ComboFix 09-09-18.02 - Emma 20/09/2009 18:01.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.353.1033.18.1976.1294 [GMT 1:00]
Running from: c:\users\Emma\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
Overlay aborted ... Please run ComboFix once more
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2617080559-2201856681-1757239593-500
c:\$recycle.bin\S-1-5-21-2638615674-2298482328-550683221-500
c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.dll
c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\Installer\510db.msi
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\kbiwkmrorgtavp.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
c:\windows\system32\drivers\str.sys . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_kbiwkmvoptbewr
((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.
2009-09-20 17:12 . 2009-09-20 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-20 16:31 . 2009-09-20 16:31 19456 ----a-w- c:\windows\system32\kbiwkmvwdifprw.dll
2009-09-16 19:16 . 2009-09-16 19:16 -------- d-----w- c:\users\Emma\AppData\Roaming\U3
2009-09-14 21:25 . 2009-09-14 21:25 -------- d-----w- c:\users\Emma\AppData\Local\Mozilla
2009-09-14 21:00 . 2009-09-14 21:00 -------- d-----w- c:\users\Emma\AppData\Roaming\Malwarebytes
2009-09-14 20:59 . 2009-09-14 20:59 -------- d-----w- c:\programdata\Malwarebytes
2009-09-14 18:58 . 2009-09-16 20:10 -------- d-sh--w- c:\users\Emma\AppData\Roaming\lowsec
2009-09-14 18:36 . 2009-09-14 18:36 -------- d-----w- c:\users\Emma\AppData\Roaming\Packard Bell
2009-09-14 18:35 . 2009-09-14 18:35 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-14 18:35 . 2009-09-14 18:35 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-09-14 18:32 . 2009-09-14 18:32 213024 ------w- c:\windows\system32\drivers\str.sys
2009-09-13 22:22 . 2009-09-13 22:22 -------- d-----w- c:\users\Emma\AppData\Local\Microsoft Help
2009-09-13 22:09 . 2009-09-14 18:35 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-09-13 22:09 . 2009-09-13 22:09 -------- d-----w- c:\users\Emma\AppData\Local\Downloaded Installations
2009-09-13 22:06 . 2009-08-22 08:13 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-09-13 22:06 . 2009-09-14 18:53 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-13 22:06 . 2009-09-14 18:35 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-13 22:06 . 2009-09-14 18:35 -------- d-----w- c:\program files\Symantec
2009-09-13 22:05 . 2009-09-14 18:57 -------- d-----w- c:\windows\system32\drivers\N360
2009-09-13 22:05 . 2009-09-13 22:06 -------- d-----w- c:\program files\Norton 360
2009-09-13 19:03 . 2009-09-13 19:03 -------- d-----w- c:\programdata\PCSettings
2009-09-13 11:17 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-13 11:17 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-13 11:17 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-13 11:17 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-13 11:17 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-13 11:17 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-13 11:17 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-13 11:17 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-13 11:17 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-13 11:17 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-13 11:16 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-13 11:16 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-13 11:16 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-13 11:16 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-13 11:16 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-05 19:39 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-05 19:39 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 09:55 . 2009-09-20 16:31 43 ----a-w- c:\windows\system32\kbiwkmmvedtddt.dat
2009-09-01 09:45 . 2009-09-01 09:45 24576 ----a-w- c:\windows\system32\kbiwkmoqmywimx.dll
2009-09-01 09:39 . 2009-09-20 17:09 30416 ----a-w- c:\windows\system32\kbiwkmgwqphycx.dat
2009-09-01 09:39 . 2009-09-01 09:39 45056 ----a-w- c:\windows\system32\kbiwkmwyrpfejn.dll
2009-08-31 22:49 . 2009-08-31 22:49 -------- d--h--w- c:\windows\PIF
2009-08-30 21:34 . 2009-08-30 22:58 -------- d-----w- c:\users\Emma\AppData\Roaming\Download Manager
2009-08-28 10:08 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-28 10:08 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-28 10:08 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-28 10:08 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-28 10:08 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-28 10:08 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-28 10:08 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-28 10:08 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-27 18:14 . 2009-08-27 18:14 -------- d-----w- c:\program files\Sony
2009-08-27 10:51 . 2009-08-27 10:51 -------- d-----w- c:\users\Emma\{b44dc719-6467-4066-b641-4b5067635302}
2009-08-27 10:43 . 2009-08-27 18:20 -------- d-----w- c:\users\Emma\AppData\Roaming\Teleca
2009-08-27 10:39 . 2009-08-27 10:39 -------- d-----w- c:\users\Emma\AppData\Local\Sony Ericsson
2009-08-27 10:39 . 2009-08-27 10:39 -------- d-----w- c:\users\Emma\AppData\Roaming\Sony Ericsson
2009-08-27 10:39 . 2009-08-27 10:39 -------- d-----w- c:\program files\Common Files\Sony Ericsson Shared
2009-08-27 10:39 . 2009-08-27 10:39 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-08-27 10:39 . 2009-08-27 10:39 -------- d-----w- c:\program files\Sony Ericsson
2009-08-27 10:38 . 2009-08-27 10:38 -------- d-----w- c:\windows\Downloaded Installations
2009-08-27 10:37 . 2009-08-27 10:39 -------- d-----w- c:\programdata\Teleca
2009-08-27 10:37 . 2009-08-27 10:39 -------- d-----w- c:\programdata\Sony Ericsson
2009-08-26 16:32 . 2009-09-05 21:53 -------- d-----w- c:\users\Emma\AppData\Roaming\BitTorrent
2009-08-26 16:32 . 2009-08-26 16:32 -------- d-----w- c:\program files\BitTorrent
2009-08-26 11:47 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-25 17:58 . 2009-08-25 17:58 -------- d-----w- c:\users\Emma\AppData\Roaming\Apple Computer
2009-08-25 17:58 . 2009-09-14 18:35 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-25 17:57 . 2009-08-25 17:57 -------- d-----w- c:\program files\iPod
2009-08-25 17:57 . 2009-08-25 17:58 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-25 17:57 . 2009-08-25 17:58 -------- d-----w- c:\program files\iTunes
2009-08-25 17:56 . 2009-08-25 17:56 -------- d-----w- c:\program files\Bonjour
2009-08-25 17:55 . 2009-08-25 17:56 -------- d-----w- c:\program files\QuickTime
2009-08-25 17:55 . 2009-08-25 17:57 -------- d-----w- c:\programdata\Apple Computer
2009-08-25 17:53 . 2009-08-25 17:53 -------- d-----w- c:\program files\Apple Software Update
2009-08-25 17:51 . 2009-08-25 17:57 -------- d-----w- c:\program files\Common Files\Apple
2009-08-25 15:09 . 2009-08-25 15:09 -------- d-----w- c:\program files\Selectsoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-14 18:35 . 2009-09-13 22:06 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-14 18:35 . 2009-09-13 22:06 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-13 22:34 . 2009-06-18 17:17 81448 ----a-w- c:\users\Emma\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-13 22:27 . 2009-01-08 01:45 -------- d-----w- c:\programdata\Microsoft Help
2009-09-13 22:25 . 2009-01-08 01:46 -------- d-----w- c:\program files\Microsoft Works
2009-09-13 22:05 . 2009-01-08 02:06 -------- d-----w- c:\programdata\Symantec
2009-09-13 22:05 . 2009-01-08 02:05 -------- d-----w- c:\programdata\Norton
2009-09-13 22:05 . 2009-01-08 02:05 -------- d-----w- c:\programdata\NortonInstaller
2009-09-13 17:42 . 2009-01-08 01:52 -------- d-----w- c:\program files\Google
2009-09-13 17:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-01 12:20 . 2009-01-08 01:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 21:52 . 2009-09-13 18:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-09-13 18:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-09-13 18:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-09-13 18:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-13 13:26 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-13 13:26 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-13 13:26 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-13 13:26 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-13 13:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-04 6265376]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-6-18 303104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B194D668-B82E-46FE-A633-66CD6C871CDB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4D6CC398-86ED-442C-BA20-A2A26141EF22}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B464D77C-06EF-4329-A3EF-CEE92CAC6D27}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{5AB6F84E-125C-4C45-BFDC-EDDB1173F1EC}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{522A52C3-49DC-4AE8-AD9A-3EC81AB3FC19}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{D0F49DE2-6304-47CA-8EA1-8B029E77DF21}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CB8DF36A-A263-47C9-8454-9F27191FAC6F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D560C313-68AF-47C0-B54E-3976A4F9444C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A94F05C6-956C-480A-A317-FF6DC33B4B15}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{7F5EA8D8-21B9-4C32-BE98-F73CDDDF2070}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{3621434C-A664-4920-A9FB-F848A7FACE0E}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [14/09/2009 19:35 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [14/09/2009 19:35 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [14/09/2009 19:35 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090911.003\IDSvix86.sys [11/07/2009 20:34 293424]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:23 21504]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [14/09/2009 19:35 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/09/2009 09:00 102448]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [08/01/2009 09:17 288768]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [14/09/2009 19:35 48688]
S2 AdobeActiveFileMonitor6.0AeLookupSvc;Adobe Active File Monitor V6 AdobeActiveFileMonitor6.0AeLookupSvc;c:\windows\TEMP\onsdmdxeec.exe service --> c:\windows\TEMP\onsdmdxeec.exe service [?]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [08/01/2009 09:17 3658752]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\System32\drivers\s816bus.sys [19/06/2007 07:51 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\System32\drivers\s816mdfl.sys [19/06/2007 07:51 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\System32\drivers\s816mdm.sys [19/06/2007 07:51 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s816mgmt.sys [19/06/2007 07:51 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\System32\drivers\s816nd5.sys [19/06/2007 07:51 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\System32\drivers\s816obex.sys [19/06/2007 07:51 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\System32\drivers\s816unic.sys [19/06/2007 07:51 97704]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/mStart Page =
hxxp://homepage.packardbell.com/rdr.asp ... ynote_mh36uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-NIS2009 - c:\program files\Norton Internet Security\Engine\16.0.0.125\RunCmd.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-20 18:15
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\drivers\ztaolccz.sys 75648 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bfecobbqio]
"ImagePath"="\??\c:\windows\system32\drivers\ztaolccz.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbiwkmvoptbewr]
"imagepath"="\systemroot\system32\drivers\kbiwkmrorgtavp.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbiwkmvoptbewr]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\kbiwkmrorgtavp.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(8024)
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
SystemRoot\System32\smss.exe [432]
c:\windows\system32\csrss.exe [568]
c:\windows\system32\wininit.exe [612]
c:\windows\system32\csrss.exe [624]
c:\windows\system32\services.exe [656]
c:\windows\system32\lsass.exe [668]
c:\windows\system32\lsm.exe [676]
c:\windows\system32\winlogon.exe [832]
c:\windows\system32\svchost.exe [864]
c:\windows\system32\svchost.exe [924]
c:\windows\System32\svchost.exe [1064]
c:\windows\System32\svchost.exe [1092]
c:\windows\system32\svchost.exe [1104]
c:\windows\system32\svchost.exe [1200]
c:\windows\system32\SLsvc.exe [1216]
c:\windows\system32\svchost.exe [1264]
c:\windows\system32\svchost.exe [1444]
c:\windows\System32\spoolsv.exe [1684]
c:\windows\system32\svchost.exe [1708]
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [1892]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1944]
c:\program files\Bonjour\mDNSResponder.exe [1972]
c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [2008]
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe [12]
c:\windows\system32\IoctlSvc.exe [908]
c:\windows\system32\svchost.exe [1040]
c:\windows\system32\svchost.exe [1356]
c:\windows\System32\svchost.exe [1240]
c:\windows\system32\SearchIndexer.exe [1768]
c:\windows\system32\WUDFHost.exe [2232]
c:\windows\system32\DllHost.exe [2836]
c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [3016]
c:\windows\system32\Dwm.exe [3060]
c:\windows\system32\taskeng.exe [3080]
c:\windows\system32\CF10361.exe [3916]
c:\windows\RtHDVCpl.exe [4084]
c:\program files\Synaptics\SynTP\SynTPEnh.exe [2984]
c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [2664]
c:\windows\System32\igfxtray.exe [3072]
c:\windows\System32\hkcmd.exe [2660]
c:\windows\System32\igfxpers.exe [2200]
c:\program files\QuickTime\QTTask.exe [3360]
c:\program files\iTunes\iTunesHelper.exe [3700]
c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [3788]
c:\windows\system32\igfxsrvc.exe [1644]
c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe [3956]
c:\program files\Windows Live\Messenger\msnmsgr.exe [2704]
c:\program files\Windows Media Player\wmpnscfg.exe [2368]
c:\program files\FinePixViewer\QuickDCF2.exe [2076]
c:\program files\Windows Media Player\wmpnetwk.exe [4732]
c:\program files\iPod\bin\iPodService.exe [5060]
c:\program files\Common Files\Teleca Shared\Generic.exe [5280]
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe [5604]
c:\windows\system32\wbem\wmiprvse.exe [972]
c:\?\c:\windows\system32\wbem\WMIADAP.EXE [3980]
c:\windows\system32\wbem\wmiprvse.exe [4548]
c:\windows\Explorer.exe [8024]
c:\windows\system32\wuauclt.exe [6544]
c:\windows\servicing\TrustedInstaller.exe [6672]
c:\program files\NORTON 360\ENGINE\3.5.2.11\cltLMH.exe [6424]
c:\combofix\catchme.cfxxe [4652]
.
**************************************************************************
.
Completion time: 2009-09-20 18:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-20 17:20
Pre-Run: 193,786,531,840 bytes free
Post-Run: 193,752,977,408 bytes free
320 --- E O F --- 2009-09-14 18:54
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:32, on 20/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Users\Emma\Desktop\HijackThis.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.packardbell.com/rdr.asp ... ynote_mh36R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) -
http://www.bebo.com/files/BeboUploader.5.1.4.cabO16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -
http://dlm.tools.akamai.com/dlmanager/v ... .2.5.1.cabO18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V6 AdobeActiveFileMonitor6.0AeLookupSvc (AdobeActiveFileMonitor6.0AeLookupSvc) - Unknown owner - C:\Windows\TEMP\onsdmdxeec.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
--
End of file - 6343 bytes