Jump to content

Personal Guard 2009

csunday

By csunday
in Resolved Malware Removal Logs

 Share

Recommended Posts

csunday

csunday

Posted
Posted

I have a machine that has been infected with Personal Guard 2009.

I have dowloaded and stared to run the ComboFix Tool.

At the end of its process, it indicated that it needed to reboot, and to allow combo fix to do this.

There were 3 pop ups for programs that couldn't start because the system was shutting down. Now it is stalled at the "Windows is Shutting Down... " screen.

Can I force the shutdown? Will ComboFix finish?

This is the HijackThis Logfile.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:03:22 PM, on 11/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Logitech\Logitech Vid\vid.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Southwest Airlines\Ding\Ding.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

C:\WINDOWS\system32\igfxsrvc.exe

D:\I386\winnt32.exe

C:\Documents and Settings\Joe Kirsits\Application Data\U3\3515100CC5439427\LaunchPad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071010

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071010

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: Shell=Explorer.exe logon.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {b869605e-4aeb-4d9c-a98d-777049ac8ba6} - jaguvonu.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [hemofesase] Rundll32.exe "wapoyali.dll",s

O4 - HKLM\..\Run: [personalguard] C:\Program Files\Personal Guard 2009\personalguard.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\yirejame.dll,kinotige.dll

O21 - SSODL: tuvudevuh - {1b882e46-4bd2-43ed-90db-8414f64ca72d} - (no file)

O21 - SSODL: SysNet - {1E6818E2-FE1C-46FB-8D79-88F244D87DA7} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll

O22 - SharedTaskScheduler: kupuhivus - {1b882e46-4bd2-43ed-90db-8414f64ca72d} - (no file)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

--

End of file - 13592 bytes

Link to post
Share on other sites
csunday

csunday

Posted
  • Author
Posted

I restarted the machine and reran ComboFix...Here is the log.

Do I need to run anything else? I couldn't figure out how to disable spyware doctor...

ComboFix 09-11-04.02 - Joe Kirsits 11/05/2009 9:29.2.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2791 [GMT -7:00]

Running from: c:\documents and settings\Joe Kirsits\Desktop\ComboFix.exe

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

---- Previous Run -------

.

c:\documents and settings\All Users\Microsoft AData\sysnet.dll

c:\documents and settings\All Users\Microsoft AData\t.sid

c:\documents and settings\Joe Kirsits\Desktop\Personal Guard 2009.lnk

c:\documents and settings\Joe Kirsits\Start Menu\Programs\Personal Guard 2009\Personal Guard 2009.lnk

c:\documents and settings\Joe Kirsits\Start Menu\Programs\Personal Guard 2009\Uninstall.lnk

c:\program files\Personal Guard 2009\config.scf

c:\program files\Personal Guard 2009\mmbase.sdb

c:\program files\Personal Guard 2009\personalguard.exe

c:\program files\Personal Guard 2009\q.sdb

c:\program files\Personal Guard 2009\uninstalls.exe

c:\program files\Personal Guard 2009\vvbase.sdb

c:\windows\microsoftdef.dll

c:\windows\system32\a9k.bin

c:\windows\system32\biserano.exe

c:\windows\system32\dogubina.exe

c:\windows\system32\dozilibe.dll

c:\windows\system32\feresefa.dll

c:\windows\system32\jaguvonu.dll

c:\windows\system32\jigefuwi.exe

c:\windows\system32\kataliwo.dll

c:\windows\system32\kibemole.dll

c:\windows\system32\kinotige.dll

c:\windows\system32\kudavori.dll

c:\windows\system32\logon.exe

c:\windows\system32\roledufe.exe

c:\windows\system32\tatokalo.exe

c:\windows\system32\telemize.exe

c:\windows\system32\tonasuta.dll

c:\windows\system32\twain32\local.ds

c:\windows\system32\twain32\user.ds

c:\windows\system32\veyesera.dll

c:\windows\system32\vuhodoji.dll

c:\windows\system32\wapoyali.dll

c:\windows\system32\yopogeli.dll

c:\windows\TEMP\logishrd\LVPrcInj07.dll

-- Previous Run --

Infected copy of c:\windows\system32\drivers\aec.sys was found and disinfected

Restored copy from - c:\windows\system32\dllcache\aec.sys

c:\windows\system32\proquota.exe was missing

Restored copy from - c:\windows\system32\dllcache\proquota.exe

--------

.

((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))

.

2009-11-04 21:20 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe

2009-11-04 21:14 . 2009-11-04 21:14 380416 ----a-w- c:\windows\system32\winsc.exe

2009-11-04 20:51 . 2009-11-04 20:51 -------- d-----w- c:\program files\Trend Micro

2009-11-04 19:59 . 2007-10-23 16:27 110592 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\U3\temp\cleanup.exe

2009-11-04 19:58 . 2008-05-02 17:41 3493888 ---ha-w- c:\documents and settings\Joe Kirsits\Application Data\U3\temp\Launchpad Removal.exe

2009-11-04 19:58 . 2009-11-04 21:03 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\U3

2009-11-04 19:50 . 2009-11-04 19:50 -------- d--h--w- c:\windows\PIF

2009-11-04 05:37 . 2009-11-04 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-04 03:39 . 2009-11-04 03:39 -------- d-----w- c:\documents and settings\Joe Kirsits\Local Settings\Application Data\Threat Expert

2009-11-04 03:25 . 2009-10-08 20:14 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2009-11-04 03:25 . 2009-10-08 20:14 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2009-11-04 03:20 . 2009-11-04 03:20 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\PC Tools

2009-11-04 02:58 . 2009-11-04 21:00 51197 ----a-w- c:\windows\spoov.exe

2009-11-04 02:58 . 2009-11-04 21:00 47872 ----a-w- c:\windows\certsystem.exe

2009-11-04 02:58 . 2009-11-04 21:00 38352 ----a-w- c:\windows\regred.exe

2009-11-04 02:58 . 2009-11-04 21:00 33149 ----a-w- c:\windows\usexplorer.exe

2009-11-04 02:58 . 2009-11-04 21:00 28320 ----a-w- c:\windows\securits.com

2009-11-03 21:26 . 2009-11-03 21:26 152576 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-03 00:34 . 2009-11-03 00:34 -------- d-----w- c:\program files\Common Files\Logitech

2009-11-03 00:32 . 2009-11-03 00:32 -------- d-----w- c:\documents and settings\Joe Kirsits\Local Settings\Application Data\Downloaded Installations

2009-11-02 23:47 . 2009-04-21 05:12 149768 ----a-w- c:\windows\system32\drivers\wpshelper.sys

2009-11-02 23:46 . 2009-09-18 01:38 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys

2009-11-02 23:45 . 2009-11-02 23:45 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2009-11-02 23:45 . 2009-11-02 23:45 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-11-02 23:45 . 2006-05-16 19:58 2584848 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\WindowsInstaller-KB893803-x86.exe

2009-11-02 23:45 . 2009-09-18 08:54 300432 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\Setup.exe

2009-11-02 23:45 . 2009-09-18 01:27 669000 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\smcinst.exe

2009-11-02 23:45 . 2009-07-16 09:21 3557096 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\LUSETUP.EXE

2009-11-02 23:45 . 2009-07-16 09:21 927096 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\LuCheck.exe

2009-11-01 20:58 . 2009-10-11 11:17 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-11-01 20:58 . 2009-11-01 20:58 152576 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-11-01 20:51 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2009-11-01 20:51 . 2001-08-18 05:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2009-11-01 20:51 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2009-11-01 20:49 . 2001-08-17 19:13 16925 ----a-w- c:\windows\system32\dllcache\w940nd.sys

2009-11-01 20:48 . 2001-08-17 20:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys

2009-11-01 20:47 . 2004-08-04 09:00 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys

2009-11-01 20:46 . 2001-08-17 19:51 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys

2009-11-01 20:45 . 2001-08-17 19:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys

2009-11-01 20:44 . 2001-08-17 19:50 41216 ----a-w- c:\windows\system32\dllcache\s3mt3d.sys

2009-11-01 20:43 . 2008-04-14 00:12 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll

2009-11-01 20:42 . 2001-08-17 21:05 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys

2009-11-01 20:41 . 2001-08-18 05:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll

2009-11-01 20:40 . 2001-08-17 19:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys

2009-11-01 20:39 . 2001-08-17 20:28 797500 ----a-w- c:\windows\system32\dllcache\ltsmt.sys

2009-11-01 20:38 . 2004-08-04 09:00 59904 ----a-w- c:\windows\system32\dllcache\imkrinst.exe

2009-11-01 20:37 . 2001-08-17 20:28 67167 ----a-w- c:\windows\system32\dllcache\hsf_bsc2.sys

2009-11-01 20:36 . 2001-08-17 19:13 27165 ----a-w- c:\windows\system32\dllcache\fetnd5.sys

2009-11-01 20:35 . 2004-08-04 09:00 514587 ----a-w- c:\windows\system32\dllcache\edb500.dll

2009-11-01 20:34 . 2004-08-04 09:00 56320 ----a-w- c:\windows\system32\dllcache\convlog.exe

2009-11-01 20:33 . 2001-08-17 20:49 26624 ----a-w- c:\windows\system32\dllcache\alifir.sys

2009-11-01 20:31 . 2004-08-04 09:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll

2009-11-01 20:31 . 2001-08-17 21:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2009-11-01 20:31 . 2004-08-04 09:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe

2009-11-01 20:31 . 2004-08-04 09:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll

2009-11-01 20:31 . 2004-08-04 09:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll

2009-11-01 20:31 . 2004-08-04 09:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll

2009-11-01 20:31 . 2004-08-04 09:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll

2009-11-01 20:31 . 2004-08-04 09:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe

2009-10-30 23:58 . 2009-11-05 16:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-10-30 23:57 . 2009-11-04 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-10-30 23:36 . 2009-10-30 23:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-10-22 06:59 . 2009-10-22 06:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

2009-10-22 06:59 . 2009-10-22 06:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache

2009-10-17 03:00 . 2009-10-17 03:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-10-10 16:49 . 2009-10-10 16:49 127872 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Move Networks\uninstall.exe

2009-10-10 16:49 . 2009-10-10 16:51 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\Move Networks

2009-10-07 06:54 . 2009-10-07 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-10-07 06:53 . 2009-10-07 06:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-10-07 04:47 . 2009-10-07 04:47 -------- d-----w- c:\windows\system32\scripting

2009-10-07 04:47 . 2009-10-07 04:47 -------- d-----w- c:\windows\l2schemas

2009-10-07 04:47 . 2009-10-07 04:47 -------- d-----w- c:\windows\system32\en

2009-10-07 04:47 . 2009-10-07 04:47 -------- d-----w- c:\windows\system32\bits

2009-10-07 04:36 . 2009-10-07 04:36 -------- d-sh--w- c:\documents and settings\Joe Kirsits\IECompatCache

2009-10-07 04:34 . 2009-10-07 04:34 -------- d-sh--w- c:\documents and settings\Joe Kirsits\PrivacIE

2009-10-07 04:32 . 2009-10-07 04:32 -------- d-sh--w- c:\documents and settings\Joe Kirsits\IETldCache

2009-10-07 04:31 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll

2009-10-07 04:31 . 2009-10-07 04:31 -------- d-----w- c:\windows\ie8updates

2009-10-07 04:30 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2009-10-07 04:30 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2009-10-07 04:30 . 2009-10-07 04:30 -------- dc-h--w- c:\windows\ie8

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-04 20:59 . 2009-11-04 03:20 -------- d-----w- c:\program files\Spyware Doctor

2009-11-04 17:14 . 2008-12-03 16:48 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\Skype

2009-11-04 17:10 . 2007-10-10 19:01 5776 ----a-w- c:\windows\system32\drivers\ADIHdAud.sys

2009-11-04 15:59 . 2008-12-03 16:51 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\skypePM

2009-11-04 03:25 . 2009-11-04 03:20 -------- d-----w- c:\program files\Common Files\PC Tools

2009-11-03 21:27 . 2007-10-10 19:14 -------- d-----w- c:\program files\Java

2009-11-02 23:47 . 2007-10-23 17:04 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-11-02 23:47 . 2007-10-23 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-11-02 23:45 . 2007-10-23 17:04 -------- d-----w- c:\program files\Symantec

2009-11-02 23:45 . 2009-11-02 23:45 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2009-11-02 23:45 . 2009-11-02 23:45 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2009-10-10 16:49 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Move Networks\plugins\npqmp071503000010.dll

2009-10-08 20:14 . 2009-11-04 03:25 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2009-10-08 18:31 . 2009-11-04 03:24 149456 ----a-w- c:\windows\SGDetectionTool.dll

2009-10-08 18:31 . 2009-11-04 03:24 165840 ----a-w- c:\windows\PCTBDRes.dll

2009-10-08 18:31 . 2009-11-04 03:24 1636304 ----a-w- c:\windows\PCTBDCore.dll

2009-10-08 18:31 . 2009-11-04 03:24 767952 ----a-w- c:\windows\BDTSupport.dll

2009-10-07 06:57 . 2007-10-10 19:20 96624 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-07 04:49 . 2004-08-11 21:14 87699 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-10-06 23:31 . 2009-11-04 03:21 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-10-02 21:19 . 2009-11-04 03:24 1152470 ----a-w- c:\windows\UDB.zip

2009-09-24 15:55 . 2009-11-04 03:21 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-09-23 23:10 . 2009-11-04 03:21 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-09-18 01:31 . 2009-09-18 01:31 42312 ----a-w- c:\windows\system32\drivers\WPSDRVnt.sys

2009-09-18 01:30 . 2009-09-18 01:30 357704 ----a-w- c:\windows\system32\sysfer.dll

2009-09-18 01:30 . 2009-09-18 01:30 107848 ----a-w- c:\windows\system32\SymVPN.dll

2009-09-18 01:28 . 2009-09-18 01:28 87368 ----a-w- c:\windows\system32\FwsVpn.dll

2009-09-16 10:20 . 2009-10-31 20:13 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat

2009-09-15 13:20 . 2009-11-04 03:21 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat

2009-09-15 09:12 . 2009-11-04 03:21 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat

2009-09-15 08:01 . 2009-11-04 03:21 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat

2009-09-11 14:18 . 2004-08-11 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-09 04:53 . 2009-09-09 04:52 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\W Photo Studio

2009-09-09 04:52 . 2009-09-09 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Walgreens

2009-09-09 04:52 . 2007-10-28 03:48 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\Walgreens

2009-09-09 04:52 . 2009-09-09 04:52 -------- d-----w- c:\program files\Common Files\HP

2009-09-09 04:52 . 2009-09-09 04:52 -------- d-----w- c:\program files\Walgreens

2009-09-09 04:52 . 2008-05-08 03:40 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\W Photo Studio Viewer

2009-09-08 16:17 . 2008-03-03 02:51 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2009-09-08 16:16 . 2008-03-03 02:51 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2009-09-04 21:03 . 2004-08-11 21:00 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-09-03 23:17 . 2009-09-03 23:17 625032 ----a-w- c:\windows\system32\SymNeti.dll

2009-09-03 23:16 . 2009-09-03 23:16 242056 ----a-w- c:\windows\system32\SymRedir.dll

2009-09-03 23:03 . 2009-09-03 23:03 38448 ----a-w- c:\windows\system32\drivers\symndisv.sys

2009-09-03 23:03 . 2009-09-03 23:03 39856 ----a-w- c:\windows\system32\drivers\symids.sys

2009-09-03 23:03 . 2009-09-03 23:03 35120 ----a-w- c:\windows\system32\drivers\symndis.sys

2009-09-03 23:03 . 2009-09-03 23:03 26416 ----a-w- c:\windows\system32\drivers\symredrv.sys

2009-09-03 23:03 . 2009-09-03 23:03 188080 ----a-w- c:\windows\system32\drivers\symtdi.sys

2009-09-03 23:03 . 2009-09-03 23:03 145968 ----a-w- c:\windows\system32\drivers\symfw.sys

2009-09-03 23:03 . 2009-09-03 23:03 12720 ----a-w- c:\windows\system32\drivers\symdns.sys

2009-09-03 16:45 . 2009-11-04 03:21 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-09-03 05:22 . 2009-09-03 05:22 1961720 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

2009-08-29 08:08 . 2004-08-11 21:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-26 08:00 . 2004-08-11 21:00 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-26 03:05 . 2009-08-26 03:05 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys

2009-08-26 03:05 . 2009-08-26 03:05 320560 ----a-w- c:\windows\system32\drivers\srtspl.sys

2009-08-26 03:05 . 2009-08-26 03:05 281648 ----a-w- c:\windows\system32\drivers\srtsp.sys

2009-08-15 00:04 . 2009-08-15 00:04 239088 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Mozilla\plugins\npgoogletalk.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]

[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]

[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]

[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]

[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]

"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-28 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-28 162328]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-28 137752]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-10 227328]

"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\Joe Kirsits\Start Menu\Programs\Startup\

DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-27 368640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-10-23 25214]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Joe Kirsits\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Joe Kirsits\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\uSirius\\uSirius.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe"=

"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

"c:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe"=

"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=

"c:\\Program Files\\Common Files\\LogiShrd\\LQCVFX\\COCIManager.exe"=

"c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"=

"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/3/2009 8:21 PM 207280]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/3/2009 8:25 PM 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/3/2009 8:25 PM 59664]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/3/2009 8:21 PM 229304]

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [1/23/2007 12:58 AM 133968]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/3/2009 8:24 PM 112592]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/2/2009 4:46 PM 102448]

S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [1/23/2007 12:45 AM 42832]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/3/2009 8:21 PM 70408]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/3/2009 8:20 PM 358600]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/3/2009 8:25 PM 33552]

S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

.

Contents of the 'Scheduled Tasks' folder

2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3666018106-4025043593-1585384227-1005Core.job

- c:\documents and settings\Joe Kirsits\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-03 00:10]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3666018106-4025043593-1585384227-1005UA.job

- c:\documents and settings\Joe Kirsits\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-03 00:10]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

- - - - ORPHANS REMOVED - - - -

BHO-{b869605e-4aeb-4d9c-a98d-777049ac8ba6} - jaguvonu.dll

HKLM-Run-hemofesase - wapoyali.dll

SharedTaskScheduler-{1b882e46-4bd2-43ed-90db-8414f64ca72d} - (no file)

SSODL-tuvudevuh-{1b882e46-4bd2-43ed-90db-8414f64ca72d} - (no file)

SSODL-SysNet-{1E6818E2-FE1C-46FB-8D79-88F244D87DA7} - c:\documents and settings\All Users\Microsoft AData\sysnet.dll

Notify-NavLogon - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-05 09:38

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,23,50,0a,5b,b5,ab,40,92,5e,03,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,23,50,0a,5b,b5,ab,40,92,5e,03,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(948)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2280)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe

c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.EXE

c:\program files\ATI Technologies\ATI.ACE\cli.exe

c:\program files\ATI Technologies\ATI.ACE\cli.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2009-11-05 9:44 - machine was rebooted

ComboFix-quarantined-files.txt 2009-11-05 16:44

Pre-Run: 117,854,744,576 bytes free

Post-Run: 117,808,893,952 bytes free

Link to post
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept