Jump to content

Hijack this shows couple nasty files


Recommended Posts

Hello!

I had a couple processes running in the background for the past week that I can't stop (atrace32.exe and p2psvc32.exe). Also, when I click a link in google search, a lot of times, it takes me to some random website. I have to refresh google page to fix that, but it is just annoying everytime.

-It shows up on Hijackthis so I attached the log for that to this post. Here's the log: hijackthis.log

-I scanned using MBAM and the log for that is attached below. I removed it with MBAM but it keeps coming up in processes in Windows Task Manager after reboot. Here's the log: mbam-log-2011-08-05 (16-36-55).txt

Attach.txt and ark.txt are attached below (as attach.zip): attach.zip

If you need anything else, let me know!

-Meanwhile, here's the DDS.txt

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\IPSFFPlgn

FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coFFPlgn_2011_7_0_8

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;e:\windows\system32\drivers\PCTCore.sys [2010-8-26 218592]

R0 SymDS;Symantec Data Store;e:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-7-14 340088]

R0 SymEFA;Symantec Extended File Attributes;e:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-7-14 744568]

R1 BHDrvx86;BHDrvx86;e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20110723.001\BHDrvx86.sys [2011-7-22 815736]

R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\sasdifsv.sys [2011-7-12 12880]

R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 SymIRON;Symantec Iron Driver;e:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-7-14 136312]

R2 CrossLoopService;CrossLoop Service;e:\documents and settings\temp\local settings\application data\crossloop\CrossLoopService.exe [2011-7-16 563216]

R2 N360;Norton Security Suite;e:\program files\norton security suite\engine\5.1.0.29\ccsvchst.exe [2011-7-14 130008]

R2 nvUpdatusService;NVIDIA Update Service Daemon;e:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-28 2214504]

R2 SamSs32;Security Accounts Manager ;e:\windows\system32\p2psvc32.exe [2011-7-30 824320]

R3 DAdderFltr;DeathAdder Mouse;e:\windows\system32\drivers\dadder.sys [2010-10-1 22784]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;e:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]

R3 IDSxpx86;IDSxpx86;e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20110804.030\IDSXpx86.sys [2011-8-5 355256]

R3 NAVENG;NAVENG;e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110805.003\NAVENG.SYS [2011-8-5 86136]

R3 NAVEX15;NAVEX15;e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110805.003\NAVEX15.SYS [2011-8-5 1576312]

R3 pbfilter;pbfilter;e:\program files\peerblock\pbfilter.sys [2010-8-26 19056]

R3 vHidDev;Razer Gaming Device;e:\windows\system32\drivers\vHidDev.sys [2010-10-1 5760]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);e:\program files\google\update\GoogleUpdate.exe [2010-8-26 136176]

S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2010-8-25 1691480]

S3 gupdatem;Google Update Service (gupdatem);e:\program files\google\update\GoogleUpdate.exe [2010-8-26 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [2011-6-15 41272]

S3 pwdrvio;pwdrvio;e:\windows\system32\pwdrvio.sys [2010-8-26 16472]

S3 pwdspio;pwdspio;e:\windows\system32\pwdspio.sys [2010-8-26 11104]

S3 sdAuxService;PC Tools Auxiliary Service;e:\program files\spyware doctor\pctsAuxs.exe [2010-8-26 366840]

S3 sdCoreService;PC Tools Security Service;e:\program files\spyware doctor\pctsSvc.exe [2010-8-26 1142224]

S3 tvnserver;TightVNC Server;e:\documents and settings\temp\local settings\application data\crossloop\tvnserver.exe [2011-7-16 814080]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-08-05 18:10:46 0 ---ha-w- e:\documents and settings\temp\rrumsprmro.tmp

2011-08-01 21:25:19 -------- d-----w- e:\documents and settings\temp\application data\SUPERAntiSpyware.com

2011-08-01 21:25:19 -------- d-----w- e:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-08-01 21:25:12 -------- d-----w- e:\program files\SUPERAntiSpyware

2011-08-01 21:17:29 388096 ----a-r- e:\documents and settings\temp\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-08-01 21:17:29 -------- d-----w- e:\program files\Trend Micro

2011-08-01 00:18:13 -------- d-----w- e:\documents and settings\temp\riotsGamesLogs

2011-07-31 22:39:27 -------- d-----w- e:\program files\Nero

2011-07-31 22:37:31 -------- d-----w- e:\documents and settings\all users\application data\LightScribe

2011-07-31 22:29:01 1414440 ----a-w- e:\windows\system32\ShellManager310E2D762.dll

2011-07-31 04:27:02 -------- d-----w- e:\documents and settings\temp\application data\NeroDigital™

2011-07-31 01:36:28 824320 ----a-w- e:\windows\system32\atrace32.exe

2011-07-31 01:36:27 824320 ----a-w- e:\windows\system32\p2psvc32.exe

2011-07-26 03:55:58 -------- d-----w- e:\program files\Quick AVI Splitter

2011-07-24 00:18:24 -------- d-----w- e:\documents and settings\temp\local settings\application data\gctmp

2011-07-24 00:18:23 -------- d-----w- e:\documents and settings\temp\local settings\application data\Xenocode

2011-07-24 00:18:10 -------- d-----w- e:\program files\Game Cam XPress

2011-07-24 00:10:36 -------- d-----w- e:\program files\CamStudio 2.6b

2011-07-24 00:06:59 49664 ----a-w- e:\windows\system32\CamCodec.dll

2011-07-20 19:53:20 -------- d-----w- e:\program files\Telltale Games

2011-07-18 02:40:52 -------- d-----w- E:\Fraps

2011-07-14 17:37:49 744568 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\symefa.sys

2011-07-14 17:37:49 50168 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\srtspx.sys

2011-07-14 17:37:49 369784 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\symtdi.sys

2011-07-14 17:37:49 340088 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\symds.sys

2011-07-14 17:37:49 331384 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys

2011-07-14 17:37:49 296568 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\symnets.sys

2011-07-14 17:37:48 516216 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\srtsp.sys

2011-07-14 17:37:48 136312 ----a-r- e:\windows\system32\drivers\n360\0501000.01d\ironx86.sys

2011-07-14 17:37:26 -------- d-----w- e:\windows\system32\drivers\n360\0501000.01D

2011-07-14 01:37:59 26600 ----a-w- e:\windows\system32\drivers\GEARAspiWDM.sys

2011-07-14 01:37:53 60872 ----a-w- e:\windows\system32\S32EVNT1.DLL

2011-07-14 01:37:53 126584 ----a-w- e:\windows\system32\drivers\SYMEVENT.SYS

2011-07-14 01:37:53 -------- d-----w- e:\program files\Symantec

2011-07-14 01:37:53 -------- d-----w- e:\program files\common files\Symantec Shared

2011-07-14 01:37:40 106928 ----a-w- e:\windows\system32\GEARAspi.dll

2011-07-14 01:37:29 -------- d-----w- e:\windows\system32\drivers\N360

2011-07-14 01:37:28 -------- d-----w- e:\program files\Norton Security Suite

2011-07-14 01:37:02 -------- d-----w- e:\program files\NortonInstaller

2011-07-14 00:28:45 -------- d-----w- e:\documents and settings\temp\application data\UltraVNC

2011-07-14 00:21:33 -------- d-----w- e:\documents and settings\temp\local settings\application data\CrossLoop

2011-07-11 21:52:58 -------- d-----w- e:\program files\DExUS

2011-07-09 00:59:27 -------- d-----w- e:\program files\Debugging Tools for Windows (x86)

2011-07-06 21:16:43 -------- d-----w- e:\program files\common files\DirectX

.

==================== Find3M ====================

.

2011-08-05 02:27:54 138160 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys

2011-08-05 02:27:42 271200 ----a-w- e:\windows\system32\PnkBstrB.xtr

2011-08-05 02:27:42 271200 ----a-w- e:\windows\system32\PnkBstrB.exe

2011-08-05 01:56:16 271200 ----a-w- e:\windows\system32\PnkBstrB.ex0

2011-07-09 01:30:03 273344 ----a-w- e:\windows\system32\nvdrsdb1.bin

2011-07-09 01:30:03 1 ----a-w- e:\windows\system32\nvdrssel.bin

2011-07-06 23:52:42 41272 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- e:\windows\system32\drivers\mbam.sys

2011-06-20 21:06:12 273344 ----a-w- e:\windows\system32\nvdrsdb0.bin

2011-06-19 17:49:06 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02:05 1858944 ----a-w- e:\windows\system32\win32k.sys

2011-05-28 12:56:24 65536 ----a-w- e:\windows\system32\frapsvid.dll

2011-05-25 17:41:35 499712 ----a-w- e:\windows\system32\msvcp71.dll

2011-05-15 02:24:35 3 ----a-w- e:\windows\sw_app.sys

2011-05-13 00:52:37 75136 ----a-w- e:\windows\system32\PnkBstrA.exe

.

============= FINISH: 16:49:15.64 ===============

Link to post
Share on other sites

MBAM log (does not show atrace32.exe and p2psvc32.exe but both are still running in the background):

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7390

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

8/5/2011 6:43:44 PM

mbam-log-2011-08-05 (18-43-44).txt

Scan type: Quick scan

Objects scanned: 169552

Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

____________________________________________________________________________________________________________________________________________________________________________________________________

Heres a new DDS.txt:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 6.0.2900.5512

Run by temp at 18:46:33 on 2011-08-05

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1485 [GMT -4:00]

.

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Enabled*

.

============== Running Processes ===============

.

E:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

E:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

E:\WINDOWS\System32\svchost.exe -k netsvcs

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Razer\DeathAdder\razerhid.exe

E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

E:\Program Files\PeerBlock\peerblock.exe

svchost.exe

E:\Documents and Settings\temp\Local Settings\Application Data\CrossLoop\CrossLoopService.exe

E:\Program Files\Java\jre6\bin\jqs.exe

E:\Program Files\Common Files\LightScribe\LSSrvc.exe

E:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\WINDOWS\system32\PnkBstrA.exe

E:\WINDOWS\system32\p2psvc32.exe

E:\WINDOWS\system32\atrace32.exe

E:\Program Files\Razer\DeathAdder\razerofa.exe

E:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

E:\WINDOWS\System32\svchost.exe -k HTTPFilter

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Program Files\Mozilla Firefox\plugin-container.exe

E:\Program Files\mIRC\mirc.exe

E:\Documents and Settings\temp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

E:\Documents and Settings\temp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

E:\Documents and Settings\temp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

E:\Documents and Settings\temp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

E:\Documents and Settings\temp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

E:\Documents and Settings\temp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

E:\Documents and Settings\temp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - e:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - e:\program files\divx\divx plus web player\npdivx32.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - e:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - e:\program files\norton security suite\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - e:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll

uRun: [PeerBlock] e:\program files\peerblock\peerblock.exe

uRun: [sUPERAntiSpyware] e:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [DeathAdder] e:\program files\razer\deathadder\razerhid.exe

mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup

mRun: [GrooveMonitor] "e:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{7E1688EB-E12B-4201-8611-54937FF91AF3} : DhcpNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "e:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - e:\documents and settings\temp\application data\mozilla\firefox\profiles\qckt431p.default\

FF - prefs.js: browser.startup.homepage - www.gamespot.com

FF - component: e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coffplgn_2011_7_0_8\components\coFFPlgn.dll

FF - component: e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\ipsffplgn\components\IPSFFPl.dll

FF - component: e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: e:\documents and settings\temp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: e:\documents and settings\temp\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: e:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: e:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: e:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: e:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: e:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: e:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: e:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: e:\program files\veetle\player\npvlc.dll

FF - plugin: e:\program files\veetle\plugins\npVeetle.dll

FF - plugin: e:\program files\veetle\vlcbroadcast\npvbp.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Tab Saver!: {7A074BE0-2326-436d-B473-029FAEBEB5C6} - %profile%\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}

FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

FF - Ext: XUL Cache: {c36b999d-f9f4-4fb0-8295-095693b9ec38} - %profile%\extensions\{c36b999d-f9f4-4fb0-8295-095693b9ec38}

FF - Ext: Java Quick Starter: jqs@sun.com - e:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - e:\program files\divx\divx plus web player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - e:\program files\divx\divx plus web player\firefox\wpa

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\IPSFFPlgn

FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coFFPlgn_2011_7_0_8

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;e:\windows\system32\drivers\PCTCore.sys [2010-8-26 218592]

R0 SymDS;Symantec Data Store;e:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-7-14 340088]

R0 SymEFA;Symantec Extended File Attributes;e:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-7-14 744568]

R1 BHDrvx86;BHDrvx86;e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20110723.001\BHDrvx86.sys [2011-7-22 815736]

R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\sasdifsv.sys [2011-7-12 12880]

R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 SymIRON;Symantec Iron Driver;e:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-7-14 136312]

R2 CrossLoopService;CrossLoop Service;e:\documents and settings\temp\local settings\application data\crossloop\CrossLoopService.exe [2011-7-16 563216]

R2 N360;Norton Security Suite;e:\program files\norton security suite\engine\5.1.0.29\ccsvchst.exe [2011-7-14 130008]

R2 nvUpdatusService;NVIDIA Update Service Daemon;e:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-28 2214504]

R2 SamSs32;Security Accounts Manager ;e:\windows\system32\p2psvc32.exe [2011-7-30 824320]

R3 DAdderFltr;DeathAdder Mouse;e:\windows\system32\drivers\dadder.sys [2010-10-1 22784]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;e:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]

R3 IDSxpx86;IDSxpx86;e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20110804.030\IDSXpx86.sys [2011-8-5 355256]

R3 NAVENG;NAVENG;e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110805.003\NAVENG.SYS [2011-8-5 86136]

R3 NAVEX15;NAVEX15;e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110805.003\NAVEX15.SYS [2011-8-5 1576312]

R3 pbfilter;pbfilter;e:\program files\peerblock\pbfilter.sys [2010-8-26 19056]

R3 vHidDev;Razer Gaming Device;e:\windows\system32\drivers\vHidDev.sys [2010-10-1 5760]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);e:\program files\google\update\GoogleUpdate.exe [2010-8-26 136176]

S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2010-8-25 1691480]

S3 gupdatem;Google Update Service (gupdatem);e:\program files\google\update\GoogleUpdate.exe [2010-8-26 136176]

S3 pwdrvio;pwdrvio;e:\windows\system32\pwdrvio.sys [2010-8-26 16472]

S3 pwdspio;pwdspio;e:\windows\system32\pwdspio.sys [2010-8-26 11104]

S3 sdAuxService;PC Tools Auxiliary Service;e:\program files\spyware doctor\pctsAuxs.exe [2010-8-26 366840]

S3 sdCoreService;PC Tools Security Service;e:\program files\spyware doctor\pctsSvc.exe [2010-8-26 1142224]

S3 tvnserver;TightVNC Server;e:\documents and settings\temp\local settings\application data\crossloop\tvnserver.exe [2011-7-16 814080]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-08-05 20:56:14 -------- d-sh--w- E:\$RECYCLE.BIN

2011-08-05 18:10:46 0 ---ha-w- e:\documents and settings\temp\rrumsprmro.tmp

2011-08-01 21:25:19 -------- d-----w- e:\documents and settings\temp\application data\SUPERAntiSpyware.com

2011-08-01 21:25:19 -------- d-----w- e:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-08-01 21:25:12 -------- d-----w- e:\program files\SUPERAntiSpyware

2011-08-01 21:17:29 388096 ----a-r- e:\documents and settings\temp\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-08-01 21:17:29 -------- d-----w- e:\program files\Trend Micro

2011-08-01 00:18:13 -------- d-----w- e:\documents and settings\temp\riotsGamesLogs

2011-07-31 22:39:27 -------- d-----w- e:\program files\Nero

2011-07-31 22:37:31 -------- d-----w- e:\documents and settings\all users\application data\LightScribe

2011-07-31 22:29:01 1414440 ----a-w- e:\windows\system32\ShellManager310E2D762.dll

2011-07-31 04:27:02 -------- d-----w- e:\documents and settings\temp\application data\NeroDigital™

2011-07-31 01:36:28 824320 ----a-w- e:\windows\system32\atrace32.exe

2011-07-31 01:36:27 824320 ----a-w- e:\windows\system32\p2psvc32.exe

2011-07-26 03:55:58 -------- d-----w- e:\program files\Quick AVI Splitter

2011-07-24 00:18:24 -------- d-----w- e:\documents and settings\temp\local settings\application data\gctmp

2011-07-24 00:18:23 -------- d-----w- e:\documents and settings\temp\local settings\application data\Xenocode

2011-07-24 00:18:10 -------- d-----w- e:\program files\Game Cam XPress

2011-07-24 00:10:36 -------- d-----w- e:\program files\CamStudio 2.6b

2011-07-24 00:06:59 49664 ----a-w- e:\windows\system32\CamCodec.dll

2011-07-20 19:53:20 -------- d-----w- e:\program files\Telltale Games

2011-07-18 02:40:52 -------- d-----w- E:\Fraps

2011-07-14 17:37:49 744568 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\symefa.sys

2011-07-14 17:37:49 50168 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\srtspx.sys

2011-07-14 17:37:49 369784 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\symtdi.sys

2011-07-14 17:37:49 340088 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\symds.sys

2011-07-14 17:37:49 331384 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys

2011-07-14 17:37:49 296568 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\symnets.sys

2011-07-14 17:37:48 516216 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\srtsp.sys

2011-07-14 17:37:48 136312 ----a-r- e:\windows\system32\drivers\n360\0501000.01d\ironx86.sys

2011-07-14 17:37:26 -------- d-----w- e:\windows\system32\drivers\n360\0501000.01D

2011-07-14 01:37:59 26600 ----a-w- e:\windows\system32\drivers\GEARAspiWDM.sys

2011-07-14 01:37:53 60872 ----a-w- e:\windows\system32\S32EVNT1.DLL

2011-07-14 01:37:53 126584 ----a-w- e:\windows\system32\drivers\SYMEVENT.SYS

2011-07-14 01:37:53 -------- d-----w- e:\program files\Symantec

2011-07-14 01:37:53 -------- d-----w- e:\program files\common files\Symantec Shared

2011-07-14 01:37:40 106928 ----a-w- e:\windows\system32\GEARAspi.dll

2011-07-14 01:37:29 -------- d-----w- e:\windows\system32\drivers\N360

2011-07-14 01:37:28 -------- d-----w- e:\program files\Norton Security Suite

2011-07-14 01:37:02 -------- d-----w- e:\program files\NortonInstaller

2011-07-14 00:28:45 -------- d-----w- e:\documents and settings\temp\application data\UltraVNC

2011-07-14 00:21:33 -------- d-----w- e:\documents and settings\temp\local settings\application data\CrossLoop

2011-07-11 21:52:58 -------- d-----w- e:\program files\DExUS

2011-07-09 00:59:27 -------- d-----w- e:\program files\Debugging Tools for Windows (x86)

.

==================== Find3M ====================

.

2011-08-05 02:27:54 138160 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys

2011-08-05 02:27:42 271200 ----a-w- e:\windows\system32\PnkBstrB.xtr

2011-08-05 02:27:42 271200 ----a-w- e:\windows\system32\PnkBstrB.exe

2011-08-05 01:56:16 271200 ----a-w- e:\windows\system32\PnkBstrB.ex0

2011-07-09 01:30:03 273344 ----a-w- e:\windows\system32\nvdrsdb1.bin

2011-07-09 01:30:03 1 ----a-w- e:\windows\system32\nvdrssel.bin

2011-07-06 23:52:42 41272 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- e:\windows\system32\drivers\mbam.sys

2011-06-20 21:06:12 273344 ----a-w- e:\windows\system32\nvdrsdb0.bin

2011-06-19 17:49:06 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02:05 1858944 ----a-w- e:\windows\system32\win32k.sys

2011-05-28 12:56:24 65536 ----a-w- e:\windows\system32\frapsvid.dll

2011-05-25 17:41:35 499712 ----a-w- e:\windows\system32\msvcp71.dll

2011-05-15 02:24:35 3 ----a-w- e:\windows\sw_app.sys

2011-05-13 00:52:37 75136 ----a-w- e:\windows\system32\PnkBstrA.exe

.

============= FINISH: 18:47:14.90 ===============

Link to post
Share on other sites

Hi,

Update MBAM, run a Quick Scan, and post its log. If those files aren't detected, zip them up and attach them to your next post so I can send them to our developers.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7428

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

8/10/2011 3:51:38 PM

mbam-log-2011-08-10 (15-51-35).txt

Scan type: Quick scan

Objects scanned: 171868

Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 4

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

e:\WINDOWS\system32\atrace32.dll (IPH.GenericBHO) -> No action taken.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{0DE874BD-1EB8-4B71-80E1-3B4B2F8DF553} (IPH.GenericBHO) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0DE874BD-1EB8-4B71-80E1-3B4B2F8DF553} (IPH.GenericBHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0DE874BD-1EB8-4B71-80E1-3B4B2F8DF553} (IPH.GenericBHO) -> No action taken.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

e:\WINDOWS\system32\atrace32.dll (IPH.GenericBHO) -> No action taken.

Link to post
Share on other sites

ComboFix 11-08-10.03 - temp 08/10/2011 21:42:19.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1789 [GMT -4:00]

Running from: e:\documents and settings\temp\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

.

((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 )))))))))))))))))))))))))))))))

.

.

2011-08-01 21:25 . 2011-08-01 21:25 -------- d-----w- e:\documents and settings\temp\Application Data\SUPERAntiSpyware.com

2011-08-01 21:25 . 2011-08-01 21:25 -------- d-----w- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-08-01 21:25 . 2011-08-06 21:28 -------- d-----w- e:\program files\SUPERAntiSpyware

2011-08-01 21:17 . 2011-08-01 21:17 388096 ----a-r- e:\documents and settings\temp\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-01 21:17 . 2011-08-01 21:17 -------- d-----w- e:\program files\Trend Micro

2011-08-01 00:18 . 2011-08-08 18:45 -------- d-----w- e:\documents and settings\temp\riotsGamesLogs

2011-07-31 22:37 . 2011-07-31 22:37 -------- d-----w- e:\documents and settings\All Users\Application Data\LightScribe

2011-07-31 22:35 . 2011-07-31 22:35 -------- d-----w- e:\program files\Common Files\LightScribe

2011-07-31 22:29 . 2008-06-24 17:45 1414440 ----a-w- e:\windows\system32\ShellManager310E2D762.dll

2011-07-31 04:27 . 2011-07-31 04:27 -------- d-----w- e:\documents and settings\temp\Application Data\NeroDigital™

2011-07-31 01:36 . 2011-07-31 01:36 824320 ----a-w- e:\windows\system32\atrace32.exe

2011-07-31 01:36 . 2011-07-31 01:36 824320 ----a-w- e:\windows\system32\p2psvc32.exe

2011-07-26 03:55 . 2011-07-26 03:55 -------- d-----w- e:\program files\Quick AVI Splitter

2011-07-24 00:18 . 2011-07-24 00:29 -------- d-----w- e:\documents and settings\temp\Local Settings\Application Data\gctmp

2011-07-24 00:18 . 2011-07-24 00:18 -------- d-----w- e:\documents and settings\temp\Local Settings\Application Data\Xenocode

2011-07-24 00:18 . 2011-07-24 00:18 -------- d-----w- e:\program files\Game Cam XPress

2011-07-24 00:10 . 2011-07-24 00:10 -------- d-----w- e:\program files\CamStudio 2.6b

2011-07-24 00:06 . 2010-10-24 04:56 49664 ----a-w- e:\windows\system32\CamCodec.dll

2011-07-20 19:53 . 2011-07-20 19:53 -------- d-----w- e:\program files\Telltale Games

2011-07-18 02:40 . 2011-07-26 00:47 -------- d-----w- E:\Fraps

2011-07-14 01:37 . 2010-08-21 04:59 26600 ----a-w- e:\windows\system32\drivers\GEARAspiWDM.sys

2011-07-14 01:37 . 2011-07-14 22:32 -------- d-----w- e:\program files\Common Files\Symantec Shared

2011-07-14 01:37 . 2011-07-14 17:37 60872 ----a-w- e:\windows\system32\S32EVNT1.DLL

2011-07-14 01:37 . 2011-07-14 17:37 126584 ----a-w- e:\windows\system32\drivers\SYMEVENT.SYS

2011-07-14 01:37 . 2011-07-14 17:37 -------- d-----w- e:\program files\Symantec

2011-07-14 01:37 . 2010-08-21 04:59 106928 ----a-w- e:\windows\system32\GEARAspi.dll

2011-07-14 01:37 . 2011-07-14 17:41 -------- d-----w- e:\windows\system32\drivers\N360

2011-07-14 01:37 . 2011-07-14 01:37 -------- d-----w- e:\program files\Norton Security Suite

2011-07-14 01:37 . 2011-07-14 01:37 -------- d-----w- e:\program files\NortonInstaller

2011-07-14 00:28 . 2011-07-14 00:28 -------- d-----w- e:\documents and settings\temp\Application Data\UltraVNC

2011-07-14 00:22 . 2011-07-14 00:22 -------- d-----w- e:\documents and settings\LocalService\Application Data\TightVNC

2011-07-14 00:21 . 2011-07-16 17:19 -------- d-----w- e:\documents and settings\temp\Local Settings\Application Data\CrossLoop

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-10 02:52 . 2010-08-26 04:05 138160 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys

2011-08-10 02:52 . 2010-08-26 04:05 271200 ----a-w- e:\windows\system32\PnkBstrB.exe

2011-08-10 02:52 . 2010-08-26 04:05 271200 ----a-w- e:\windows\system32\PnkBstrB.xtr

2011-08-10 02:34 . 2010-08-26 04:05 271200 ----a-w- e:\windows\system32\PnkBstrB.ex0

2011-07-06 23:52 . 2011-06-16 00:25 41272 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2011-06-16 00:25 22712 ----a-w- e:\windows\system32\drivers\mbam.sys

2011-07-03 18:46 . 2011-07-03 18:46 53248 ----a-r- e:\documents and settings\temp\Application Data\Microsoft\Installer\{21AFD9CF-046A-41F1-9A6E-EE48483DA864}\ARPPRODUCTICON.exe

2011-06-19 17:49 . 2011-05-15 17:51 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02 . 2004-08-04 06:17 1858944 ----a-w- e:\windows\system32\win32k.sys

2011-05-28 12:56 . 2011-05-28 12:56 65536 ----a-w- e:\windows\system32\frapsvid.dll

2011-05-25 17:41 . 2011-03-15 03:48 499712 ----a-w- e:\windows\system32\msvcp71.dll

2011-05-25 06:09 . 2010-10-16 17:04 54272 ----a-w- e:\windows\system32\nvwddi.dll

2011-05-25 06:09 . 2010-10-16 17:04 111208 ----a-w- e:\windows\system32\nvmctray.dll

2011-05-25 06:09 . 2010-10-16 17:04 154728 ----a-w- e:\windows\system32\nvsvc32.exe

2011-05-25 06:09 . 2010-10-16 17:04 13895272 ----a-w- e:\windows\system32\nvcpl.dll

2011-05-25 06:09 . 2011-05-28 19:53 543336 ----a-w- e:\windows\system32\easyupdatusapiu.dll

2011-05-25 06:09 . 2011-05-28 19:52 899688 ----a-w- e:\windows\system32\nvdispco3220150.dll

2011-05-25 06:09 . 2011-05-28 19:52 865896 ----a-w- e:\windows\system32\nvgenco322090.dll

2011-05-25 06:09 . 2010-11-12 23:14 61440 ----a-w- e:\windows\system32\OpenCL.dll

2011-05-25 06:09 . 2010-11-12 23:14 2808936 ----a-w- e:\windows\system32\nvcuvid.dll

2011-05-25 06:09 . 2010-11-12 23:14 16068608 ----a-w- e:\windows\system32\nvoglnt.dll

2011-05-25 06:09 . 2010-11-12 23:14 2082408 ----a-w- e:\windows\system32\nvcuvenc.dll

2011-05-25 06:09 . 2010-10-16 17:04 145000 ----a-w- e:\windows\system32\nvcolor.exe

2011-05-25 06:09 . 2010-11-12 23:14 5332992 ----a-w- e:\windows\system32\nvcuda.dll

2011-05-25 06:09 . 2010-11-12 23:14 2328576 ----a-w- e:\windows\system32\nvapi.dll

2011-05-25 06:09 . 2010-11-12 23:14 13004800 ----a-w- e:\windows\system32\nvcompiler.dll

2011-05-25 06:09 . 2010-08-25 22:53 12753664 ----a-w- e:\windows\system32\drivers\nv4_mini.sys

2011-05-25 06:09 . 2010-08-25 22:53 4198272 ----a-w- e:\windows\system32\nv4_disp.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-11_01.30.32 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-08-11 01:41 . 2011-08-11 01:41 16384 e:\windows\Temp\Perflib_Perfdata_548.dat

+ 2011-08-11 01:40 . 2011-08-11 01:40 16384 e:\windows\Temp\Perflib_Perfdata_260.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PeerBlock"="e:\program files\PeerBlock\peerblock.exe" [2010-10-15 1867888]

"Pando Media Booster"="e:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-09 3077528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DeathAdder"="e:\program files\Razer\DeathAdder\razerhid.exe" [2010-05-05 251392]

"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2011-05-25 13895272]

"TkBellExe"="e:\program files\real\realplayer\update\realsched.exe" [2011-05-25 273544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

"Google Update"="e:\documents and settings\temp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

"MsnMsgr"="e:\program files\MSN Messenger\msnmsgr.exe" /background

"SUPERAntiSpyware"=e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"HPDJ Taskbar Utility"=e:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

"RTHDCPL"=RTHDCPL.EXE

"nwiz"=e:\program files\NVIDIA Corporation\nView\nwiz.exe /installquiet

"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe"

"NvCplDaemon"=RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup

"NeroFilterCheck"=e:\program files\Common Files\Nero\Lib\NeroCheck.exe

"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

"DivX Download Manager"="e:\program files\DivX\DivX Plus Web Player\DDmService.exe" start

"DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"mIRC Trial Reset"=\mIRC.TR.exe

"TkBellExe"="e:\program files\real\realplayer\update\realsched.exe" -osboot

"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" -atboottime

"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

"AgataSoft ShutDown Pro"=

"NBAgent"="e:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\Program Files\\uTorrent\\uTorrent.exe"=

"e:\\Program Files\\AIM\\aim.exe"=

"e:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"g:\\Games\\Bulletstorm\\Binaries\\Win32\\ShippingPC-StormGame.exe"=

"e:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"e:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"e:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"e:\\Documents and Settings\\temp\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=

"e:\\Documents and Settings\\temp\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=

"c:\\Games\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"=

"c:\\Games\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=

"e:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"e:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Games\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5910:TCP"= 5910:TCP:vnc5910

"1041:TCP"= 1041:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

"57989:TCP"= 57989:TCP:Pando Media Booster

"57989:UDP"= 57989:UDP:Pando Media Booster

.

R0 PCTCore;PCTools KDS;e:\windows\system32\drivers\PCTCore.sys [8/26/2010 12:33 AM 218592]

R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [8/26/2010 3:22 PM 691696]

R0 SymDS;Symantec Data Store;e:\windows\system32\drivers\N360\0501000.01D\symds.sys [7/14/2011 1:37 PM 340088]

R0 SymEFA;Symantec Extended File Attributes;e:\windows\system32\drivers\N360\0501000.01D\symefa.sys [7/14/2011 1:37 PM 744568]

R1 BHDrvx86;BHDrvx86;e:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110723.001\BHDrvx86.sys [7/22/2011 8:27 PM 815736]

R1 SymIRON;Symantec Iron Driver;e:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [7/14/2011 1:37 PM 136312]

R2 N360;Norton Security Suite;e:\program files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [7/14/2011 1:37 PM 130008]

R2 nvUpdatusService;NVIDIA Update Service Daemon;e:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [5/28/2011 3:53 PM 2214504]

R3 DAdderFltr;DeathAdder Mouse;e:\windows\system32\drivers\dadder.sys [10/1/2010 7:07 PM 22784]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;e:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/27/2011 9:27 PM 105592]

R3 IDSxpx86;IDSxpx86;e:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110810.030\IDSXpx86.sys [8/10/2011 9:31 PM 355256]

R3 pbfilter;pbfilter;e:\program files\PeerBlock\pbfilter.sys [8/26/2010 12:33 AM 19056]

R3 vHidDev;Razer Gaming Device;e:\windows\system32\drivers\vHidDev.sys [10/1/2010 7:07 PM 5760]

S1 SASDIFSV;SASDIFSV;\??\e:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> e:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\e:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 CrossLoopService;CrossLoop Service;e:\documents and settings\temp\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [7/16/2011 1:19 PM 563216]

S2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [8/26/2010 12:32 AM 136176]

S2 SamSs32;Security Accounts Manager ;e:\windows\system32\p2psvc32.exe [7/30/2011 9:36 PM 824320]

S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [8/25/2010 9:56 PM 1691480]

S3 gupdatem;Google Update Service (gupdatem);e:\program files\Google\Update\GoogleUpdate.exe [8/26/2010 12:32 AM 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [6/15/2011 8:25 PM 41272]

S3 pwdrvio;pwdrvio;e:\windows\system32\pwdrvio.sys [8/26/2010 12:42 AM 16472]

S3 pwdspio;pwdspio;e:\windows\system32\pwdspio.sys [8/26/2010 12:42 AM 11104]

S3 sdAuxService;PC Tools Auxiliary Service;e:\program files\Spyware Doctor\pctsAuxs.exe [8/26/2010 12:33 AM 366840]

S3 tvnserver;TightVNC Server;e:\documents and settings\temp\Local Settings\Application Data\CrossLoop\tvnserver.exe [7/16/2011 1:19 PM 814080]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - PBFILTER

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 16:11 451872 ----a-w- e:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-03 e:\windows\Tasks\AppleSoftwareUpdate.job

- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2010-12-22 e:\windows\Tasks\Game_Booster_AutoUpdate.job

- e:\program files\IObit\Game Booster\AutoUpdate.exe [2010-12-22 20:20]

.

2011-08-11 e:\windows\Tasks\Game_Booster_Startup.job

- e:\program files\IObit\Game Booster\gbtray.exe [2011-05-26 20:20]

.

2011-08-11 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- e:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 04:32]

.

2011-08-11 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- e:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 04:32]

.

2011-08-10 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-839522115-1003Core.job

- e:\documents and settings\temp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-30 22:37]

.

2011-08-11 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1078145449-839522115-1003UA.job

- e:\documents and settings\temp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-30 22:37]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - e:\documents and settings\temp\Application Data\Mozilla\Firefox\Profiles\qckt431p.default\

FF - prefs.js: browser.startup.homepage - www.gamespot.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Tab Saver!: {7A074BE0-2326-436d-B473-029FAEBEB5C6} - %profile%\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}

FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

FF - Ext: Java Quick Starter: jqs@sun.com - e:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - e:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - e:\program files\DivX\DivX Plus Web Player\firefox\wpa

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - e:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - e:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn

FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - e:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_0_8

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-10 21:46

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"e:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"e:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-682003330-1078145449-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{575B692A-1788-3181-0CE9-A449F1BF2CC8}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iakojenjicecehinbi"=hex:6a,61,68,6c,64,70,63,6e,63,6c,64,65,68,61,64,61,70,6d,

6d,6b,00,00

"hambpcaocinahgca"=hex:6a,61,68,6c,64,70,63,6e,63,6c,64,65,68,61,64,61,70,6d,

6d,6b,00,09

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2432)

e:\windows\system32\msi.dll

.

Completion time: 2011-08-10 21:47:42

ComboFix-quarantined-files.txt 2011-08-11 01:47

ComboFix2.txt 2011-08-05 18:03

.

Pre-Run: 5,643,673,600 bytes free

Post-Run: 5,630,087,168 bytes free

.

- - End Of File - - 59FC67C90539E7720C309060AF1CCAD0

_____________________________________________________________________________________________________________________________________________________________

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 6.0.2900.5512

Run by temp at 21:49:32 on 2011-08-10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1762 [GMT -4:00]

.

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Enabled*

.

============== Running Processes ===============

.

E:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

E:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Razer\DeathAdder\razerhid.exe

E:\program files\real\realplayer\update\realsched.exe

E:\Program Files\PeerBlock\peerblock.exe

E:\Program Files\Pando Networks\Media Booster\PMB.exe

svchost.exe

E:\Program Files\Java\jre6\bin\jqs.exe

E:\Program Files\Common Files\LightScribe\LSSrvc.exe

E:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\WINDOWS\system32\PnkBstrA.exe

E:\Program Files\Razer\DeathAdder\razerofa.exe

E:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

E:\WINDOWS\System32\svchost.exe -k HTTPFilter

E:\Program Files\VideoLAN\VLC\vlc.exe

E:\WINDOWS\explorer.exe

E:\WINDOWS\System32\svchost.exe -k netsvcs

E:\WINDOWS\system32\notepad.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - e:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - e:\program files\divx\divx plus web player\npdivx32.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - e:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - e:\program files\norton security suite\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - e:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll

uRun: [PeerBlock] e:\program files\peerblock\peerblock.exe

uRun: [Pando Media Booster] e:\program files\pando networks\media booster\PMB.exe

mRun: [DeathAdder] e:\program files\razer\deathadder\razerhid.exe

mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup

mRun: [TkBellExe] "e:\program files\real\realplayer\update\realsched.exe" -osboot

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{7E1688EB-E12B-4201-8611-54937FF91AF3} : DhcpNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\program files\microsoft office\office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "e:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - e:\documents and settings\temp\application data\mozilla\firefox\profiles\qckt431p.default\

FF - prefs.js: browser.startup.homepage - www.gamespot.com

FF - component: e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coffplgn_2011_7_0_8\components\coFFPlgn.dll

FF - component: e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\ipsffplgn\components\IPSFFPl.dll

FF - component: e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: e:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: e:\documents and settings\temp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: e:\documents and settings\temp\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: e:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: e:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: e:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: e:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: e:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: e:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: e:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: e:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: e:\program files\veetle\player\npvlc.dll

FF - plugin: e:\program files\veetle\plugins\npVeetle.dll

FF - plugin: e:\program files\veetle\vlcbroadcast\npvbp.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Tab Saver!: {7A074BE0-2326-436d-B473-029FAEBEB5C6} - %profile%\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}

FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

FF - Ext: Java Quick Starter: jqs@sun.com - e:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - e:\program files\divx\divx plus web player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - e:\program files\divx\divx plus web player\firefox\wpa

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\IPSFFPlgn

FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coFFPlgn_2011_7_0_8

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;e:\windows\system32\drivers\PCTCore.sys [2010-8-26 218592]

R0 SymDS;Symantec Data Store;e:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-7-14 340088]

R0 SymEFA;Symantec Extended File Attributes;e:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-7-14 744568]

R1 BHDrvx86;BHDrvx86;e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20110723.001\BHDrvx86.sys [2011-7-22 815736]

R1 SymIRON;Symantec Iron Driver;e:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-7-14 136312]

R2 N360;Norton Security Suite;e:\program files\norton security suite\engine\5.1.0.29\ccsvchst.exe [2011-7-14 130008]

R2 nvUpdatusService;NVIDIA Update Service Daemon;e:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-28 2214504]

R3 DAdderFltr;DeathAdder Mouse;e:\windows\system32\drivers\dadder.sys [2010-10-1 22784]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;e:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]

R3 IDSxpx86;IDSxpx86;e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20110810.030\IDSXpx86.sys [2011-8-10 355256]

R3 NAVENG;NAVENG;e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110810.019\NAVENG.SYS [2011-8-10 86136]

R3 NAVEX15;NAVEX15;e:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110810.019\NAVEX15.SYS [2011-8-10 1576312]

R3 pbfilter;pbfilter;e:\program files\peerblock\pbfilter.sys [2010-8-26 19056]

R3 vHidDev;Razer Gaming Device;e:\windows\system32\drivers\vHidDev.sys [2010-10-1 5760]

S1 SASDIFSV;SASDIFSV;\??\e:\program files\superantispyware\sasdifsv.sys --> e:\program files\superantispyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\e:\program files\superantispyware\saskutil.sys --> e:\program files\superantispyware\SASKUTIL.SYS [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 CrossLoopService;CrossLoop Service;e:\documents and settings\temp\local settings\application data\crossloop\CrossLoopService.exe [2011-7-16 563216]

S2 gupdate;Google Update Service (gupdate);e:\program files\google\update\GoogleUpdate.exe [2010-8-26 136176]

S2 SamSs32;Security Accounts Manager ;e:\windows\system32\p2psvc32.exe [2011-7-30 824320]

S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2010-8-25 1691480]

S3 gupdatem;Google Update Service (gupdatem);e:\program files\google\update\GoogleUpdate.exe [2010-8-26 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [2011-6-15 41272]

S3 pwdrvio;pwdrvio;e:\windows\system32\pwdrvio.sys [2010-8-26 16472]

S3 pwdspio;pwdspio;e:\windows\system32\pwdspio.sys [2010-8-26 11104]

S3 sdAuxService;PC Tools Auxiliary Service;e:\program files\spyware doctor\pctsAuxs.exe [2010-8-26 366840]

S3 sdCoreService;PC Tools Security Service;e:\program files\spyware doctor\pctsSvc.exe [2010-8-26 1142224]

S3 tvnserver;TightVNC Server;e:\documents and settings\temp\local settings\application data\crossloop\tvnserver.exe [2011-7-16 814080]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-08-11 01:41:18 -------- d-----w- E:\ComboFix

2011-08-11 01:24:52 98816 ----a-w- e:\windows\sed.exe

2011-08-11 01:24:52 518144 ----a-w- e:\windows\SWREG.exe

2011-08-11 01:24:52 256000 ----a-w- e:\windows\PEV.exe

2011-08-11 01:24:52 208896 ----a-w- e:\windows\MBR.exe

2011-08-10 23:59:02 -------- d-----w- e:\documents and settings\temp\.MakeMKV

2011-08-10 23:58:53 -------- d-----w- e:\program files\MakeMKV

2011-08-09 19:14:58 -------- d-----w- e:\documents and settings\all users\application data\NexonUS

2011-08-09 18:49:53 -------- d-----w- e:\documents and settings\temp\local settings\application data\PMB Files

2011-08-09 18:49:50 -------- d-----w- e:\documents and settings\all users\application data\PMB Files

2011-08-06 21:32:29 -------- d-----w- e:\documents and settings\temp\local settings\application data\Nero

2011-08-06 21:10:42 -------- d-----w- e:\program files\Nero

2011-08-06 06:02:54 -------- d-----w- e:\program files\AgataSoft

2011-08-01 21:25:19 -------- d-----w- e:\documents and settings\temp\application data\SUPERAntiSpyware.com

2011-08-01 21:25:19 -------- d-----w- e:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-08-01 21:25:12 -------- d-----w- e:\program files\SUPERAntiSpyware

2011-08-01 21:17:29 388096 ----a-r- e:\documents and settings\temp\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-08-01 21:17:29 -------- d-----w- e:\program files\Trend Micro

2011-08-01 00:18:13 -------- d-----w- e:\documents and settings\temp\riotsGamesLogs

2011-07-31 22:37:31 -------- d-----w- e:\documents and settings\all users\application data\LightScribe

2011-07-31 22:29:01 1414440 ----a-w- e:\windows\system32\ShellManager310E2D762.dll

2011-07-31 04:27:02 -------- d-----w- e:\documents and settings\temp\application data\NeroDigital™

2011-07-31 01:36:28 824320 ----a-w- e:\windows\system32\atrace32.exe

2011-07-31 01:36:27 824320 ----a-w- e:\windows\system32\p2psvc32.exe

2011-07-26 03:55:58 -------- d-----w- e:\program files\Quick AVI Splitter

2011-07-24 00:18:24 -------- d-----w- e:\documents and settings\temp\local settings\application data\gctmp

2011-07-24 00:18:23 -------- d-----w- e:\documents and settings\temp\local settings\application data\Xenocode

2011-07-24 00:18:10 -------- d-----w- e:\program files\Game Cam XPress

2011-07-24 00:10:36 -------- d-----w- e:\program files\CamStudio 2.6b

2011-07-24 00:06:59 49664 ----a-w- e:\windows\system32\CamCodec.dll

2011-07-20 19:53:20 -------- d-----w- e:\program files\Telltale Games

2011-07-18 02:40:52 -------- d-----w- E:\Fraps

2011-07-14 17:37:49 744568 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\symefa.sys

2011-07-14 17:37:49 50168 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\srtspx.sys

2011-07-14 17:37:49 369784 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\symtdi.sys

2011-07-14 17:37:49 340088 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\symds.sys

2011-07-14 17:37:49 331384 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys

2011-07-14 17:37:49 296568 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\symnets.sys

2011-07-14 17:37:48 516216 ----a-w- e:\windows\system32\drivers\n360\0501000.01d\srtsp.sys

2011-07-14 17:37:48 136312 ----a-r- e:\windows\system32\drivers\n360\0501000.01d\ironx86.sys

2011-07-14 17:37:26 -------- d-----w- e:\windows\system32\drivers\n360\0501000.01D

2011-07-14 01:37:59 26600 ----a-w- e:\windows\system32\drivers\GEARAspiWDM.sys

2011-07-14 01:37:53 60872 ----a-w- e:\windows\system32\S32EVNT1.DLL

2011-07-14 01:37:53 126584 ----a-w- e:\windows\system32\drivers\SYMEVENT.SYS

2011-07-14 01:37:53 -------- d-----w- e:\program files\Symantec

2011-07-14 01:37:53 -------- d-----w- e:\program files\common files\Symantec Shared

2011-07-14 01:37:40 106928 ----a-w- e:\windows\system32\GEARAspi.dll

2011-07-14 01:37:29 -------- d-----w- e:\windows\system32\drivers\N360

2011-07-14 01:37:28 -------- d-----w- e:\program files\Norton Security Suite

2011-07-14 01:37:02 -------- d-----w- e:\program files\NortonInstaller

2011-07-14 00:28:45 -------- d-----w- e:\documents and settings\temp\application data\UltraVNC

2011-07-14 00:21:33 -------- d-----w- e:\documents and settings\temp\local settings\application data\CrossLoop

.

==================== Find3M ====================

.

2011-08-10 02:52:38 138160 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys

2011-08-10 02:52:24 271200 ----a-w- e:\windows\system32\PnkBstrB.xtr

2011-08-10 02:52:24 271200 ----a-w- e:\windows\system32\PnkBstrB.exe

2011-08-10 02:34:26 271200 ----a-w- e:\windows\system32\PnkBstrB.ex0

2011-07-09 01:30:03 273344 ----a-w- e:\windows\system32\nvdrsdb1.bin

2011-07-09 01:30:03 1 ----a-w- e:\windows\system32\nvdrssel.bin

2011-07-06 23:52:42 41272 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- e:\windows\system32\drivers\mbam.sys

2011-06-20 21:06:12 273344 ----a-w- e:\windows\system32\nvdrsdb0.bin

2011-06-19 17:49:06 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02:05 1858944 ----a-w- e:\windows\system32\win32k.sys

2011-05-28 12:56:24 65536 ----a-w- e:\windows\system32\frapsvid.dll

2011-05-25 17:41:35 499712 ----a-w- e:\windows\system32\msvcp71.dll

2011-05-15 02:24:35 3 ----a-w- e:\windows\sw_app.sys

.

============= FINISH: 21:49:56.28 ===============

Link to post
Share on other sites

  • Staff

Hi,

I notice that you are using more than one antivirus program Norton and SpwareDoctor). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=150e1f854c84244bb13a55e8d3a7f9f2

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-08-12 08:19:16

# local_time=2011-08-12 04:19:16 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 853017 853017 0 0

# compatibility_mode=2560 16777191 100 0 0 0 0 0

# compatibility_mode=3589 16777189 80 84 1498691 63748962 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=292252

# found=6

# cleaned=6

# scan_time=7488

E:\Documents and Settings\temp\Application Data\Sun\Java\Deployment\cache\6.0\50\6d16b872-590cfa05 probably a variant of Win32/Agent.RPSVWU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

E:\Documents and Settings\temp\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\fjmhcmffboolmlhclcjhnplcpcjklcke\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

E:\WINDOWS\system32\atrace32.exe a variant of Win32/Kryptik.QZM trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

E:\WINDOWS\system32\p2psvc32.exe a variant of Win32/Kryptik.QZM trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

________________________________________________________________________________________________________________________________________________________________________________________________________

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

ESET Online Scanner v3

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Adobe Flash Player 10.3.181.26

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

``````````End of Log````````````

After restarting my pc, I don't see p2psvc32.exe or atrace32.exe in Windows Task Manager. Seems like Eset32 did the trick; now the question is will those 2 files return? Last couple times I removed them, they came back as soon as I restarted my pc. It hasn't happened after my first restart so signs are positive thus far.

As for spywaredoctor, I did not have it enabled. The services for it were all disabled. I still fully uninstalled it since I have no need for it. Thanks for the help so far!

Link to post
Share on other sites

  • Staff

Hi,

I don't think they will return.

In addition, I have submitted those files to our developers, so MBAM should be able to detect it now if it's there.

Go ahead and update MBAM, run a Quick Scan, and post its log. See if anything is detected.

Please download ATF Cleaner by Atribune from here, and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Java Cache

The rest are optional - if you want to remove the whole lot, check Select All.

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Reader 9.0

Restart your computer.

Get the latest version of Adobe Reader.

Next, please visit Windows Update and download all critical updates, including Internet Explorer 8.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.