ComboFix 10-08-25.01 - Kieran 26/08/2010 13:02:25.1.3 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.2030 [GMT 1:00]
Running from: c:\users\Kieran\Desktop\zzz.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\UNWISE.EXE
c:\users\Kieran\AppData\Roaming\cglogs.dat
c:\windows\system32\PCLECoInst.dll
c:\windows\system32\wininit.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.
2010-08-26 12:09 . 2010-08-26 12:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-25 15:46 . 2010-05-07 09:39 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-08-25 15:44 . 2010-08-25 15:44 -------- d-----w- c:\programdata\Eastman Kodak Company
2010-08-25 15:44 . 2010-08-25 15:44 -------- d-----w- c:\users\Kieran\AppData\Local\Eastman_Kodak_Company
2010-08-25 15:44 . 2010-08-25 15:44 -------- d-----w- c:\users\Kieran\AppData\Local\Microsoft Corporation
2010-08-25 15:40 . 2010-08-25 15:40 -------- d-----w- c:\program files\Kodak
2010-08-25 15:40 . 2010-08-25 15:40 -------- d-----w- c:\program files\Bonjour
2010-08-25 15:37 . 2010-08-25 15:44 -------- d-----w- c:\users\Kieran\AppData\Local\Eastman Kodak Company
2010-08-25 15:36 . 2010-08-26 12:20 -------- d-----w- c:\programdata\Kodak
2010-08-25 15:33 . 2010-08-25 15:42 -------- d-----w- c:\windows\system32\kodak
2010-08-23 22:01 . 2010-08-23 22:01 -------- d-----w- c:\users\Kieran\AppData\Roaming\SYSTEMAX Software Development
2010-08-23 22:01 . 2010-08-23 22:01 -------- d-----w- c:\programdata\SYSTEMAX Software Development
2010-08-23 21:57 . 2010-08-23 21:57 -------- d-----w- c:\users\Kieran\AppData\Local\Zame
2010-08-23 21:45 . 2010-08-23 21:45 -------- d-----w- C:\_OTL
2010-08-21 23:14 . 2010-08-21 23:14 552 ----a-w- c:\users\Kieran\AppData\Local\d3d8caps.dat
2010-08-21 22:38 . 2010-08-21 22:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-21 22:32 . 2010-08-21 22:32 -------- d-----w- c:\program files\Common Files\Java
2010-08-21 22:31 . 2010-08-21 22:31 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-21 02:57 . 2010-08-21 02:57 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-08-17 10:35 . 2010-08-17 10:35 -------- d-----w- c:\program files\Trend Micro
2010-08-15 15:36 . 2010-08-15 15:36 -------- d-----w- c:\program files\IWONGEI
2010-08-15 03:11 . 2010-08-15 03:11 -------- d-----w- C:\Perfect World Entertainment
2010-08-15 03:09 . 2010-08-15 03:01 258352 ----a-w- c:\windows\system32\unicows.dll
2010-08-15 01:41 . 2010-08-15 03:09 -------- d-----w- c:\users\Kieran\AppData\Roaming\GetRightToGo
2010-08-14 01:09 . 2010-08-14 01:29 -------- d-----w- c:\users\Kieran\AppData\Roaming\IGN_DLM
2010-08-14 01:09 . 2010-08-14 01:09 -------- d-----w- c:\program files\Download Manager
2010-08-13 23:28 . 2010-08-13 23:28 -------- d-----w- c:\program files\Activision
2010-08-11 14:36 . 2010-06-11 15:31 274432 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 14:36 . 2010-06-21 13:18 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 14:36 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 14:36 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 14:36 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 14:36 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 14:36 . 2010-06-18 14:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 14:36 . 2010-06-18 14:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 14:36 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 07:53 . 2010-08-11 07:53 -------- d-----w- c:\windows\system32\Adobe
2010-08-09 15:27 . 2010-08-09 15:27 -------- d-----w- c:\users\Kieran\AppData\Local\Sony Ericsson
2010-08-09 15:04 . 2010-08-09 15:04 57344 --sha-r- c:\windows\system32\bootstr2.dll
2010-08-09 14:22 . 2010-08-09 14:22 -------- d-----w- c:\programdata\Sony Corporation
2010-08-09 14:22 . 2010-08-09 14:22 -------- d-----w- c:\program files\Sony
2010-08-09 14:21 . 2010-08-09 14:22 -------- d-----w- c:\program files\QuickTime
2010-08-09 14:21 . 2010-08-09 14:21 -------- d-----w- c:\programdata\Apple Computer
2010-08-09 14:20 . 2010-08-09 14:20 -------- d-----w- c:\program files\Common Files\Apple
2010-08-09 14:19 . 2010-08-09 14:19 -------- d-----w- c:\users\Kieran\AppData\Local\Apple
2010-08-09 14:19 . 2010-08-09 14:19 -------- d-----w- c:\program files\Apple Software Update
2010-08-09 14:19 . 2010-08-09 14:19 -------- d-----w- c:\programdata\Apple
2010-08-09 14:17 . 2010-08-09 14:18 -------- d-----w- c:\users\Kieran\AppData\Roaming\Sony Setup
2010-08-09 14:17 . 2010-08-09 14:17 -------- d-----w- c:\users\Kieran\AppData\Roaming\Sony
2010-08-09 14:17 . 2010-08-09 14:17 -------- d-----w- c:\program files\Sony Setup
2010-08-09 14:12 . 2010-08-09 14:12 -------- d-----w- c:\users\Kieran\AppData\Roaming\Tibia
2010-08-09 13:51 . 2010-08-09 13:51 -------- d-----w- c:\program files\Tibia
2010-08-08 20:35 . 2010-08-08 20:35 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2010-08-08 20:35 . 2010-08-08 20:35 17212 ----a-w- c:\windows\system32\SIntf32.dll
2010-08-08 20:35 . 2010-08-08 20:35 12067 ----a-w- c:\windows\system32\SIntf16.dll
2010-08-08 20:35 . 2010-08-08 20:35 -------- d-----w- c:\program files\directx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 12:22 . 2010-07-18 18:33 -------- d-----w- c:\program files\Steam
2010-08-26 12:21 . 2010-07-18 13:57 35757 ----a-w- c:\programdata\nvModes.dat
2010-08-25 15:03 . 2008-08-06 00:34 -------- d-----w- c:\programdata\Microsoft Help
2010-08-24 22:58 . 2010-07-18 18:33 -------- d-----w- c:\program files\Common Files\Steam
2010-08-24 13:06 . 2010-07-18 18:35 -------- d-----w- c:\users\Kieran\AppData\Roaming\Xfire
2010-08-21 23:14 . 2010-07-18 13:36 680 ----a-w- c:\users\Kieran\AppData\Local\d3d9caps.dat
2010-08-21 02:58 . 2010-07-24 23:29 -------- d-----w- c:\users\Kieran\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2010-08-21 02:29 . 2010-07-18 18:35 -------- d-----w- c:\users\Kieran\AppData\Roaming\GameTracker
2010-08-20 23:44 . 2010-07-18 18:42 224960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-20 23:39 . 2010-07-18 18:42 137944 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-14 22:26 . 2010-07-18 18:42 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-13 23:51 . 2010-07-18 18:42 22328 ----a-w- c:\users\Kieran\AppData\Roaming\PnkBstrK.sys
2010-08-13 23:51 . 2010-07-18 18:42 22328 ----a-w- c:\users\Kieran\AppData\Roaming\PnkBstrK.sys
2010-08-13 23:50 . 2008-08-06 00:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-12 16:49 . 2008-08-06 00:24 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 16:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-09 15:27 . 2010-08-09 13:55 -------- d-----w- c:\program files\Sony Ericsson
2010-08-09 14:19 . 2010-08-09 14:18 33850672 ----a-w- c:\users\Kieran\AppData\Roaming\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe
2010-08-09 13:55 . 2010-08-09 13:55 -------- d-----w- c:\programdata\Sony Ericsson
2010-08-08 20:31 . 2010-07-18 14:15 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-26 10:45 . 2010-07-26 10:45 -------- d-----w- c:\users\Kieran\AppData\Roaming\dvdcss
2010-07-26 10:45 . 2010-07-26 10:45 -------- d-----w- c:\users\Kieran\AppData\Roaming\ImTOO
2010-07-26 10:44 . 2010-07-26 10:44 -------- d-----w- c:\program files\ImTOO
2010-07-26 10:22 . 2010-07-26 10:22 -------- d-----w- c:\program files\Java
2010-07-24 23:29 . 2010-07-24 23:29 -------- d--h--r- c:\users\Kieran\AppData\Roaming\SecuROM
2010-07-24 22:59 . 2010-07-24 22:59 -------- d-----w- c:\program files\Electronic Arts
2010-07-22 07:25 . 2008-08-06 00:30 -------- d-----w- c:\programdata\Symantec
2010-07-21 19:08 . 2010-07-21 15:28 -------- d-----w- c:\users\Kieran\AppData\Roaming\FinalMediaPlayer
2010-07-21 19:07 . 2008-08-06 00:31 -------- d-----w- c:\program files\Norton Internet Security
2010-07-21 15:28 . 2010-07-21 15:28 -------- d-----w- c:\program files\FinalMediaPlayer
2010-07-21 15:27 . 2010-07-21 15:27 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-07-20 18:55 . 2010-07-20 18:55 -------- d-----w- c:\program files\BreakPoint Software
2010-07-20 18:11 . 2010-07-20 18:11 -------- d-----w- c:\program files\Noel Danjou
2010-07-20 18:09 . 2010-07-20 18:09 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-20 17:59 . 2010-07-20 16:15 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-20 07:08 . 2010-07-18 13:42 80544 ----a-w- c:\users\Kieran\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-19 21:41 . 2010-07-19 21:40 -------- d-----w- c:\programdata\Pinnacle
2010-07-19 21:41 . 2010-07-19 17:43 -------- d-----w- c:\program files\Pinnacle
2010-07-19 17:44 . 2010-07-19 17:44 29926 ----a-r- c:\users\Kieran\AppData\Roaming\Microsoft\Installer\{9870C7AE-7C6A-478D-9A75-35827382220F}\ARPPRODUCTICON.exe
2010-07-18 22:35 . 2010-07-18 22:35 -------- d-----w- c:\users\Kieran\AppData\Roaming\Datel
2010-07-18 22:35 . 2010-07-18 22:35 -------- d-----w- c:\program files\Datel
2010-07-18 22:04 . 2010-07-18 22:04 -------- d-----w- c:\users\Kieran\AppData\Roaming\GameTuts
2010-07-18 21:53 . 2010-07-18 21:53 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-18 21:53 . 2010-07-18 21:53 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-18 21:53 . 2010-07-18 21:53 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-18 21:53 . 2010-07-18 21:53 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-18 21:53 . 2010-07-18 21:53 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-18 21:53 . 2010-07-18 21:53 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-18 21:53 . 2010-07-18 21:53 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-18 21:53 . 2010-07-18 21:53 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-18 21:53 . 2010-07-18 21:53 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-18 21:53 . 2010-07-18 21:52 -------- d-----w- c:\program files\Common Files\Real
2010-07-18 21:53 . 2010-07-18 21:52 -------- d-----w- c:\program files\Real
2010-07-18 21:53 . 2010-07-18 21:53 -------- d-----w- c:\program files\Common Files\xing shared
2010-07-18 21:51 . 2010-07-18 21:51 -------- d-----w- c:\users\Kieran\AppData\Roaming\OxelonMC
2010-07-18 21:51 . 2010-07-18 21:51 -------- d-----w- c:\program files\OxelonMedia
2010-07-18 20:32 . 2010-07-18 20:32 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-07-18 20:02 . 2008-08-06 00:36 -------- d-----w- c:\program files\Microsoft.NET
2010-07-18 19:46 . 2010-07-18 19:46 -------- d-----w- c:\program files\MSXML 4.0
2010-07-18 18:44 . 2010-07-18 18:35 -------- d-----w- c:\programdata\Xfire
2010-07-18 18:42 . 2010-07-18 18:42 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-07-18 18:42 . 2010-07-18 18:42 -------- d-----w- c:\program files\EA Sports
2010-07-18 18:37 . 2010-07-18 18:36 -------- d-----w- c:\program files\GameTracker
2010-07-18 18:35 . 2010-07-18 18:35 -------- d-----w- c:\program files\XfireXO
2010-07-18 18:35 . 2010-07-18 18:35 -------- d-----w- c:\program files\Conduit
2010-07-18 18:35 . 2010-07-18 18:35 -------- d-----w- c:\program files\Xfire
2010-07-18 14:34 . 2010-07-18 14:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-07-18 14:28 . 2010-07-18 14:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-07-18 14:15 . 2010-07-18 14:11 -------- d-----w- c:\program files\Windows Live
2010-07-18 14:15 . 2010-07-18 14:15 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-07-18 14:14 . 2010-07-18 14:14 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-07-18 14:12 . 2010-07-18 14:12 -------- d-----w- c:\program files\Microsoft
2010-07-18 14:12 . 2010-07-18 14:12 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-07-18 14:07 . 2008-08-06 00:26 -------- d-----w- c:\program files\Google
2010-07-18 14:06 . 2010-07-18 14:06 -------- d-----w- c:\program files\Common Files\Windows Live
2010-07-18 14:05 . 2010-07-18 14:05 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC208.tmp.exe
2010-07-18 13:57 . 2008-08-06 00:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-18 13:57 . 2008-08-06 00:13 -------- d-----w- c:\programdata\NVIDIA
2010-07-18 13:52 . 2008-08-06 00:30 -------- d-----w- c:\program files\Symantec
2010-07-18 13:52 . 2008-08-06 00:30 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-18 13:52 . 2008-08-06 00:30 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-18 13:52 . 2008-08-06 00:30 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-18 13:43 . 2010-07-18 13:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-18 13:42 . 2010-07-18 13:42 -------- d-----w- c:\users\Kieran\AppData\Roaming\Symantec
2010-07-09 19:00 . 2010-07-09 19:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-06-26 06:05 . 2010-08-11 14:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 14:37 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 14:37 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 14:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-11 01:08 . 2010-07-18 18:35 52224 ------w- c:\users\Kieran\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
2010-06-11 01:08 . 2010-07-18 18:35 101376 ------w- c:\users\Kieran\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
2010-06-01 17:37 . 2010-07-20 18:13 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-03-31 21:47 . 2008-08-06 00:34 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2010-08-08 18:26 . 2008-08-06 00:41 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-11-28 19:31 . 2008-08-06 00:23 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:31 . 2008-08-06 00:23 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:31 . 2008-08-06 00:23 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:31 . 2008-08-06 00:23 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:31 . 2008-08-06 00:23 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-06 09:03 . 2008-08-06 08:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-06-13 18:10 2734688 ----a-w- c:\program files\XfireXO\tbXfir.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-18 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Steam"="c:\program files\steam\steam.exe" [2010-08-23 1242448]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"CarboniteSetupLite"="c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" [2008-04-07 306112]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-08 30192]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-18 202256]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-10-16 202312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Conime"="c:\windows\system32\conime.exe" [2008-01-21 69120]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-05-07 1638400]
c:\users\Kieran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 135664]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-08 30192]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100819.002\IDSvix86.sys [2010-06-23 281648]
S2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [2010-04-14 1648480]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2010-05-17 308592]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-15 102448]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2010-08-26 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-07-21 21:22]
2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 14:07]
2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 14:07]
2010-07-19 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Kieran.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 07:05]
2010-08-26 c:\windows\Tasks\Recovery DVD Creator-Kieran.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-08-06 10:13]
2010-08-26 c:\windows\Tasks\User_Feed_Synchronization-{CDD8B57C-9F49-4B3B-8078-A97F1399FBB5}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} -
hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocxFF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-USB2Check - c:\windows\system32\PCLECoInst.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-26 13:21
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1443754645-2102013441-809164651-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f5,92,89,e5,37,4f,18,58,e6,e1,e8,4a,1c,93,5f,39,94,86,c8,c7,6f,b8,e0,
51,77,b4,01,94,d0,af,f4,46,b8,53,a0,ab,73,31,25,e1,46,16,fb,53,4f,b7,e5,74,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(980)
c:\program files\Xfire\xfire_toucan_43094.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-08-26 13:26:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-26 12:26
Pre-Run: 186,687,213,568 bytes free
Post-Run: 186,796,740,608 bytes free
- - End Of File - - 5294AC608F2DCEEE435000CBAF7F7768