My Anti Spyware

[christopherdamon]

My Computer Recently Started Going Really Slow, I Had To Boot In Safe Mode And Clean It A Little That Way I Could Type This Message.

I Ran Combofix, Spyware Doctor, Dr. Web, And S&D Spybot.

Dr. Web Stated My Hosts File Was Changed, S&d Spybot Showed And Fixed 21 Medium Threat Level Problems And I Have The Combofix Log And A Spyware Doctor Screen Print.

ComboFix 11-11-23.01 - Christopher 11/23/2011 14:59:07.9.1 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2037.896 [GMT -8:00]
Running from: c:\users\Christopher\Desktop\Music\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 22:41 . 2011-11-23 23:05 -------- d-----w- c:\users\Christopher\AppData\Local\CrashDumps
2011-11-23 22:36 . 2011-11-23 23:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-23 22:35 . 2009-01-25 21:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-11-23 22:35 . 2011-11-23 22:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-11-23 22:34 . 2011-11-23 22:34 -------- d-----w- c:\programdata\Comodo
2011-11-23 22:34 . 2011-11-23 22:34 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-11-23 22:34 . 2011-11-23 22:34 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-11-23 22:34 . 2011-11-23 22:34 -------- d-----w- c:\program files\COMODO
2011-11-23 22:34 . 2011-11-23 22:34 -------- d-----w- c:\programdata\Comodo Downloader
2011-11-23 22:25 . 2010-07-16 22:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-11-23 22:25 . 2010-07-16 22:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-11-23 22:25 . 2011-01-17 17:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-23 22:25 . 2010-12-16 16:38 103232 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-11-23 22:24 . 2010-12-11 00:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-23 22:24 . 2010-12-10 21:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-23 22:24 . 2010-12-16 16:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-23 22:24 . 2011-11-23 22:52 -------- d-----w- c:\program files\PC Tools Security
2011-11-23 22:24 . 2011-11-23 22:27 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-23 22:24 . 2011-11-23 22:24 -------- d-----w- c:\users\Christopher\AppData\Roaming\PC Tools
2011-11-23 22:23 . 2011-11-23 22:24 -------- d-----w- c:\programdata\PC Tools
2011-11-23 22:06 . 2011-11-23 22:06 -------- d-----w- c:\users\Christopher\AppData\Local\ID Vault
2011-11-22 06:10 . 2011-11-22 06:10 -------- d-----w- c:\program files\Speccy
2011-11-17 00:01 . 2010-08-21 04:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-17 00:00 . 2011-11-17 01:09 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-17 00:00 . 2011-11-17 01:09 -------- d-----w- c:\program files\Symantec
2011-11-17 00:00 . 2011-11-17 00:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-11-16 23:59 . 2011-11-22 07:43 -------- d-----w- c:\windows\system32\drivers\N360
2011-11-16 23:59 . 2011-11-16 23:59 -------- d-----w- c:\program files\Norton Security Suite
2011-11-16 23:59 . 2011-11-16 23:59 -------- d-----w- c:\program files\NortonInstaller
2011-11-16 23:58 . 2011-11-16 23:59 -------- d-----w- c:\programdata\Norton
2011-11-16 23:53 . 2011-11-16 23:54 -------- d-----w- c:\users\User\AppData\Local\ID Vault
2011-11-16 23:53 . 2011-11-16 23:53 -------- d-----w- c:\programdata\IsolatedStorage
2011-11-16 23:53 . 2011-11-16 23:53 -------- d-----w- c:\users\User\AppData\Roaming\ID Vault
2011-11-16 23:52 . 2011-11-16 23:52 -------- d-----w- c:\users\Christopher\AppData\Roaming\ID Vault
2011-11-16 23:51 . 2011-07-05 18:24 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2011-11-16 23:49 . 2011-11-16 23:50 -------- d-----w- c:\programdata\GID
2011-11-16 23:49 . 2011-11-16 23:49 -------- d-----w- c:\program files\SFT
2011-11-16 23:48 . 2011-11-20 11:50 -------- d-----w- c:\program files\Constant Guard Protection Suite
2011-11-16 23:47 . 2011-11-16 23:47 -------- d-----w- c:\programdata\White Sky, Inc
2011-11-16 23:40 . 2011-11-16 23:40 -------- d-----w- C:\extensions
2011-11-16 23:40 . 2011-11-16 23:40 -------- d-----w- c:\program files\Conduit
2011-11-16 23:40 . 2011-11-16 23:40 -------- d-----w- c:\users\Christopher\AppData\Local\Conduit
2011-11-16 23:40 . 2011-11-16 23:40 -------- d-----w- c:\program files\uTorrentBar
2011-11-16 23:40 . 2011-11-16 23:40 -------- d-----w- c:\users\Christopher\AppData\Local\uTorrent
2011-11-16 23:39 . 2011-11-22 07:51 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2011-11-16 23:39 . 2011-11-16 23:39 -------- d-----w- c:\users\User\AppData\Local\uTorrent
2011-11-15 11:57 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30F3C13B-1ACD-4EC8-B9D7-2A291FC48A71}\mpengine.dll
2011-11-09 03:50 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 03:50 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 03:50 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-03 20:23 . 2011-11-23 07:32 -------- d-----w- c:\users\User\AppData\Local\Akamai
2011-10-28 04:12 . 2011-10-28 04:12 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-10-28 04:11 . 2011-10-28 04:11 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-10-28 04:02 . 2011-10-28 04:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-10-28 04:00 . 2011-10-28 04:00 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-10-28 03:12 . 2011-10-28 03:12 -------- d-----w- c:\users\Christopher\AppData\Local\Microsoft Help
2011-10-28 03:12 . 2011-11-09 11:06 -------- d-----w- c:\programdata\Microsoft Help
2011-10-27 06:29 . 2011-10-27 06:29 -------- d-----w- c:\program files\Common Files\xing shared
2011-10-27 06:28 . 2011-10-27 06:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-27 06:28 . 2011-10-27 06:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-27 06:28 . 2011-10-27 06:29 -------- d-----w- c:\program files\Real
2011-10-27 02:53 . 2011-10-27 02:53 -------- d-----w- c:\program files\VstPlugins
2011-10-27 02:53 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2011-10-27 02:53 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-10-27 02:53 . 2011-10-27 02:53 -------- d-----w- c:\program files\Outsim
2011-10-27 02:49 . 2011-10-27 02:53 -------- d-----w- c:\program files\Image-Line
2011-10-25 20:41 . 2011-10-25 22:11 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2011-10-25 20:41 . 2011-10-25 20:41 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2011-10-25 17:08 . 2011-10-25 17:08 -------- d-----w- c:\program files\iPod
2011-10-25 17:08 . 2011-10-25 17:09 -------- d-----w- c:\program files\iTunes
2011-10-25 17:04 . 2011-10-25 17:04 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 02:35 . 2011-10-14 10:09 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-14 10:09 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-14 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05 . 2011-08-31 06:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05 . 2011-08-31 06:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-27 04:26 . 2011-10-13 19:44 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-13 19:44 233472 ----a-w- c:\windows\system32\oleacc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Christopher\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-10-27 273528]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 182584]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2011-11-18 4680264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching "= 1 (0x1)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Christopher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Christopher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 19:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 11:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
2010-03-09 12:28 11989960 ----a-w- c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 12:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
2011-08-09 23:56 417112 ----a-w- c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-30 05:16 136176 ----atw- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-12 01:15 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-12 01:15 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-10 01:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-12-30 22:53 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-12 01:15 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 20:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 21:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRS]
2011-07-08 02:24 1206276 ----a-w- c:\program files\NCH Swift Sound\VRS\vrs.exe
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys [2011-11-15 819320]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111122.030\IDSvix86.sys [2011-11-16 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2010-11-16 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0501000.01D\SYMNETS.SYS [2011-07-09 299640]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [2011-11-18 63048]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-17 32672]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
R2 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [2011-02-02 12648]
R2 VRSService;VRS Recording System;c:\program files\NCH Swift Sound\VRS\vrs.exe [2011-07-08 1206276]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-16 106104]
R3 LRC;LRC;c:\users\CHRIST~1\AppData\Local\Temp\LRC.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-11-23 4012424]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [2010-11-15 390944]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-18 111152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-30 1343400]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-10 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 GIDv2;GIDv2; [x]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 154424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 18:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-23 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-11-23 23:46]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2887291465-960148841-4248970860-1001Core.job
- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-30 05:16]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2887291465-960148841-4248970860-1001UA.job
- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-30 05:16]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2887291465-960148841-4248970860-1004Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-28 04:28]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2887291465-960148841-4248970860-1004UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-28 04:28]
.
2011-11-23 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-11-23 23:46]
.
2011-11-23 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-11-23 23:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 68.87.76.182 68.87.78.134
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2887291465-960148841-4248970860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2887291465-960148841-4248970860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(844)
c:\windows\System32\SyncCenter.dll
c:\windows\System32\bthprops.cpl
.
Completion time: 2011-11-23 15:13:10
ComboFix-quarantined-files.txt 2011-11-23 23:13
ComboFix2.txt 2011-09-27 05:02
ComboFix3.txt 2011-07-15 02:09
ComboFix4.txt 2011-05-23 23:18
ComboFix5.txt 2011-11-23 22:55
.
Pre-Run: 60,898,955,264 bytes free
Post-Run: 60,808,146,944 bytes free
.
- - End Of File - - 7359AA4D93C479EF0BA93ECC2626B72D


Uploaded with ImageShack.us

[12056]

Hello,

Please download and run SuperAntiSpyware from here.
Preform a "Quick Scan" and remove any infections found.

Then, Create a new HijackThis log file, so that we can remove any traces left behind.