BTW... It seems ComboFix did remove the Total Security program and removed the _ex-08.exe file along with some others.
ComboFix 09-08-23.01 - User 08/24/2009 13:14.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2298 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1549278963-4246766854-146891998-1000
c:\documents and settings\All Users\Application Data\11320314
c:\documents and settings\All Users\Application Data\11320314\11320314
c:\documents and settings\All Users\Application Data\11320314\11320314.exe
c:\documents and settings\All Users\Application Data\11320314\pc11320314ins
c:\windows\Installer\1c75f80.msp
.
((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.
2009-08-24 16:02 . 2009-08-24 16:02 -------- d-----r- c:\program files\Norton Support
2009-08-24 15:21 . 2009-07-26 15:55 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090824.002\NAVENG32.DLL
2009-08-24 15:21 . 2009-07-26 15:55 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090824.002\NAVEX32A.DLL
2009-08-24 15:21 . 2009-07-26 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090824.002\NAVENG.SYS
2009-08-24 15:21 . 2009-07-26 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090824.002\NAVEX15.SYS
2009-08-24 15:21 . 2009-07-26 15:55 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090824.002\EECTRL.SYS
2009-08-24 15:21 . 2009-07-26 15:55 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090824.002\ERASER.SYS
2009-08-24 15:21 . 2009-07-26 15:55 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090824.002\ECMSVR32.DLL
2009-08-24 15:21 . 2009-07-26 15:55 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090824.002\CCERASER.DLL
2009-08-12 22:40 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys
2009-08-12 22:40 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys
2009-08-12 22:40 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll
2009-08-12 22:40 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll
2009-08-12 22:40 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys
2009-08-12 11:06 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-30 22:04 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys
2009-07-30 22:04 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys
2009-07-30 22:04 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll
2009-07-30 22:04 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll
2009-07-30 22:04 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys
2009-07-26 15:56 . 2009-07-26 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-26 15:56 . 2009-07-26 15:55 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-07-26 15:55 . 2009-08-24 16:03 -------- d-----w- c:\program files\Symantec
2009-07-26 15:55 . 2009-07-26 15:55 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-26 15:55 . 2009-07-26 15:55 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-26 15:55 . 2009-07-26 15:55 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-07-26 15:55 . 2009-07-26 15:55 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-07-26 15:55 . 2009-07-26 15:55 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-07-26 15:55 . 2009-07-26 15:55 -------- d-----w- c:\windows\system32\drivers\N360
2009-07-26 15:55 . 2009-07-26 15:55 -------- d-----w- c:\program files\Norton 360
2009-07-26 15:55 . 2009-07-26 15:55 -------- d-----w- c:\program files\Windows Sidebar
2009-07-26 15:55 . 2009-07-26 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-26 15:54 . 2009-07-26 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-26 15:54 . 2009-07-26 15:54 -------- d-----w- c:\program files\NortonInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 23:09 . 2007-08-25 01:30 189184 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-21 20:18 . 2007-08-25 01:30 138064 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 18:39 . 2009-04-18 23:30 -------- d-----w- c:\program files\Steam
2009-07-26 16:04 . 2007-08-26 20:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-26 15:55 . 2009-07-26 15:55 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-26 15:55 . 2009-07-26 15:55 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-26 15:50 . 2008-07-21 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-24 21:29 . 2007-08-27 17:46 -------- d-----w- c:\documents and settings\User\Application Data\IGN_DLM
2009-07-24 21:17 . 2007-11-02 19:09 22328 ----a-w- c:\documents and settings\User\Application Data\PnkBstrK.sys
2009-07-24 21:17 . 2007-11-02 19:09 22328 ----a-w- c:\documents and settings\User\Application Data\PnkBstrK.sys
2009-07-24 21:16 . 2007-12-09 00:58 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-24 21:05 . 2007-08-26 20:51 -------- d-----w- c:\program files\Activision
2009-07-18 17:09 . 2009-07-18 17:09 80384 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{CC4C261A-B915-4F23-BD23-7E1AE5713B4E}\Icon6FDEE4821.exe
2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 15:22 . 2007-08-18 21:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-03 17:09 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 23:50 . 2008-08-03 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-06-26 23:46 . 2008-07-26 17:24 -------- d-----w- c:\program files\Verizon
2009-06-26 23:45 . 2008-08-03 01:19 -------- d-----w- c:\program files\Common Files\Motive
2009-06-25 08:25 . 2006-02-28 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-02-28 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2006-02-28 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2006-02-28 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2006-02-28 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2006-02-28 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2006-02-28 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2006-02-28 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2007-08-18 21:27 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2006-02-28 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 15:50 . 2009-07-13 22:30 77312 ----a-w- c:\windows\DEVCON.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-29 1626112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-6-5 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-7 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys --> c:\windows\system32\drivers\pxsec.sys [?]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SymEFA.sys [7/26/2009 11:55 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [7/26/2009 11:55 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\cchpx86.sys [7/26/2009 11:55 AM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [8/12/2009 6:40 PM 276344]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [7/26/2009 11:55 AM 115560]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [8/18/2007 5:44 PM 35840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/26/2009 11:58 AM 101936]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - CSISCANNER
*NewlyCreated* - PXSCAN
*NewlyCreated* - PXSEC
*Deregistered* - CSIScanner
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
2009-08-16 c:\windows\Tasks\Crysis Wars® Updates.job
- c:\windows\Installer\Crysis Wars® Updates for All Users.lnk [2008-12-31 17:30]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-11320314 - c:\documents and settings\All Users\Application Data\11320314\11320314.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://verizon.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: vzTCPConfig - hxxp://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 13:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1757981266-1580818891-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7c,b1,a1,1d,35,36,df,9f,05,d5,98,15,01,fe,32,d1,26,23,d7,24,2c,31,dd,
c1,d5,98,78,8c,c8,2e,33,ce,de,40,d4,31,05,6d,ac,d1,03,70,03,2e,53,f0,6f,50,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
[HKEY_USERS\S-1-5-21-1757981266-1580818891-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:5b,2f,93,04,ea,9b,4e,d1,d7,2a,82,13,7c,76,9f,d1,14,9b,a6,a6,36,
f6,a2,10,cd,0f,36,42,d0,27,8b,40,07,0e,d4,40,a8,e3,e6,cb,90,09,93,99,ea,ac,\
"rkeysecu"=hex:05,be,bc,38,8f,97,0e,ea,bd,79,58,74,23,81,d6,75
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_044f&Pid_b101\6&101aea0&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(992)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2009-08-24 13:22
ComboFix-quarantined-files.txt 2009-08-24 17:22
Pre-Run: 298,004,852,736 bytes free
Post-Run: 303,040,667,648 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
245 --- E O F --- 2009-08-13 15:23