Jump to content

csunday

Members
  • Posts

    2
  • Joined

  • Last visited

Everything posted by csunday

  1. I restarted the machine and reran ComboFix...Here is the log. Do I need to run anything else? I couldn't figure out how to disable spyware doctor... ComboFix 09-11-04.02 - Joe Kirsits 11/05/2009 9:29.2.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2791 [GMT -7:00] Running from: c:\documents and settings\Joe Kirsits\Desktop\ComboFix.exe AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\TEMP\logishrd\LVPrcInj01.dll . ---- Previous Run ------- . c:\documents and settings\All Users\Microsoft AData\sysnet.dll c:\documents and settings\All Users\Microsoft AData\t.sid c:\documents and settings\Joe Kirsits\Desktop\Personal Guard 2009.lnk c:\documents and settings\Joe Kirsits\Start Menu\Programs\Personal Guard 2009\Personal Guard 2009.lnk c:\documents and settings\Joe Kirsits\Start Menu\Programs\Personal Guard 2009\Uninstall.lnk c:\program files\Personal Guard 2009\config.scf c:\program files\Personal Guard 2009\mmbase.sdb c:\program files\Personal Guard 2009\personalguard.exe c:\program files\Personal Guard 2009\q.sdb c:\program files\Personal Guard 2009\uninstalls.exe c:\program files\Personal Guard 2009\vvbase.sdb c:\windows\microsoftdef.dll c:\windows\system32\a9k.bin c:\windows\system32\biserano.exe c:\windows\system32\dogubina.exe c:\windows\system32\dozilibe.dll c:\windows\system32\feresefa.dll c:\windows\system32\jaguvonu.dll c:\windows\system32\jigefuwi.exe c:\windows\system32\kataliwo.dll c:\windows\system32\kibemole.dll c:\windows\system32\kinotige.dll c:\windows\system32\kudavori.dll c:\windows\system32\logon.exe c:\windows\system32\roledufe.exe c:\windows\system32\tatokalo.exe c:\windows\system32\telemize.exe c:\windows\system32\tonasuta.dll c:\windows\system32\twain32\local.ds c:\windows\system32\twain32\user.ds c:\windows\system32\veyesera.dll c:\windows\system32\vuhodoji.dll c:\windows\system32\wapoyali.dll c:\windows\system32\yopogeli.dll c:\windows\TEMP\logishrd\LVPrcInj07.dll -- Previous Run -- Infected copy of c:\windows\system32\drivers\aec.sys was found and disinfected Restored copy from - c:\windows\system32\dllcache\aec.sys c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\system32\dllcache\proquota.exe -------- . ((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 ))))))))))))))))))))))))))))))) . 2009-11-04 21:20 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2009-11-04 21:14 . 2009-11-04 21:14 380416 ----a-w- c:\windows\system32\winsc.exe 2009-11-04 20:51 . 2009-11-04 20:51 -------- d-----w- c:\program files\Trend Micro 2009-11-04 19:59 . 2007-10-23 16:27 110592 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\U3\temp\cleanup.exe 2009-11-04 19:58 . 2008-05-02 17:41 3493888 ---ha-w- c:\documents and settings\Joe Kirsits\Application Data\U3\temp\Launchpad Removal.exe 2009-11-04 19:58 . 2009-11-04 21:03 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\U3 2009-11-04 19:50 . 2009-11-04 19:50 -------- d--h--w- c:\windows\PIF 2009-11-04 05:37 . 2009-11-04 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-04 03:39 . 2009-11-04 03:39 -------- d-----w- c:\documents and settings\Joe Kirsits\Local Settings\Application Data\Threat Expert 2009-11-04 03:25 . 2009-10-08 20:14 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys 2009-11-04 03:25 . 2009-10-08 20:14 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys 2009-11-04 03:20 . 2009-11-04 03:20 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\PC Tools 2009-11-04 02:58 . 2009-11-04 21:00 51197 ----a-w- c:\windows\spoov.exe 2009-11-04 02:58 . 2009-11-04 21:00 47872 ----a-w- c:\windows\certsystem.exe 2009-11-04 02:58 . 2009-11-04 21:00 38352 ----a-w- c:\windows\regred.exe 2009-11-04 02:58 . 2009-11-04 21:00 33149 ----a-w- c:\windows\usexplorer.exe 2009-11-04 02:58 . 2009-11-04 21:00 28320 ----a-w- c:\windows\securits.com 2009-11-03 21:26 . 2009-11-03 21:26 152576 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-03 00:34 . 2009-11-03 00:34 -------- d-----w- c:\program files\Common Files\Logitech 2009-11-03 00:32 . 2009-11-03 00:32 -------- d-----w- c:\documents and settings\Joe Kirsits\Local Settings\Application Data\Downloaded Installations 2009-11-02 23:47 . 2009-04-21 05:12 149768 ----a-w- c:\windows\system32\drivers\wpshelper.sys 2009-11-02 23:46 . 2009-09-18 01:38 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys 2009-11-02 23:45 . 2009-11-02 23:45 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-11-02 23:45 . 2009-11-02 23:45 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-11-02 23:45 . 2006-05-16 19:58 2584848 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\WindowsInstaller-KB893803-x86.exe 2009-11-02 23:45 . 2009-09-18 08:54 300432 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\Setup.exe 2009-11-02 23:45 . 2009-09-18 01:27 669000 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\smcinst.exe 2009-11-02 23:45 . 2009-07-16 09:21 3557096 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\LUSETUP.EXE 2009-11-02 23:45 . 2009-07-16 09:21 927096 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\LuCheck.exe 2009-11-01 20:58 . 2009-10-11 11:17 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-01 20:58 . 2009-11-01 20:58 152576 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-11-01 20:51 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2009-11-01 20:51 . 2001-08-18 05:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-11-01 20:51 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll 2009-11-01 20:49 . 2001-08-17 19:13 16925 ----a-w- c:\windows\system32\dllcache\w940nd.sys 2009-11-01 20:48 . 2001-08-17 20:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys 2009-11-01 20:47 . 2004-08-04 09:00 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys 2009-11-01 20:46 . 2001-08-17 19:51 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys 2009-11-01 20:45 . 2001-08-17 19:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys 2009-11-01 20:44 . 2001-08-17 19:50 41216 ----a-w- c:\windows\system32\dllcache\s3mt3d.sys 2009-11-01 20:43 . 2008-04-14 00:12 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll 2009-11-01 20:42 . 2001-08-17 21:05 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys 2009-11-01 20:41 . 2001-08-18 05:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll 2009-11-01 20:40 . 2001-08-17 19:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys 2009-11-01 20:39 . 2001-08-17 20:28 797500 ----a-w- c:\windows\system32\dllcache\ltsmt.sys 2009-11-01 20:38 . 2004-08-04 09:00 59904 ----a-w- c:\windows\system32\dllcache\imkrinst.exe 2009-11-01 20:37 . 2001-08-17 20:28 67167 ----a-w- c:\windows\system32\dllcache\hsf_bsc2.sys 2009-11-01 20:36 . 2001-08-17 19:13 27165 ----a-w- c:\windows\system32\dllcache\fetnd5.sys 2009-11-01 20:35 . 2004-08-04 09:00 514587 ----a-w- c:\windows\system32\dllcache\edb500.dll 2009-11-01 20:34 . 2004-08-04 09:00 56320 ----a-w- c:\windows\system32\dllcache\convlog.exe 2009-11-01 20:33 . 2001-08-17 20:49 26624 ----a-w- c:\windows\system32\dllcache\alifir.sys 2009-11-01 20:31 . 2004-08-04 09:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll 2009-11-01 20:31 . 2001-08-17 21:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll 2009-11-01 20:31 . 2004-08-04 09:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe 2009-11-01 20:31 . 2004-08-04 09:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll 2009-11-01 20:31 . 2004-08-04 09:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll 2009-11-01 20:31 . 2004-08-04 09:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll 2009-11-01 20:31 . 2004-08-04 09:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll 2009-11-01 20:31 . 2004-08-04 09:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe 2009-10-30 23:58 . 2009-11-05 16:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-30 23:57 . 2009-11-04 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-10-30 23:36 . 2009-10-30 23:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-10-22 06:59 . 2009-10-22 06:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2009-10-22 06:59 . 2009-10-22 06:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache 2009-10-17 03:00 . 2009-10-17 03:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-10-10 16:49 . 2009-10-10 16:49 127872 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Move Networks\uninstall.exe 2009-10-10 16:49 . 2009-10-10 16:51 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\Move Networks 2009-10-07 06:54 . 2009-10-07 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-10-07 06:53 . 2009-10-07 06:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-10-07 04:47 . 2009-10-07 04:47 -------- d-----w- c:\windows\system32\scripting 2009-10-07 04:47 . 2009-10-07 04:47 -------- d-----w- c:\windows\l2schemas 2009-10-07 04:47 . 2009-10-07 04:47 -------- d-----w- c:\windows\system32\en 2009-10-07 04:47 . 2009-10-07 04:47 -------- d-----w- c:\windows\system32\bits 2009-10-07 04:36 . 2009-10-07 04:36 -------- d-sh--w- c:\documents and settings\Joe Kirsits\IECompatCache 2009-10-07 04:34 . 2009-10-07 04:34 -------- d-sh--w- c:\documents and settings\Joe Kirsits\PrivacIE 2009-10-07 04:32 . 2009-10-07 04:32 -------- d-sh--w- c:\documents and settings\Joe Kirsits\IETldCache 2009-10-07 04:31 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-10-07 04:31 . 2009-10-07 04:31 -------- d-----w- c:\windows\ie8updates 2009-10-07 04:30 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-10-07 04:30 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-10-07 04:30 . 2009-10-07 04:30 -------- dc-h--w- c:\windows\ie8 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-04 20:59 . 2009-11-04 03:20 -------- d-----w- c:\program files\Spyware Doctor 2009-11-04 17:14 . 2008-12-03 16:48 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\Skype 2009-11-04 17:10 . 2007-10-10 19:01 5776 ----a-w- c:\windows\system32\drivers\ADIHdAud.sys 2009-11-04 15:59 . 2008-12-03 16:51 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\skypePM 2009-11-04 03:25 . 2009-11-04 03:20 -------- d-----w- c:\program files\Common Files\PC Tools 2009-11-03 21:27 . 2007-10-10 19:14 -------- d-----w- c:\program files\Java 2009-11-02 23:47 . 2007-10-23 17:04 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-11-02 23:47 . 2007-10-23 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-11-02 23:45 . 2007-10-23 17:04 -------- d-----w- c:\program files\Symantec 2009-11-02 23:45 . 2009-11-02 23:45 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-11-02 23:45 . 2009-11-02 23:45 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-10-10 16:49 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Move Networks\plugins\npqmp071503000010.dll 2009-10-08 20:14 . 2009-11-04 03:25 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys 2009-10-08 18:31 . 2009-11-04 03:24 149456 ----a-w- c:\windows\SGDetectionTool.dll 2009-10-08 18:31 . 2009-11-04 03:24 165840 ----a-w- c:\windows\PCTBDRes.dll 2009-10-08 18:31 . 2009-11-04 03:24 1636304 ----a-w- c:\windows\PCTBDCore.dll 2009-10-08 18:31 . 2009-11-04 03:24 767952 ----a-w- c:\windows\BDTSupport.dll 2009-10-07 06:57 . 2007-10-10 19:20 96624 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-07 04:49 . 2004-08-11 21:14 87699 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-10-06 23:31 . 2009-11-04 03:21 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-10-02 21:19 . 2009-11-04 03:24 1152470 ----a-w- c:\windows\UDB.zip 2009-09-24 15:55 . 2009-11-04 03:21 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-09-23 23:10 . 2009-11-04 03:21 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-09-18 01:31 . 2009-09-18 01:31 42312 ----a-w- c:\windows\system32\drivers\WPSDRVnt.sys 2009-09-18 01:30 . 2009-09-18 01:30 357704 ----a-w- c:\windows\system32\sysfer.dll 2009-09-18 01:30 . 2009-09-18 01:30 107848 ----a-w- c:\windows\system32\SymVPN.dll 2009-09-18 01:28 . 2009-09-18 01:28 87368 ----a-w- c:\windows\system32\FwsVpn.dll 2009-09-16 10:20 . 2009-10-31 20:13 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-09-15 13:20 . 2009-11-04 03:21 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat 2009-09-15 09:12 . 2009-11-04 03:21 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat 2009-09-15 08:01 . 2009-11-04 03:21 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat 2009-09-11 14:18 . 2004-08-11 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-09 04:53 . 2009-09-09 04:52 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\W Photo Studio 2009-09-09 04:52 . 2009-09-09 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Walgreens 2009-09-09 04:52 . 2007-10-28 03:48 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\Walgreens 2009-09-09 04:52 . 2009-09-09 04:52 -------- d-----w- c:\program files\Common Files\HP 2009-09-09 04:52 . 2009-09-09 04:52 -------- d-----w- c:\program files\Walgreens 2009-09-09 04:52 . 2008-05-08 03:40 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\W Photo Studio Viewer 2009-09-08 16:17 . 2008-03-03 02:51 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-09-08 16:16 . 2008-03-03 02:51 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2009-09-04 21:03 . 2004-08-11 21:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-03 23:17 . 2009-09-03 23:17 625032 ----a-w- c:\windows\system32\SymNeti.dll 2009-09-03 23:16 . 2009-09-03 23:16 242056 ----a-w- c:\windows\system32\SymRedir.dll 2009-09-03 23:03 . 2009-09-03 23:03 38448 ----a-w- c:\windows\system32\drivers\symndisv.sys 2009-09-03 23:03 . 2009-09-03 23:03 39856 ----a-w- c:\windows\system32\drivers\symids.sys 2009-09-03 23:03 . 2009-09-03 23:03 35120 ----a-w- c:\windows\system32\drivers\symndis.sys 2009-09-03 23:03 . 2009-09-03 23:03 26416 ----a-w- c:\windows\system32\drivers\symredrv.sys 2009-09-03 23:03 . 2009-09-03 23:03 188080 ----a-w- c:\windows\system32\drivers\symtdi.sys 2009-09-03 23:03 . 2009-09-03 23:03 145968 ----a-w- c:\windows\system32\drivers\symfw.sys 2009-09-03 23:03 . 2009-09-03 23:03 12720 ----a-w- c:\windows\system32\drivers\symdns.sys 2009-09-03 16:45 . 2009-11-04 03:21 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-09-03 05:22 . 2009-09-03 05:22 1961720 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-08-29 08:08 . 2004-08-11 21:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2004-08-11 21:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-26 03:05 . 2009-08-26 03:05 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys 2009-08-26 03:05 . 2009-08-26 03:05 320560 ----a-w- c:\windows\system32\drivers\srtspl.sys 2009-08-26 03:05 . 2009-08-26 03:05 281648 ----a-w- c:\windows\system32\drivers\srtsp.sys 2009-08-15 00:04 . 2009-08-15 00:04 239088 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Mozilla\plugins\npgoogletalk.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216] [HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}] [HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}] [HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216] [HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}] [HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}] [HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312] "Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-28 162328] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-28 137752] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-10 227328] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] c:\documents and settings\Joe Kirsits\Start Menu\Programs\Startup\ DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848] Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-27 368640] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-10-23 25214] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Joe Kirsits\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Joe Kirsits\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\uSirius\\uSirius.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe"= "c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"= "c:\\Program Files\\Common Files\\LogiShrd\\LQCVFX\\COCIManager.exe"= "c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"= "c:\\Program Files\\iPod\\bin\\iPodService.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/3/2009 8:21 PM 207280] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/3/2009 8:25 PM 51984] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/3/2009 8:25 PM 59664] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/3/2009 8:21 PM 229304] R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [1/23/2007 12:58 AM 133968] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/3/2009 8:24 PM 112592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/2/2009 4:46 PM 102448] S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [1/23/2007 12:45 AM 42832] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888] S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/3/2009 8:21 PM 70408] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/3/2009 8:20 PM 358600] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/3/2009 8:25 PM 33552] S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?] --- Other Services/Drivers In Memory --- *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57] 2009-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3666018106-4025043593-1585384227-1005Core.job - c:\documents and settings\Joe Kirsits\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-03 00:10] 2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3666018106-4025043593-1585384227-1005UA.job - c:\documents and settings\Joe Kirsits\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-03 00:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . - - - - ORPHANS REMOVED - - - - BHO-{b869605e-4aeb-4d9c-a98d-777049ac8ba6} - jaguvonu.dll HKLM-Run-hemofesase - wapoyali.dll SharedTaskScheduler-{1b882e46-4bd2-43ed-90db-8414f64ca72d} - (no file) SSODL-tuvudevuh-{1b882e46-4bd2-43ed-90db-8414f64ca72d} - (no file) SSODL-SysNet-{1E6818E2-FE1C-46FB-8D79-88F244D87DA7} - c:\documents and settings\All Users\Microsoft AData\sysnet.dll Notify-NavLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-05 09:38 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,23,50,0a,5b,b5,ab,40,92,5e,03,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,23,50,0a,5b,b5,ab,40,92,5e,03,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(892) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(948) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll - - - - - - - > 'explorer.exe'(2280) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\system32\wdfmgr.exe c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\program files\ATI Technologies\ATI.ACE\cli.exe c:\program files\ATI Technologies\ATI.ACE\cli.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-11-05 9:44 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-05 16:44 Pre-Run: 117,854,744,576 bytes free Post-Run: 117,808,893,952 bytes free
  2. I have a machine that has been infected with Personal Guard 2009. I have dowloaded and stared to run the ComboFix Tool. At the end of its process, it indicated that it needed to reboot, and to allow combo fix to do this. There were 3 pop ups for programs that couldn't start because the system was shutting down. Now it is stalled at the "Windows is Shutting Down... " screen. Can I force the shutdown? Will ComboFix finish? This is the HijackThis Logfile. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:03:22 PM, on 11/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Logitech\Logitech Vid\vid.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Southwest Airlines\Ding\Ding.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Spyware Doctor\TFEngine\TFService.exe C:\WINDOWS\system32\igfxsrvc.exe D:\I386\winnt32.exe C:\Documents and Settings\Joe Kirsits\Application Data\U3\3515100CC5439427\LaunchPad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071010 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071010 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: Shell=Explorer.exe logon.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {b869605e-4aeb-4d9c-a98d-777049ac8ba6} - jaguvonu.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [hemofesase] Rundll32.exe "wapoyali.dll",s O4 - HKLM\..\Run: [personalguard] C:\Program Files\Personal Guard 2009\personalguard.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\yirejame.dll,kinotige.dll O21 - SSODL: tuvudevuh - {1b882e46-4bd2-43ed-90db-8414f64ca72d} - (no file) O21 - SSODL: SysNet - {1E6818E2-FE1C-46FB-8D79-88F244D87DA7} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll O22 - SharedTaskScheduler: kupuhivus - {1b882e46-4bd2-43ed-90db-8414f64ca72d} - (no file) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- End of file - 13592 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.