jeff1955
2010-09-08, 23:40
Hi again,
I have been notified that an account of mine has been suspended due to an infection of some description on my computer.
I never share ANY account details, so I suspect a keylogger/Trojan infection.
I have noticed, over the last couple of days, Internet Explorer and Window's Mail operating much more slowly than before. There is also a great deal of disc activity.
I have run Malewarebytes, Spyware Doctor and Spybot on full scans (even trying them in Safe Mode) each reports a clean machine. I downloaded PC Matic's PC Pitstop a while ago, it reports an infection 'Ezula'. I simply suspected this was a ploy to get me to buy the product as all my other anti-nasty ware was reporting clean.
Below - the DDS report pasted and the Attach report zipped and attached as requested.
Jeff Simpson
DDS (Ver_10-03-17.01) - NTFSX64
Run by Owner at 21:13:53.89 on 08/09/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.2731 [GMT 1:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\lxbccoms.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtMonEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/webhp?rls=ig
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?
b=ACPW&l=0809&m=ixtreme_m3720&r=1v3607090606p0385vq55y46619201
mStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?
b=ACPW&l=0809&m=ixtreme_m3720&r=1v3607090606p0385vq55y46619201
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=userinit.exe
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files (x86)
\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1
\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)
\java\jre1.5.0_07\bin\ssv.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program
files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files (x86)
\spyware doctor\bdt\PCTBrowserDefender.dll
mRun: [ISTray] "c:\program files (x86)\spyware doctor\pctsTray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program
files (x86)\java\jre1.5.0_07\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program
files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -
c:\progra~2\spybot~1\SDHelper.dll
LSP: c:\program files (x86)\common files\pc tools\lsp\PCTLsp.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} -
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} -
hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} -
hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} -
hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} -
hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)
\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1
\skype\SKYPE4~1.DLL
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} -
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [FijiKeyboard] c:\acer\preload\autorun\drv\fiji keyboard\ABoard.exe
mRun-x64: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun-x64: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-1-2 233488]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-5-16 65072]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-5-16 60416]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi64.sys [2010-1-2 306648]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\spyware
doctor\bdt\BDTUpdateService.exe [2010-1-2 112592]
R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32
\lxbccoms.exe -service [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe
[2009-9-20 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files (x86)\spyware doctor\pctsSvc.exe
[2009-9-20 1142224]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys
[2009-8-21 84512]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg64.sys [2010-1-2 92896]
R3 SaiH0004;SaiH0004;c:\windows\system32\drivers\SaiH0004.sys [2007-5-1 171144]
R3 SaiHFF52;SaiHFF52;c:\windows\system32\drivers\SaiHFF52.sys [2007-5-1 171144]
R3 SaiL0004;SaiL0004;c:\windows\system32\drivers\SaiL0004.sys [2007-5-1 18048]
R3 SaiU0004;SaiU0004;c:\windows\system32\drivers\SaiU0004.sys [2007-5-1 34304]
R3 SaiUFF52;SaiUFF52;c:\windows\system32\drivers\saiuFF52.sys [2007-5-1 34304]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-5-16 41888]
R3 ThreatFire;ThreatFire;c:\program files (x86)\spyware doctor\tfengine\tfservice.exe service -->
c:\program files (x86)\spyware doctor\tfengine\TFService.exe service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN
v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN
v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Norton Internet Security;Norton Internet Security;"c:\program files (x86)\norton internet
security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files
(x86)\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files
(x86)\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k
LocalServiceAndNoImpersonation [2008-1-21 27648]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache
4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18
1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN
v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)
\pcpitstop\PCPitstopScheduleService.exe [2010-1-25 85504]
=============== Created Last 30 ================
2010-09-08 19:26:48 0 d-----w- c:\programdata\PCPitstopDat
2010-08-12 06:25:08 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 06:25:04 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 06:25:04 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 06:25:03 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 06:25:02 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 06:25:02 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-12 06:24:23 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-12 06:24:21 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 06:24:03 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 06:24:03 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
==================== Find3M ====================
2010-08-05 15:53:17 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-05 15:53:17 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-05 15:53:16 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-05 13:52:11 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-07-26 15:51:48 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-18 15:31:22 0 ---ha-w- c:\windows\system32
\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-06-29 16:03:43 1032192 ----a-w- c:\windows\system32\wininet.dll
2010-06-29 15:47:12 834048 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-29 15:46:59 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-29 15:44:16 477184 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-06-29 15:44:15 3603456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-29 15:43:04 6080000 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-29 15:43:04 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-29 15:43:00 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-06-28 16:52:22 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-06-11 16:39:28 343040 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:16:20 274944 ----a-w- c:\windows\syswow64\schannel.dll
2009-12-04 13:51:58 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-17 08:57:32 16384 --sha-w-
c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-04-17 08:57:32 16384 --sha-w-
c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-04-17 08:57:32 32768 --sha-w-
c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5
\index.dat
============= FINISH: 21:17:24.00 ===============
I have been notified that an account of mine has been suspended due to an infection of some description on my computer.
I never share ANY account details, so I suspect a keylogger/Trojan infection.
I have noticed, over the last couple of days, Internet Explorer and Window's Mail operating much more slowly than before. There is also a great deal of disc activity.
I have run Malewarebytes, Spyware Doctor and Spybot on full scans (even trying them in Safe Mode) each reports a clean machine. I downloaded PC Matic's PC Pitstop a while ago, it reports an infection 'Ezula'. I simply suspected this was a ploy to get me to buy the product as all my other anti-nasty ware was reporting clean.
Below - the DDS report pasted and the Attach report zipped and attached as requested.
Jeff Simpson
DDS (Ver_10-03-17.01) - NTFSX64
Run by Owner at 21:13:53.89 on 08/09/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.2731 [GMT 1:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\lxbccoms.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtMonEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/webhp?rls=ig
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?
b=ACPW&l=0809&m=ixtreme_m3720&r=1v3607090606p0385vq55y46619201
mStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?
b=ACPW&l=0809&m=ixtreme_m3720&r=1v3607090606p0385vq55y46619201
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=userinit.exe
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files (x86)
\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1
\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)
\java\jre1.5.0_07\bin\ssv.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program
files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files (x86)
\spyware doctor\bdt\PCTBrowserDefender.dll
mRun: [ISTray] "c:\program files (x86)\spyware doctor\pctsTray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program
files (x86)\java\jre1.5.0_07\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program
files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -
c:\progra~2\spybot~1\SDHelper.dll
LSP: c:\program files (x86)\common files\pc tools\lsp\PCTLsp.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} -
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} -
hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} -
hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} -
hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} -
hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)
\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1
\skype\SKYPE4~1.DLL
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} -
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [FijiKeyboard] c:\acer\preload\autorun\drv\fiji keyboard\ABoard.exe
mRun-x64: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun-x64: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-1-2 233488]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-5-16 65072]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-5-16 60416]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi64.sys [2010-1-2 306648]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\spyware
doctor\bdt\BDTUpdateService.exe [2010-1-2 112592]
R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32
\lxbccoms.exe -service [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe
[2009-9-20 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files (x86)\spyware doctor\pctsSvc.exe
[2009-9-20 1142224]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys
[2009-8-21 84512]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg64.sys [2010-1-2 92896]
R3 SaiH0004;SaiH0004;c:\windows\system32\drivers\SaiH0004.sys [2007-5-1 171144]
R3 SaiHFF52;SaiHFF52;c:\windows\system32\drivers\SaiHFF52.sys [2007-5-1 171144]
R3 SaiL0004;SaiL0004;c:\windows\system32\drivers\SaiL0004.sys [2007-5-1 18048]
R3 SaiU0004;SaiU0004;c:\windows\system32\drivers\SaiU0004.sys [2007-5-1 34304]
R3 SaiUFF52;SaiUFF52;c:\windows\system32\drivers\saiuFF52.sys [2007-5-1 34304]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-5-16 41888]
R3 ThreatFire;ThreatFire;c:\program files (x86)\spyware doctor\tfengine\tfservice.exe service -->
c:\program files (x86)\spyware doctor\tfengine\TFService.exe service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN
v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN
v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Norton Internet Security;Norton Internet Security;"c:\program files (x86)\norton internet
security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files
(x86)\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files
(x86)\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k
LocalServiceAndNoImpersonation [2008-1-21 27648]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache
4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18
1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN
v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)
\pcpitstop\PCPitstopScheduleService.exe [2010-1-25 85504]
=============== Created Last 30 ================
2010-09-08 19:26:48 0 d-----w- c:\programdata\PCPitstopDat
2010-08-12 06:25:08 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 06:25:04 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 06:25:04 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 06:25:03 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 06:25:02 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 06:25:02 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-12 06:24:23 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-12 06:24:21 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 06:24:03 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 06:24:03 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
==================== Find3M ====================
2010-08-05 15:53:17 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-05 15:53:17 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-05 15:53:16 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-05 13:52:11 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-07-26 15:51:48 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-18 15:31:22 0 ---ha-w- c:\windows\system32
\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-06-29 16:03:43 1032192 ----a-w- c:\windows\system32\wininet.dll
2010-06-29 15:47:12 834048 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-29 15:46:59 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-29 15:44:16 477184 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-06-29 15:44:15 3603456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-29 15:43:04 6080000 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-29 15:43:04 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-29 15:43:00 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-06-28 16:52:22 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-06-11 16:39:28 343040 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:16:20 274944 ----a-w- c:\windows\syswow64\schannel.dll
2009-12-04 13:51:58 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-17 08:57:32 16384 --sha-w-
c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-04-17 08:57:32 16384 --sha-w-
c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-04-17 08:57:32 32768 --sha-w-
c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5
\index.dat
============= FINISH: 21:17:24.00 ===============