06-27 20:24:53 0 d--h--w- c:\program files\WindowsUpdate
2010-06-27 20:07:39 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-06-27 19:57:07 13608 ----a-r- c:\windows\SET178.tmp
2010-06-27 19:57:03 1086182 ----a-r- c:\windows\SET163.tmp
2010-06-26 15:51:13 118 ----a-w- C:\norton.bat
2010-06-26 15:34:58 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-26 15:34:58 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-26 15:34:58 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-26 15:34:58 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-26 15:34:58 0 d-----w- c:\program files\Symantec
2010-06-26 15:33:04 0 d-----w- c:\windows\system32\drivers\N360
2010-06-26 15:33:02 0 d-----w- c:\program files\Norton 360 Premier Edition
2010-06-26 15:21:18 0 d-----w- c:\docume~1\alluse~1\applic~1\PCSettings
2010-06-26 15:19:10 0 d-----w- c:\program files\NortonInstaller
2010-06-26 15:19:10 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-06-26 07:33:08 0 --sh--w- c:\windows\S2A9329DB.tmp
2010-06-25 19:28:07 0 d-----w- c:\program files\CleanUp!
2010-06-25 15:35:22 419451 ----a-w- c:\windows\setupapi.old
2010-06-23 19:26:26 2304 ----a-w- c:\windows\system32\rindar.sys
2010-06-23 01:55:39 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-23 01:55:39 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2010-06-23 01:55:31 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-21 05:47:33 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-21 05:47:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-20 23:27:09 0 d-sha-r- C:\cmdcons
2010-06-20 17:25:22 98816 ----a-w- c:\windows\sed.exe
2010-06-20 17:25:22 77312 ----a-w- c:\windows\MBR.exe
2010-06-20 17:25:22 256512 ----a-w- c:\windows\PEV.exe
2010-06-20 17:25:22 161792 ----a-w- c:\windows\SWREG.exe
2010-06-20 17:22:11 388608 ----a-w- c:\windows\system32\CF4850.exe
2010-06-20 17:17:12 0 d-----w- c:\program files\Trend Micro
2010-06-19 02:07:11 0 d-----w- c:\documents and settings\administrator\Saved Games
2010-06-18 14:37:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-18 14:37:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-18 14:37:44 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-18 14:26:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-06-17 19:41:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-06-17 19:17:59 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-15 17:18:31 31056 ----a-w- c:\windows\system32\BMXStateBkp-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
2010-06-15 17:18:31 31056 ----a-w- c:\windows\system32\BMXState-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
2010-06-15 17:18:31 30528 ----a-w- c:\windows\system32\BMXCtrlState-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
2010-06-15 17:18:31 30528 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
2010-06-15 17:18:31 11564 ----a-w- c:\windows\system32\DVCState-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
2010-06-15 17:18:15 4931715 ----a-w- c:\windows\{00000003-00000000-00000007-00001102-00000004-20021102}.BAK
2010-06-15 17:17:18 4174814 ------w- c:\windows\system32\CT4MGM.SF2
2010-06-15 17:17:18 0 d-----w- c:\windows\system32\Defaults
2010-06-15 17:12:54 4931715 ----a-w- c:\windows\{00000003-00000000-00000007-00001102-00000004-20021102}.CDF
2010-06-15 17:12:51 7062 ----a-w- c:\windows\system32\audiopid.vxd
2010-06-15 17:12:36 0 d-----w- c:\program files\common files\Creative Labs Shared
2010-06-15 17:10:50 0 d-----w- c:\windows\system32\Data
2010-06-15 15:03:18 0 d-----w- c:\program files\Vizati
2010-06-14 05:57:23 0 d-----w- c:\docume~1\admini~1\applic~1\Titanium
2010-06-14 05:29:03 0 d-----w- c:\program files\Akeeba eXtract Wizard
2010-06-13 20:28:09 2444656 ----a-w- c:\windows\system32\pbsvc_apb.exe
2010-06-12 18:52:49 87 ----a-w- c:\documents and settings\administrator\jagex_runescape_preferences2.dat
2010-06-12 18:52:49 0 ----a-w- c:\documents and settings\administrator\jagex__preferences3.dat
2010-06-11 04:49:44 0 d-----w- c:\docume~1\admini~1\applic~1\ICE Game Studios AB
2010-06-10 18:19:19 0 d-----w- c:\docume~1\alluse~1\applic~1\DinsCurse
2010-06-10 18:18:50 0 d-----w- c:\program files\Din's Curse
==================== Find3M ====================
2010-06-27 22:25:19 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-27 17:02:55 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-27 17:02:55 138056 ----a-w- c:\docume~1\admini~1\applic~1\PnkBstrK.sys
2010-06-27 17:02:39 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-27 17:02:28 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-19 02:53:53 45 ----a-w- c:\documents and settings\administrator\jagex_runescape_preferences.dat
2010-06-15 17:11:50 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-15 17:11:50 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-28 00:09:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
2008-02-05 22:16:40 114349681 ----a-w- c:\program files\Starcraft.rar
2007-12-30 08:55:07 8 --sha-r- c:\windows\system32\3289F22200.sys
============= FINISH: 19:18:11.20 ===============
This machine is crucial to my school work... any help is extremely appreciated. I have already spent about a week's worth of time on it and fixed most of the problems, but have only these remaining.
Thanks in advance!!!
-Steve