I have a machine that has been infected with Personal Guard 2009.

I have dowloaded and stared to run the ComboFix Tool.

At the end of its process, it indicated that it needed to reboot, and to allow combo fix to do this.

There were 3 pop ups for programs that couldn't start because the system was shutting down. Now it is stalled at the "Windows is Shutting Down... " screen.

Can I force the shutdown? Will ComboFix finish?

This is the HijackThis Logfile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:22 PM, on 11/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\I386\winnt32.exe
C:\Documents and Settings\Joe Kirsits\Application Data\U3\3515100CC5439427\LaunchPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071010
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071010
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {b869605e-4aeb-4d9c-a98d-777049ac8ba6} - jaguvonu.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [hemofesase] Rundll32.exe "wapoyali.dll",s
O4 - HKLM\..\Run: [personalguard] C:\Program Files\Personal Guard 2009\personalguard.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\yirejame.dll,kinotige.dll
O21 - SSODL: tuvudevuh - {1b882e46-4bd2-43ed-90db-8414f64ca72d} - (no file)
O21 - SSODL: SysNet - {1E6818E2-FE1C-46FB-8D79-88F244D87DA7} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll
O22 - SharedTaskScheduler: kupuhivus - {1b882e46-4bd2-43ed-90db-8414f64ca72d} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 13592 bytes

I restarted the machine and reran ComboFix...Here is the log.

Do I need to run anything else? I couldn't figure out how to disable spyware doctor...



ComboFix 09-11-04.02 - Joe Kirsits 11/05/2009 9:29.2.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2791 [GMT -7:00]
Running from: c:\documents and settings\Joe Kirsits\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
---- Previous Run -------
.
c:\documents and settings\All Users\Microsoft AData\sysnet.dll
c:\documents and settings\All Users\Microsoft AData\t.sid
c:\documents and settings\Joe Kirsits\Desktop\Personal Guard 2009.lnk
c:\documents and settings\Joe Kirsits\Start Menu\Programs\Personal Guard 2009\Personal Guard 2009.lnk
c:\documents and settings\Joe Kirsits\Start Menu\Programs\Personal Guard 2009\Uninstall.lnk
c:\program files\Personal Guard 2009\config.scf
c:\program files\Personal Guard 2009\mmbase.sdb
c:\program files\Personal Guard 2009\personalguard.exe
c:\program files\Personal Guard 2009\q.sdb
c:\program files\Personal Guard 2009\uninstalls.exe
c:\program files\Personal Guard 2009\vvbase.sdb
c:\windows\microsoftdef.dll
c:\windows\system32\a9k.bin
c:\windows\system32\biserano.exe
c:\windows\system32\dogubina.exe
c:\windows\system32\dozilibe.dll
c:\windows\system32\feresefa.dll
c:\windows\system32\jaguvonu.dll
c:\windows\system32\jigefuwi.exe
c:\windows\system32\kataliwo.dll
c:\windows\system32\kibemole.dll
c:\windows\system32\kinotige.dll
c:\windows\system32\kudavori.dll
c:\windows\system32\logon.exe
c:\windows\system32\roledufe.exe
c:\windows\system32\tatokalo.exe
c:\windows\system32\telemize.exe
c:\windows\system32\tonasuta.dll
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\veyesera.dll
c:\windows\system32\vuhodoji.dll
c:\windows\system32\wapoyali.dll
c:\windows\system32\yopogeli.dll
c:\windows\TEMP\logishrd\LVPrcInj07.dll

-- Previous Run --

Infected copy of c:\windows\system32\drivers\aec.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\aec.sys

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\system32\dllcache\proquota.exe

--------

.
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-04 21:20 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-04 21:14 . 2009-11-04 21:14 380416 ----a-w- c:\windows\system32\winsc.exe
2009-11-04 20:51 . 2009-11-04 20:51 -------- d-----w- c:\program files\Trend Micro
2009-11-04 19:59 . 2007-10-23 16:27 110592 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\U3\temp\cleanup.exe
2009-11-04 19:58 . 2008-05-02 17:41 3493888 ---ha-w- c:\documents and settings\Joe Kirsits\Application Data\U3\temp\Launchpad Removal.exe
2009-11-04 19:58 . 2009-11-04 21:03 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\U3
2009-11-04 19:50 . 2009-11-04 19:50 -------- d--h--w- c:\windows\PIF
2009-11-04 05:37 . 2009-11-04 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-04 03:39 . 2009-11-04 03:39 -------- d-----w- c:\documents and settings\Joe Kirsits\Local Settings\Application Data\Threat Expert
2009-11-04 03:25 . 2009-10-08 20:14 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-11-04 03:25 . 2009-10-08 20:14 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-11-04 03:20 . 2009-11-04 03:20 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\PC Tools
2009-11-04 02:58 . 2009-11-04 21:00 51197 ----a-w- c:\windows\spoov.exe
2009-11-04 02:58 . 2009-11-04 21:00 47872 ----a-w- c:\windows\certsystem.exe
2009-11-04 02:58 . 2009-11-04 21:00 38352 ----a-w- c:\windows\regred.exe
2009-11-04 02:58 . 2009-11-04 21:00 33149 ----a-w- c:\windows\usexplorer.exe
2009-11-04 02:58 . 2009-11-04 21:00 28320 ----a-w- c:\windows\securits.com
2009-11-03 21:26 . 2009-11-03 21:26 152576 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-03 00:34 . 2009-11-03 00:34 -------- d-----w- c:\program files\Common Files\Logitech
2009-11-03 00:32 . 2009-11-03 00:32 -------- d-----w- c:\documents and settings\Joe Kirsits\Local Settings\Application Data\Downloaded Installations
2009-11-02 23:47 . 2009-04-21 05:12 149768 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2009-11-02 23:46 . 2009-09-18 01:38 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2009-11-02 23:45 . 2009-11-02 23:45 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-02 23:45 . 2009-11-02 23:45 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-02 23:45 . 2006-05-16 19:58 2584848 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\WindowsInstaller-KB893803-x86.exe
2009-11-02 23:45 . 2009-09-18 08:54 300432 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\Setup.exe
2009-11-02 23:45 . 2009-09-18 01:27 669000 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\smcinst.exe
2009-11-02 23:45 . 2009-07-16 09:21 3557096 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\LUSETUP.EXE
2009-11-02 23:45 . 2009-07-16 09:21 927096 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\LuCheck.exe
2009-11-01 20:58 . 2009-10-11 11:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-01 20:58 . 2009-11-01 20:58 152576 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-11-01 20:51 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-11-01 20:51 . 2001-08-18 05:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-01 20:51 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-11-01 20:49 . 2001-08-17 19:13 16925 ----a-w- c:\windows\system32\dllcache\w940nd.sys
2009-11-01 20:48 . 2001-08-17 20:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2009-11-01 20:47 . 2004-08-04 09:00 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys
2009-11-01 20:46 . 2001-08-17 19:51 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys
2009-11-01 20:45 . 2001-08-17 19:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2009-11-01 20:44 . 2001-08-17 19:50 41216 ----a-w- c:\windows\system32\dllcache\s3mt3d.sys
2009-11-01 20:43 . 2008-04-14 00:12 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll
2009-11-01 20:42 . 2001-08-17 21:05 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys
2009-11-01 20:41 . 2001-08-18 05:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-11-01 20:40 . 2001-08-17 19:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2009-11-01 20:39 . 2001-08-17 20:28 797500 ----a-w- c:\windows\system32\dllcache\ltsmt.sys
2009-11-01 20:38 . 2004-08-04 09:00 59904 ----a-w- c:\windows\system32\dllcache\imkrinst.exe
2009-11-01 20:37 . 2001-08-17 20:28 67167 ----a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2009-11-01 20:36 . 2001-08-17 19:13 27165 ----a-w- c:\windows\system32\dllcache\fetnd5.sys
2009-11-01 20:35 . 2004-08-04 09:00 514587 ----a-w- c:\windows\system32\dllcache\edb500.dll
2009-11-01 20:34 . 2004-08-04 09:00 56320 ----a-w- c:\windows\system32\dllcache\convlog.exe
2009-11-01 20:33 . 2001-08-17 20:49 26624 ----a-w- c:\windows\system32\dllcache\alifir.sys
2009-11-01 20:31 . 2004-08-04 09:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2009-11-01 20:31 . 2001-08-17 21:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-11-01 20:31 . 2004-08-04 09:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-11-01 20:31 . 2004-08-04 09:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-11-01 20:31 . 2004-08-04 09:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2009-11-01 20:31 . 2004-08-04 09:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-11-01 20:31 . 2004-08-04 09:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-11-01 20:31 . 2004-08-04 09:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2009-10-30 23:58 . 2009-11-05 16:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-30 23:57 . 2009-11-04 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-30 23:36 . 2009-10-30 23:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-22 06:59 . 2009-10-22 06:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-10-22 06:59 . 2009-10-22 06:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache
2009-10-17 03:00 . 2009-10-17 03:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-10 16:49 . 2009-10-10 16:49 127872 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Move Networks\uninstall.exe
2009-10-10 16:49 . 2009-10-10 16:51 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\Move Networks
2009-10-07 06:54 . 2009-10-07 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-07 06:53 . 2009-10-07 06:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-07 04:47 . 2009-10-07 04:47 -------- d-----w- c:\windows\system32\scripting
2009-10-07 04:47 . 2009-10-07 04:47 -------- d-----w- c:\windows\l2schemas
2009-10-07 04:47 . 2009-10-07 04:47 -------- d-----w- c:\windows\system32\en
2009-10-07 04:47 . 2009-10-07 04:47 -------- d-----w- c:\windows\system32\bits
2009-10-07 04:36 . 2009-10-07 04:36 -------- d-sh--w- c:\documents and settings\Joe Kirsits\IECompatCache
2009-10-07 04:34 . 2009-10-07 04:34 -------- d-sh--w- c:\documents and settings\Joe Kirsits\PrivacIE
2009-10-07 04:32 . 2009-10-07 04:32 -------- d-sh--w- c:\documents and settings\Joe Kirsits\IETldCache
2009-10-07 04:31 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-07 04:31 . 2009-10-07 04:31 -------- d-----w- c:\windows\ie8updates
2009-10-07 04:30 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-07 04:30 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-07 04:30 . 2009-10-07 04:30 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 20:59 . 2009-11-04 03:20 -------- d-----w- c:\program files\Spyware Doctor
2009-11-04 17:14 . 2008-12-03 16:48 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\Skype
2009-11-04 17:10 . 2007-10-10 19:01 5776 ----a-w- c:\windows\system32\drivers\ADIHdAud.sys
2009-11-04 15:59 . 2008-12-03 16:51 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\skypePM
2009-11-04 03:25 . 2009-11-04 03:20 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-03 21:27 . 2007-10-10 19:14 -------- d-----w- c:\program files\Java
2009-11-02 23:47 . 2007-10-23 17:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-02 23:47 . 2007-10-23 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-02 23:45 . 2007-10-23 17:04 -------- d-----w- c:\program files\Symantec
2009-11-02 23:45 . 2009-11-02 23:45 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-02 23:45 . 2009-11-02 23:45 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-10 16:49 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-10-08 20:14 . 2009-11-04 03:25 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-10-08 18:31 . 2009-11-04 03:24 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-10-08 18:31 . 2009-11-04 03:24 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-10-08 18:31 . 2009-11-04 03:24 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-10-08 18:31 . 2009-11-04 03:24 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-07 06:57 . 2007-10-10 19:20 96624 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-07 04:49 . 2004-08-11 21:14 87699 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-06 23:31 . 2009-11-04 03:21 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-02 21:19 . 2009-11-04 03:24 1152470 ----a-w- c:\windows\UDB.zip
2009-09-24 15:55 . 2009-11-04 03:21 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-23 23:10 . 2009-11-04 03:21 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-18 01:31 . 2009-09-18 01:31 42312 ----a-w- c:\windows\system32\drivers\WPSDRVnt.sys
2009-09-18 01:30 . 2009-09-18 01:30 357704 ----a-w- c:\windows\system32\sysfer.dll
2009-09-18 01:30 . 2009-09-18 01:30 107848 ----a-w- c:\windows\system32\SymVPN.dll
2009-09-18 01:28 . 2009-09-18 01:28 87368 ----a-w- c:\windows\system32\FwsVpn.dll
2009-09-16 10:20 . 2009-10-31 20:13 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 13:20 . 2009-11-04 03:21 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 09:12 . 2009-11-04 03:21 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 08:01 . 2009-11-04 03:21 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-11 14:18 . 2004-08-11 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 04:53 . 2009-09-09 04:52 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\W Photo Studio
2009-09-09 04:52 . 2009-09-09 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Walgreens
2009-09-09 04:52 . 2007-10-28 03:48 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\Walgreens
2009-09-09 04:52 . 2009-09-09 04:52 -------- d-----w- c:\program files\Common Files\HP
2009-09-09 04:52 . 2009-09-09 04:52 -------- d-----w- c:\program files\Walgreens
2009-09-09 04:52 . 2008-05-08 03:40 -------- d-----w- c:\documents and settings\Joe Kirsits\Application Data\W Photo Studio Viewer
2009-09-08 16:17 . 2008-03-03 02:51 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-08 16:16 . 2008-03-03 02:51 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-09-04 21:03 . 2004-08-11 21:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 23:17 . 2009-09-03 23:17 625032 ----a-w- c:\windows\system32\SymNeti.dll
2009-09-03 23:16 . 2009-09-03 23:16 242056 ----a-w- c:\windows\system32\SymRedir.dll
2009-09-03 23:03 . 2009-09-03 23:03 38448 ----a-w- c:\windows\system32\drivers\symndisv.sys
2009-09-03 23:03 . 2009-09-03 23:03 39856 ----a-w- c:\windows\system32\drivers\symids.sys
2009-09-03 23:03 . 2009-09-03 23:03 35120 ----a-w- c:\windows\system32\drivers\symndis.sys
2009-09-03 23:03 . 2009-09-03 23:03 26416 ----a-w- c:\windows\system32\drivers\symredrv.sys
2009-09-03 23:03 . 2009-09-03 23:03 188080 ----a-w- c:\windows\system32\drivers\symtdi.sys
2009-09-03 23:03 . 2009-09-03 23:03 145968 ----a-w- c:\windows\system32\drivers\symfw.sys
2009-09-03 23:03 . 2009-09-03 23:03 12720 ----a-w- c:\windows\system32\drivers\symdns.sys
2009-09-03 16:45 . 2009-11-04 03:21 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-03 05:22 . 2009-09-03 05:22 1961720 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-08-29 08:08 . 2004-08-11 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-11 21:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 03:05 . 2009-08-26 03:05 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2009-08-26 03:05 . 2009-08-26 03:05 320560 ----a-w- c:\windows\system32\drivers\srtspl.sys
2009-08-26 03:05 . 2009-08-26 03:05 281648 ----a-w- c:\windows\system32\drivers\srtsp.sys
2009-08-15 00:04 . 2009-08-15 00:04 239088 ----a-w- c:\documents and settings\Joe Kirsits\Application Data\Mozilla\plugins\npgoogletalk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-28 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-28 137752]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-10 227328]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\Joe Kirsits\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-27 368640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-10-23 25214]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Joe Kirsits\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Joe Kirsits\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\uSirius\\uSirius.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LQCVFX\\COCIManager.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/3/2009 8:21 PM 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/3/2009 8:25 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/3/2009 8:25 PM 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/3/2009 8:21 PM 229304]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [1/23/2007 12:58 AM 133968]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/3/2009 8:24 PM 112592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/2/2009 4:46 PM 102448]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [1/23/2007 12:45 AM 42832]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/3/2009 8:21 PM 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/3/2009 8:20 PM 358600]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/3/2009 8:25 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3666018106-4025043593-1585384227-1005Core.job
- c:\documents and settings\Joe Kirsits\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-03 00:10]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3666018106-4025043593-1585384227-1005UA.job
- c:\documents and settings\Joe Kirsits\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-03 00:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{b869605e-4aeb-4d9c-a98d-777049ac8ba6} - jaguvonu.dll
HKLM-Run-hemofesase - wapoyali.dll
SharedTaskScheduler-{1b882e46-4bd2-43ed-90db-8414f64ca72d} - (no file)
SSODL-tuvudevuh-{1b882e46-4bd2-43ed-90db-8414f64ca72d} - (no file)
SSODL-SysNet-{1E6818E2-FE1C-46FB-8D79-88F244D87DA7} - c:\documents and settings\All Users\Microsoft AData\sysnet.dll
Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 09:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,23,50,0a,5b,b5,ab,40,92,5e,03,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,23,50,0a,5b,b5,ab,40,92,5e,03,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(948)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2280)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-05 9:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-05 16:44

Pre-Run: 117,854,744,576 bytes free
Post-Run: 117,808,893,952 bytes free