ComboFix 10-06-29.04 - Rick 30/06/2010 21:34:04.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1522 [GMT 1:00]
Running from: c:\documents and settings\Rick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rick\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.
2010-06-30 20:01 . 2010-06-30 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-06-29 18:23 . 2010-06-27 16:48 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-06-29 18:23 . 2010-06-27 16:48 310320 ----a-w- c:\windows\system32\drivers\SymEFA.sys
2010-06-29 18:23 . 2010-06-27 16:48 217136 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-06-29 18:23 . 2010-06-27 16:48 482432 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-06-29 18:23 . 2010-06-27 16:48 259632 ----a-w- c:\windows\system32\drivers\BHDrvx86.sys
2010-06-29 16:35 . 2010-06-29 16:35 -------- d-----w- c:\documents and settings\Rick\Application Data\Malwarebytes
2010-06-29 16:35 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-29 16:35 . 2010-06-29 18:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-29 16:35 . 2010-06-29 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-29 16:35 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-27 17:05 . 2010-06-27 17:05 -------- d-----r- c:\program files\Norton Support
2010-06-27 16:52 . 2010-06-27 16:52 -------- d-----w- c:\documents and settings\Rick\Local Settings\Application Data\Symantec
2010-06-27 16:48 . 2010-06-27 16:48 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-27 16:48 . 2010-06-27 16:48 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-27 16:48 . 2010-06-30 19:37 -------- d-----w- c:\windows\system32\drivers\N360
2010-06-27 16:48 . 2010-06-27 16:48 -------- d-----w- c:\program files\Norton 360
2010-06-27 16:48 . 2010-06-27 16:48 -------- d-----w- c:\program files\Windows Sidebar
2010-06-27 16:48 . 2010-06-27 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-27 16:46 . 2010-06-27 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-27 16:46 . 2010-06-27 16:46 -------- d-----w- c:\program files\NortonInstaller
2010-06-24 15:36 . 2010-06-29 19:10 -------- d-----w- c:\program files\Passware
2010-06-11 16:49 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 18:21 . 2007-05-31 16:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-29 13:54 . 2007-05-31 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-27 16:59 . 2007-05-31 16:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-27 16:48 . 2007-05-31 16:29 -------- d-----w- c:\program files\Symantec
2010-06-27 16:48 . 2010-06-27 16:48 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-27 16:48 . 2010-06-27 16:48 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-12 18:30 . 2007-05-31 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-07 22:42 . 2008-11-25 21:09 -------- d-----w- c:\program files\Peer2Peer-EN
2010-06-07 22:32 . 2010-03-25 13:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-26 09:49 . 2008-11-06 14:24 -------- d-----w- c:\program files\Sensormatic
2010-05-26 09:48 . 2010-05-26 09:48 572928 ----a-w- c:\windows\system32\MSVCP90.dll
2010-05-26 09:48 . 2010-05-26 09:48 3768312 ----a-w- c:\windows\system32\MFC90.dll
2010-05-26 09:48 . 2010-05-26 09:48 655872 ----a-w- c:\windows\system32\MSVCR90.dll
2010-05-26 09:48 . 2010-05-26 09:48 161784 ----a-w- c:\windows\system32\ATL90.dll
2010-05-18 09:27 . 2009-06-29 15:47 -------- d-----w- c:\program files\Tyco EPG
2010-05-18 09:27 . 2007-05-30 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-18 09:27 . 2009-06-29 15:57 -------- d-----w- c:\program files\TSP MZX
2010-05-14 21:47 . 2010-05-14 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{5cdb7ab2ddf2c878eb05018be3a9b9fe}
2010-05-14 21:47 . 2010-03-22 20:19 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-14 21:47 . 2010-03-22 20:19 286720 ------w- c:\windows\Setup1.exe
2010-05-10 19:44 . 2010-05-10 19:44 -------- d-----w- c:\program files\Rainbow Technologies
2010-05-06 20:24 . 2010-03-10 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{b7a2b78d9d3b8a87d303954278e34987}
2010-05-06 10:41 . 2007-05-30 08:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2007-05-30 08:13 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2007-05-30 08:12 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-15 11:28 . 2009-01-16 08:24 83008 ----a-w- c:\documents and settings\Rick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-03 11:34 . 2007-05-31 15:18 83008 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((
SnapShot@2010-06-29_14.44.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-30 20:27 . 2010-06-30 20:27 16384 c:\windows\temp\Perflib_Perfdata_a54.dat
+ 2007-05-30 08:13 . 2010-06-30 20:09 90176 c:\windows\system32\perfc009.dat
- 2007-05-30 08:13 . 2010-06-24 10:11 90176 c:\windows\system32\perfc009.dat
+ 2010-06-29 18:23 . 2010-06-27 16:48 48688 c:\windows\system32\drivers\N360\0308000.029\symndisv.sys
+ 2010-06-29 18:23 . 2010-06-27 16:48 36400 c:\windows\system32\drivers\N360\0308000.029\symndis.sys
+ 2010-06-29 18:23 . 2010-06-27 16:48 33072 c:\windows\system32\drivers\N360\0308000.029\symids.sys
+ 2010-06-29 18:23 . 2010-06-27 16:48 89904 c:\windows\system32\drivers\N360\0308000.029\symfw.sys
+ 2007-05-30 08:13 . 2010-06-30 20:09 491636 c:\windows\system32\perfh009.dat
- 2007-05-30 08:13 . 2010-06-24 10:11 491636 c:\windows\system32\perfh009.dat
+ 2009-08-03 15:07 . 2009-08-03 15:07 230768 c:\windows\system32\OGAEXEC.exe
+ 2009-08-03 15:07 . 2009-08-03 15:07 403816 c:\windows\system32\OGACheckControl.dll
+ 2009-08-03 15:07 . 2009-08-03 15:07 322928 c:\windows\system32\OGAAddin.dll
+ 2010-06-29 18:23 . 2010-06-27 16:48 308272 c:\windows\system32\drivers\N360\0308000.029\srtsp.sys
+ 2010-03-15 20:25 . 2010-06-29 18:29 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-03-15 20:25 . 2010-06-29 12:45 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-06-29 18:37 . 2010-06-29 18:37 119296 c:\windows\Installer\33468.msi
+ 2010-06-29 19:00 . 2010-06-29 19:00 817152 c:\windows\Installer\1b4471.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2010-06-07 22:42 2515552 ----a-w- c:\program files\Peer2Peer-EN\tbPee0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee0.dll" [2010-06-07 2515552]
[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee0.dll" [2010-06-07 2515552]
[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 16125440]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-08-07 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"TPSODDCtl"="TPSODDCtl.exe" [2007-04-18 102400]
"TPSMain"="TPSMain.exe" [2007-04-18 299008]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-09-04 90112]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2006-03-06 114688]
"TOSDCR"="TOSDCR.EXE" [2005-12-12 57344]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-09 344144]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-09 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 138008]
"TFNF5"="TFNF5.exe" [2006-04-11 622592]
"DpUtil"="c:\program files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-08-05 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"EPSON Stylus D88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" [2005-01-27 98304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Intellex Event Handler.lnk - c:\program files\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe [2009-8-8 1027072]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 16:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP]
2006-07-22 02:54 65536 ----a-w- c:\windows\system32\TosBtNP.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 15:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2006-05-05 16:36 30208 ----a-w- c:\program files\Protector Suite QL\launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Sensormatic\\NetworkClient\\Bin\\NetworkClient.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Honeywell\\ACCeSS Lite Downloader\\PortServerLite.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [27/04/2007 10:19 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [09/03/2007 15:23 6528]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [30/05/2007 16:23 5888]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [05/05/2006 18:00 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [05/05/2006 17:59 33024]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [29/06/2010 19:23 117640]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [05/05/2006 17:33 3456]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12:22 105856]
R2 Tmesrv;Tmesrv3;c:\program files\TOSHIBA\TME3\TMESRV31.exe [30/05/2007 16:23 114688]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12:15 134016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29/06/2010 04:03 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [31/05/2007 16:10 35968]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [30/05/2007 16:26 435072]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [?]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\N360\0308000.029\BHDrvx86.sys --> c:\windows\system32\Drivers\N360\0308000.029\BHDrvx86.sys [?]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\N360\0308000.029\ccHPx86.sys --> c:\windows\system32\Drivers\N360\0308000.029\ccHPx86.sys [?]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100629.001\IDSXpx86.sys [30/06/2010 21:12 331640]
S2 NtlxSrvMgr;Intellex Service Manager;c:\program files\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe [08/08/2009 05:00 178176]
S3 ldiskl;ldiskl;\??\c:\docume~1\ADT\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\ADT\LOCALS~1\Temp\ldiskl.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-06-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
2008-11-06 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-05-30 00:12]
2010-06-30 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-03-13 22:18]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.co.uk/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {1B33918E-B218-11D3-BF35-00A0CC3DBDF9} -
hxxp://mail.finnebrogue.com:81/NtlxVideoCtrl.cabDPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} -
hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exeFF - ProfilePath - c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\g97o8nep.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-30 21:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"=""c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe" /s "N360" /m "c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
- - - - - - - > 'lsass.exe'(1072)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
- - - - - - - > 'explorer.exe'(5184)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\program files\TOSHIBA\TME3\TMEEJMD.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2010-06-30 21:39:39
ComboFix-quarantined-files.txt 2010-06-30 20:39
ComboFix2.txt 2010-06-30 20:08
ComboFix3.txt 2010-06-29 18:11
ComboFix4.txt 2010-06-29 14:45
Pre-Run: 52,504,870,912 bytes free
Post-Run: 52,492,759,040 bytes free
- - End Of File - - 21EE32C20B3752B9EF077AEF0218FE08