My PC has 4 users configured on it. Several of the users have gotten error messages as they login the profile has been corrupted. I was able recover the users files by recreating the user but this problem is persisting. Which makes me think the computer may have a problem.
I have gone through the 5 step virus removal instructions and below are the logs from the process:
malware run:
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.11.15
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
NickN :: DOGBOY [administrator]
Protection: Enabled
10/11/2012 7:23:01 PM
mbam-log-2012-10-11 (19-23-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 357033
Time elapsed: 9 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER run:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-10-11 19:39:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c Maxtor_6Y160P0 rev.YAR41BW0
Running: GMER.exe; Driver: D:\DOCUME~1\NickN\LOCALS~1\Temp\uxtdapoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
DDS run:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by NickN at 19:39:49 on 2012-10-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2107 [GMT -7:00]
.
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
D:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
D:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\Java\jre7\bin\jqs.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
D:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
D:\Program Files\Secunia\PSI\PSIA.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\Program Files\Logitech\SetPointP\SetPoint.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Secunia\PSI\psi_tray.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
D:\Program Files\HP\HP Officejet 6700\bin\HPNetworkCommunicator.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Secunia\PSI\sua.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - d:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - d:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - d:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - d:\program files\xfin_portal\auxi\comcastAu.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - d:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre7\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - d:\program files\canon\easy-webprint\Toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - d:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - d:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [Google Update] "d:\documents and settings\nickn\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [GEST] m‘|Pë
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "d:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [DivXUpdate] "d:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [EvtMgr6] d:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [ROC_ROC_NT] "d:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
StartupFolder: d:\docume~1\nickn\startm~1\programs\startup\monito~1.lnk - d:\windows\system32\RunDll32.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - d:\program files\netgear\wnda3100v2\WNDA3100v2.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - d:\program files\secunia\psi\psi_tray.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - d:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1346999591687
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1323501593171
TCP: Interfaces\{BCB0DA37-E276-4D2B-BD0B-C1339EBD8C89} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BF9E757B-84E7-42F0-96DB-6CF27AFFEC5D} : DhcpNameServer = 192.168.1.1
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - d:\program files\wot\WOT.dll
Notify: LBTWlgn - d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;d:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
R1 avkmgr;avkmgr;d:\windows\system32\drivers\avkmgr.sys [2011-12-9 36000]
R1 BHDrvx86;BHDrvx86;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-10-1 995488]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R1 SymIRON;Symantec Iron Driver;d:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
R2 !SASCORE;SAS Core Service;d:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AntiVirSchedulerService;Avira Scheduler;d:\program files\avira\antivir desktop\sched.exe [2011-12-9 86224]
R2 AntiVirService;Avira Realtime Protection;d:\program files\avira\antivir desktop\avguard.exe [2011-12-9 110032]
R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2011-12-9 83392]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;d:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 LBeepKE;Logitech Beep Suppression Driver;d:\windows\system32\drivers\LBeepKE.sys [2011-12-14 12184]
R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-11 399432]
R2 N360;Norton Security Suite;d:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;d:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-12-9 2253120]
R2 Secunia PSI Agent;Secunia PSI Agent;d:\program files\secunia\psi\psia.exe [2011-10-13 994360]
R2 Secunia Update Agent;Secunia Update Agent;d:\program files\secunia\psi\sua.exe [2011-10-13 399416]
R2 WSWNDA3100;WSWNDA3100;d:\program files\netgear\wnda3100v2\WifiSvc.exe [2012-1-2 272864]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;d:\windows\system32\drivers\bcmwlhigh5.sys [2012-1-2 1034240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-8 106656]
R3 IDSxpx86;IDSxpx86;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20121011.001\IDSXpx86.sys [2012-10-11 373728]
R3 NAVENG;NAVENG;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20121011.018\naveng.sys [2012-10-11 92704]
R3 NAVEX15;NAVEX15;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20121011.018\navex15.sys [2012-10-11 1601184]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;d:\windows\system32\drivers\nvhda32.sys [2011-12-9 119656]
R3 PSI;PSI;d:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2011-12-12 136176]
S2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-11 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;d:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-15 250808]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\google\update\GoogleUpdate.exe [2011-12-12 136176]
S3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2012-10-11 22856]
S3 NPF;Netgroup Packet Filter;d:\windows\system32\drivers\npf.sys [2012-1-2 50704]
S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-12 02:02:47 -------- d-----w- d:\documents and settings\nickn\application data\Malwarebytes
2012-10-12 02:02:16 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2012-10-12 02:02:15 22856 ----a-w- d:\windows\system32\drivers\mbam.sys
2012-10-12 02:02:15 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2012-10-09 02:49:35 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Apple
2012-10-09 02:47:18 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Apple Computer
2012-10-09 01:43:51 -------- d-----w- d:\documents and settings\all users\application data\Battle.net
2012-09-28 07:20:09 -------- d-----w- d:\documents and settings\nickn\application data\Windows Search
2012-09-24 06:08:46 -------- d-----w- d:\documents and settings\nickn\application data\HpUpdate
2012-09-21 08:31:44 -------- d-sh--w- d:\documents and settings\nickn\IECompatCache
2012-09-21 05:34:11 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Sun
2012-09-21 05:32:31 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Secunia PSI
2012-09-20 07:39:46 -------- d-----w- d:\documents and settings\nickn\application data\NVIDIA
2012-09-20 07:04:21 -------- d-sh--w- d:\documents and settings\nickn\PrivacIE
2012-09-20 07:04:19 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Google
2012-09-20 07:03:40 -------- d-----w- d:\documents and settings\nickn\application data\Avira
2012-09-20 07:03:34 -------- d-----w- d:\documents and settings\nickn\local settings\application data\jZip
2012-09-20 06:58:37 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Identities
2012-09-20 06:58:35 -------- d-----w- d:\documents and settings\nickn\application data\Windows Desktop Search
2012-09-20 06:51:04 -------- d-sh--w- d:\documents and settings\nickn\IETldCache
2012-09-20 06:36:11 17224 ----a-w- d:\windows\system32\roboot.exe
2012-09-20 06:36:09 -------- d-----w- d:\program files\WinZip Registry Optimizer
.
==================== Find3M ====================
.
2012-10-08 18:26:07 73656 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 18:26:07 696760 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-08-31 02:57:21 93672 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
2012-08-31 02:57:21 821736 ----a-w- d:\windows\system32\npDeployJava1.dll
2012-08-31 02:57:21 746984 ----a-w- d:\windows\system32\deployJava1.dll
2012-08-31 02:57:21 143872 ----a-w- d:\windows\system32\javacpl.cpl
2012-08-28 15:14:53 916992 ----a-w- d:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- d:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- d:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- d:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- d:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- d:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- d:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 19:40:30.26 ===============
I have gone through the 5 step virus removal instructions and below are the logs from the process:
malware run:
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.11.15
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
NickN :: DOGBOY [administrator]
Protection: Enabled
10/11/2012 7:23:01 PM
mbam-log-2012-10-11 (19-23-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 357033
Time elapsed: 9 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER run:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-10-11 19:39:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c Maxtor_6Y160P0 rev.YAR41BW0
Running: GMER.exe; Driver: D:\DOCUME~1\NickN\LOCALS~1\Temp\uxtdapoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
DDS run:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by NickN at 19:39:49 on 2012-10-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2107 [GMT -7:00]
.
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
D:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
D:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\Java\jre7\bin\jqs.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
D:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
D:\Program Files\Secunia\PSI\PSIA.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\Program Files\Logitech\SetPointP\SetPoint.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Secunia\PSI\psi_tray.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
D:\Program Files\HP\HP Officejet 6700\bin\HPNetworkCommunicator.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Secunia\PSI\sua.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - d:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - d:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - d:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - d:\program files\xfin_portal\auxi\comcastAu.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - d:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre7\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - d:\program files\canon\easy-webprint\Toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - d:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - d:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [Google Update] "d:\documents and settings\nickn\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [GEST] m‘|Pë
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "d:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [DivXUpdate] "d:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [EvtMgr6] d:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [ROC_ROC_NT] "d:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
StartupFolder: d:\docume~1\nickn\startm~1\programs\startup\monito~1.lnk - d:\windows\system32\RunDll32.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - d:\program files\netgear\wnda3100v2\WNDA3100v2.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - d:\program files\secunia\psi\psi_tray.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - d:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1346999591687
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1323501593171
TCP: Interfaces\{BCB0DA37-E276-4D2B-BD0B-C1339EBD8C89} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BF9E757B-84E7-42F0-96DB-6CF27AFFEC5D} : DhcpNameServer = 192.168.1.1
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - d:\program files\wot\WOT.dll
Notify: LBTWlgn - d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;d:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
R1 avkmgr;avkmgr;d:\windows\system32\drivers\avkmgr.sys [2011-12-9 36000]
R1 BHDrvx86;BHDrvx86;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-10-1 995488]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R1 SymIRON;Symantec Iron Driver;d:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
R2 !SASCORE;SAS Core Service;d:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AntiVirSchedulerService;Avira Scheduler;d:\program files\avira\antivir desktop\sched.exe [2011-12-9 86224]
R2 AntiVirService;Avira Realtime Protection;d:\program files\avira\antivir desktop\avguard.exe [2011-12-9 110032]
R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2011-12-9 83392]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;d:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 LBeepKE;Logitech Beep Suppression Driver;d:\windows\system32\drivers\LBeepKE.sys [2011-12-14 12184]
R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-11 399432]
R2 N360;Norton Security Suite;d:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;d:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-12-9 2253120]
R2 Secunia PSI Agent;Secunia PSI Agent;d:\program files\secunia\psi\psia.exe [2011-10-13 994360]
R2 Secunia Update Agent;Secunia Update Agent;d:\program files\secunia\psi\sua.exe [2011-10-13 399416]
R2 WSWNDA3100;WSWNDA3100;d:\program files\netgear\wnda3100v2\WifiSvc.exe [2012-1-2 272864]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;d:\windows\system32\drivers\bcmwlhigh5.sys [2012-1-2 1034240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-8 106656]
R3 IDSxpx86;IDSxpx86;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20121011.001\IDSXpx86.sys [2012-10-11 373728]
R3 NAVENG;NAVENG;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20121011.018\naveng.sys [2012-10-11 92704]
R3 NAVEX15;NAVEX15;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20121011.018\navex15.sys [2012-10-11 1601184]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;d:\windows\system32\drivers\nvhda32.sys [2011-12-9 119656]
R3 PSI;PSI;d:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2011-12-12 136176]
S2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-11 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;d:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-15 250808]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\google\update\GoogleUpdate.exe [2011-12-12 136176]
S3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2012-10-11 22856]
S3 NPF;Netgroup Packet Filter;d:\windows\system32\drivers\npf.sys [2012-1-2 50704]
S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-12 02:02:47 -------- d-----w- d:\documents and settings\nickn\application data\Malwarebytes
2012-10-12 02:02:16 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2012-10-12 02:02:15 22856 ----a-w- d:\windows\system32\drivers\mbam.sys
2012-10-12 02:02:15 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2012-10-09 02:49:35 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Apple
2012-10-09 02:47:18 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Apple Computer
2012-10-09 01:43:51 -------- d-----w- d:\documents and settings\all users\application data\Battle.net
2012-09-28 07:20:09 -------- d-----w- d:\documents and settings\nickn\application data\Windows Search
2012-09-24 06:08:46 -------- d-----w- d:\documents and settings\nickn\application data\HpUpdate
2012-09-21 08:31:44 -------- d-sh--w- d:\documents and settings\nickn\IECompatCache
2012-09-21 05:34:11 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Sun
2012-09-21 05:32:31 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Secunia PSI
2012-09-20 07:39:46 -------- d-----w- d:\documents and settings\nickn\application data\NVIDIA
2012-09-20 07:04:21 -------- d-sh--w- d:\documents and settings\nickn\PrivacIE
2012-09-20 07:04:19 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Google
2012-09-20 07:03:40 -------- d-----w- d:\documents and settings\nickn\application data\Avira
2012-09-20 07:03:34 -------- d-----w- d:\documents and settings\nickn\local settings\application data\jZip
2012-09-20 06:58:37 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Identities
2012-09-20 06:58:35 -------- d-----w- d:\documents and settings\nickn\application data\Windows Desktop Search
2012-09-20 06:51:04 -------- d-sh--w- d:\documents and settings\nickn\IETldCache
2012-09-20 06:36:11 17224 ----a-w- d:\windows\system32\roboot.exe
2012-09-20 06:36:09 -------- d-----w- d:\program files\WinZip Registry Optimizer
.
==================== Find3M ====================
.
2012-10-08 18:26:07 73656 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 18:26:07 696760 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-08-31 02:57:21 93672 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
2012-08-31 02:57:21 821736 ----a-w- d:\windows\system32\npDeployJava1.dll
2012-08-31 02:57:21 746984 ----a-w- d:\windows\system32\deployJava1.dll
2012-08-31 02:57:21 143872 ----a-w- d:\windows\system32\javacpl.cpl
2012-08-28 15:14:53 916992 ----a-w- d:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- d:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- d:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- d:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- d:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- d:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- d:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 19:40:30.26 ===============