I was getting nowhere after 48 hours, and was on the brink of a reformat when a buddy of mine said he had recently heard of a svchost.exe virus going around. I checked the svchost.exe processes, found i had 6 running, and then traced one to a folder that didn't belong and was created at the same time all the issues started (in a erdt cache folder). I moved it, rebooted, and found the computer more responsive, and the pc would no longer lockup in 5 min. Now I could actually install software before the system locked up, and found a trojan, and a little bit of spyware, but the system would still lock up eventually (after a 6 hour scan it locked up).
I then ran malwarebytes, CCleaner, Kaspersky, Clamwin AV, Adaware Professional SE, Spybot S&D, Spyware Terminator, and finally SAV Corp 10. The system no longer locks up, and would seem to be running normally for the most part, however, SAV Corp is finding a Boot.Mebroot in the MBR of the hd. I can clean it, however, 2 seconds later the rundll32.exe process runs for about 3 seconds, and then rewrites it into the MBR. I did some research and found a few sites claiming that if the icon of rundll32.exe was a page icon instead of a gear icon that meant the file was affected by a virus, though it may not actually contain a virus. I scanned the file with jotti's malware scan, and the file came back clean. I can't say if this is a pre-existing issue or if this developed as a result of the issue on Nov 21st, but I can say that SAV Corp 10 never found anything in the MBR prior to that event as I always scan every file I download and now I can scan any file, including desktop shortcuts, and the Boot.Mebroot will show up.
So as of this moment, "i think" i got rid of the original virus that was giving me the major issues, but I can't be sure, and I feel my system is not secure at this moment. I found your forum, and then set up my system for a RootRepeal scan, but that took over 40 hours and just finished in the last hour. Is a 40 hour scan for RootRepeal normal?
I realize its the holidays, and that may prevent me from getting help in a timely manner; however, I have finals coming up in about a week, and I MUST have this system running securely before that time. If I can't get this resolved before Nov 30th, I'm most likely going to have to reformat in preparation for my classes resuming on Dec 1st.
For your consideration I have included a HJT log with everything asked for on the prep forum, since I see many of your users being asked to do so and I hope this will save a little time.
DDS (Ver_09-11-24.02) - NTFSx86
Run by Joel at 1:16:47.31 on Wed 11/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.1875 [GMT -6:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G35\G35.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
D:\HBCD\WinTools\Autorun.exe
C:\DOCUME~1\Joel\LOCALS~1\Temp\RootkitRevealer.exe
C:\DOCUME~1\Joel\LOCALS~1\Temp\DYYMWJ.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Documents and Settings\Joel\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\ntunecmd.exe" boot "c:\documents and settings\joel\local settings\application data\nvidia corporation\ntune\profiles\osbootpf.nsu"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Launch LCDMon] "c:\program files\logitech\g-series software\LCDMon.exe"
mRun: [Logitech G35] c:\program files\logitech\g35\G35.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212960111686
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213051158827
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\joel\applic~1\mozilla\firefox\profiles\25cwr6fl.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;c:\docume~1\joel\locals~1\temp\superantispyware\SASDIFSV.SYS [2009-11-21 9968]
R1 SASKUTIL;SASKUTIL;c:\docume~1\joel\locals~1\temp\superantispyware\SASKUTIL.sys [2009-11-21 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-11-24 142592]
R2 HMuKstE8;Kensington SlimBlade Trackball USB HID Device Filter Driver;c:\windows\system32\drivers\HMuKstE8.sys [2009-7-8 38024]
R3 DYYMWJ;DYYMWJ;c:\docume~1\joel\locals~1\temp\DYYMWJ.exe [2009-11-24 588672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-30 102448]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [2009-7-30 53520]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [2009-7-30 334992]
S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\cm108.sys --> c:\windows\system32\drivers\CM108.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\dragon age\bin_ship\daupdatersvc.service.exe --> e:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 SASENUM;SASENUM;c:\docume~1\joel\locals~1\temp\superantispyware\SASENUM.SYS [2009-11-21 7408]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
=============== Created Last 30 ================
2009-11-24 06:50:36 0 d-----w- c:\docume~1\joel\applic~1\.clamwin
2009-11-24 06:50:30 0 d-----w- c:\program files\ClamWin
2009-11-24 06:50:30 0 d-----w- c:\documents and settings\all users\.clamwin
2009-11-24 06:32:00 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-11-24 06:31:59 0 d-----w- c:\docume~1\joel\applic~1\Spyware Terminator
2009-11-24 06:31:58 0 d-----w- c:\program files\Spyware Terminator
2009-11-24 06:31:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2009-11-24 06:09:06 0 d-----w- c:\program files\Rundll Errors Fix Wizard
2009-11-23 09:30:09 0 d-----w- c:\program files\CCleaner
2009-11-23 08:22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-23 08:22:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-23 08:22:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-23 08:03:10 0 d-----w- c:\program files\COD4 Backup
2009-11-23 06:07:35 244 ---ha-w- C:\sqmnoopt01.sqm
2009-11-23 06:07:35 232 ---ha-w- C:\sqmdata01.sqm
2009-11-22 02:39:36 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-22 02:39:33 0 d-----w- c:\docume~1\joel\applic~1\SUPERAntiSpyware.com
2009-11-22 02:06:09 164896 ----a-w- c:\windows\system32\drivers\nvgts.sys
2009-11-22 02:06:08 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-22 02:06:08 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-22 02:06:08 63360 ----a-w- c:\windows\system32\drivers\jraid.sys
2009-11-22 02:05:12 77312 ----a-w- c:\windows\MBR.exe
2009-11-22 02:05:11 98816 ----a-w- c:\windows\sed.exe
2009-11-22 02:05:11 260608 ----a-w- c:\windows\PEV.exe
2009-11-22 02:05:11 161792 ----a-w- c:\windows\SWREG.exe
2009-11-22 02:05:06 0 d-----w- C:\ComboFix
2009-11-22 01:46:38 0 d-----w- c:\docume~1\joel\applic~1\Malwarebytes
2009-11-22 01:46:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-21 06:11:41 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-21 06:11:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-14 06:32:32 0 d-----w- c:\docume~1\alluse~1\applic~1\BioWare
2009-11-14 06:13:48 0 d-----w- c:\program files\common files\BioWare
2009-11-14 06:08:27 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-11-14 06:08:18 0 d-----w- c:\program files\DAEMON Tools Toolbar
2009-11-14 06:08:15 0 d-----w- c:\program files\DAEMON Tools Lite
2009-11-14 06:04:29 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-14 06:04:23 0 d-----w- c:\docume~1\joel\applic~1\DAEMON Tools Lite
2009-11-04 02:47:48 701440 ----a-w- c:\windows\system32\cohelper.dll
2009-11-04 02:47:47 6789 ----a-w- c:\windows\system32\nvnrm.nvu
2009-11-04 02:47:47 485920 ----a-w- c:\windows\system32\nvunrm.exe
2009-10-30 03:46:02 0 d-----w- c:\program files\iPod
2009-10-30 03:45:58 0 d-----w- c:\program files\iTunes
==================== Find3M ====================
2009-11-09 05:25:18 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-09 00:25:18 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-28 00:20:04 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-28 00:20:00 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-28 00:19:52 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-28 00:19:50 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-28 00:19:48 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-28 00:19:48 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-28 00:19:48 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-28 00:19:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-28 00:19:46 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-28 00:19:46 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-28 00:19:46 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-28 00:19:46 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-28 00:19:40 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 22:12:22 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 22:12:22 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 22:12:22 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 22:12:22 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 22:12:22 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 22:12:22 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 22:12:22 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 22:12:22 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 22:12:22 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 22:12:22 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 22:12:22 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-24 15:24:18 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 23:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 23:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 23:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 23:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 23:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 23:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 23:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 23:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2008-06-10 01:06:02 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008060220080609\index.dat
2008-06-10 01:06:02 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008060920080610\index.dat
============= FINISH: 1:17:01.03 ===============
And the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:10 PM, on 11/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G35\G35.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Documents and Settings\Joel\Desktop\RootRepeal.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\Joel\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212960111686
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213051158827
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - E:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
--
End of file - 9092 bytes