help pls

[ohnonotagain]

   Capability to block access to several security-related Web sites by modifying the hosts file.
 
    View detected locations

•   

    A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
 
    View detected locations

•   

    MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).
 
    View detected locations

•   

    Capability to delete the network shares C$, ADMIN$, IPC$, etc. A network-aware worm may secure shares in order to protect itself.
 
    View detected locations

•   

•   Summary of the detected memory objects:
Severity Level   Memory Object
    Process "svchost.exe", heap page: [0x029f0000 - 0x02a30000]
 
    View detected characteristics

•   

    Process "svchost.exe", heap page: [0x02ab0000 - 0x02af0000]
•   

    Process "svchost.exe", heap page: [0x02af0000 - 0x02b30000]
 
    View detected characteristics


identified by threat expert. all other scanners missed it. kept getting lost internet connection and dns errors when visiting certain websites. how do i repair this file plse thanks.

[harry 48]

go to below and complete , post 3 logs , a malware expert will help you

http://www.computerhope.com/forum/index.php/topic,46313.0.html

[ohnonotagain]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/28/2010 at 06:33 PM

Application Version : 4.46.1000

Core Rules Database Version : 5921
Trace Rules Database Version: 3733

Scan type       : Complete Scan
Total Scan Time : 01:57:21

Memory items scanned      : 742
Memory threats detected   : 0
Registry items scanned    : 9290
Registry threats detected : 0
File items scanned        : 142118
File threats detected     : 0




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5207

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

28/11/2010 18:43:02
mbam-log-2010-11-28 (18-43-02).txt

Scan type: Quick scan
Objects scanned: 149349
Time elapsed: 6 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:54:36, on 28/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.6.11\ccSvcHst.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Real-time Defender Professional\RuleEditor.exe
C:\Program Files\WinMHR\WinMHR.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Real-time Defender Professional\Alarm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\MICROS~2\wkcalrem.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PS_Alarm] C:\Program Files\Real-time Defender Professional\Alarm.exe
O4 - HKLM\..\Run: [PS_RuleEditor] C:\Program Files\Real-time Defender Professional\RuleEditor.exe
O4 - HKLM\..\Run: [Winsonar] C:\Users\nunakin\AppData\Local\Winsonar\winsonar.exe
O4 - HKCU\..\Run: [WinMHR] C:\Program Files\WinMHR\WinMHR.exe /minimize
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.6.11\SymcPCCULaunchSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.6.11\ccSvcHst.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8181 bytes


using vista 32bit home basic. computer is a amd athlon dual core ql 64 based laptop nvidia geoforce 8200m g   3gb ram   thanks

[ohnonotagain]

just one other thing. i have another kind of last line of defence program called trusteer rapport. it has reported the following in last week -

attempt to alter function Ldrloaddll blocked (quite a few times)

also 16 password keyword protection events (anti keylogging) activations

1 blocked cookie access event  - rapport prevents the capturing of trusteer rapport cookie SESS37802e1C51708b11897d0B1f9ba86017

6 blocked screen capture events-programs are SystemExplorer.exe, Bubbles.scr, a2start.exe, dwm.exe, iexplorer.exe, Bubbles.scr

thanks in advance

[ohnonotagain]

sorry very last thing. norton reported recently it blocked an intrusion attempt from something like a phoenix kit or something. did scan and found trojan which was removed but that might not have anything to do with this!! dear dear. what is the net coming too dont go on any dodgy sites really dont...nothing safe is it..

[harry 48]

quote; what is the net coming too dont go on any dodgy sites really dont...nothing safe is it.. true very true

read and download this http://www.mywot.com/en/download/ff  lets you know good sites

sit back and wait for an expert , i cannot help with malware

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**********************************************
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[ohnonotagain]

Ok here r some logs u asked for. Had some difficulty downloading combifix firefox and computer froze but when restarted it was on download list. There was no option to save it anywhere so just renamed it and dragged to desktop where I ran it. I ran the first session in safe mode and  the second in normal mode. I had  a few access denied msgs in the first report but none in the second. The dns msg at end of each report is different. The other log from screen 317 detected some security programs on the computer but I dont think it detected all there is, some arent actively running. When suspected infection downloaded lots of stuff!! Most I don't really understand to be honest (whats a pdd scanner application ??). I am dissapointed that a particular type of infection can be on a computer and nothing detect it apart from a small last line of defence program and a one off scan from a relatively obscure program (rapport and threat expert) so am seriously considering linux as had it with this all really. Not long ago reinstalled vista after another serious infection with other security programs that missed it a first. Anyway just one more thing to mention. I have a firefox add on or plug in called bit defender quick scan that (obviously) comes up with nothing. However I havent had dns errors recently but if i try and go to bitdefender website through google search results it takes ages to load and eventually have to stop trying. I am not cut off however. If i try and type the url directly into the address bar i can access the site no problem. I hardly ever use iexplorer mainly firefox. Hope above info helps will stop going on and here are the logs thanks for ur time. p.s (if i have done something wrong can scan again or whatever)

combifix safe mode first scan

ComboFix 10-11-29.03 - nunakin 30/11/2010   0:44.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.44.1033.18.2814.2302 [GMT 0:00]
Running from: c:\users\nunakin\Downloads\commy.exe.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((   Files Created from 2010-10-28 to 2010-11-30  )))))))))))))))))))))))))))))))
.

2010-11-30 00:50 . 2010-11-30 00:50   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-11-30 00:38 . 2010-11-30 00:44   --------   d-----w-   C:\ComboFix
2010-11-29 21:19 . 2010-11-29 21:19   --------   d-----w-   C:\rsit
2010-11-28 18:51 . 2010-11-29 21:19   --------   d-----w-   c:\program files\Trend Micro
2010-11-28 16:28 . 2010-11-28 16:28   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-11-28 16:27 . 2010-11-28 16:28   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-11-28 09:42 . 2010-11-28 09:43   --------   d-----r-   c:\program files\Norton Support
2010-11-27 21:39 . 1998-06-23 23:00   67376   ----a-w-   c:\windows\system32\sysinfo.ocx
2010-11-27 21:36 . 2010-11-29 21:38   --------   d-----w-   c:\program files\ThreatExpert Memory Scanner
2010-11-27 17:21 . 2010-11-27 17:21   --------   d-----w-   c:\program files\VirusTotalUploader2
2010-11-26 22:53 . 2010-11-10 04:33   6273872   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{A99BF900-49C5-479C-95D1-8831FDF40EE2}\mpengine.dll
2010-11-26 22:35 . 2010-11-27 17:57   --------   d-----w-   c:\programdata\SystemExplorer
2010-11-26 22:35 . 2010-11-27 17:55   --------   d-----w-   c:\program files\System Explorer
2010-11-26 21:18 . 2010-11-27 16:24   --------   dc-h--w-   c:\programdata\~0
2010-11-26 20:32 . 2010-11-26 20:37   --------   d-----w-   c:\program files\iKnowPS
2010-11-26 20:12 . 2010-11-26 22:40   --------   d-----w-   c:\program files\Uniblue
2010-11-25 21:01 . 2010-11-25 21:02   --------   d-----w-   c:\program files\CCleaner
2010-11-25 20:53 . 2010-11-25 20:53   --------   d-----w-   c:\programdata\PC Tools
2010-11-24 15:17 . 2010-10-19 04:27   7680   ----a-w-   c:\program files\Internet Explorer\iecompat.dll
2010-11-20 20:01 . 2010-11-20 20:01   --------   d-----w-   c:\program files\VideoLAN
2010-11-19 16:23 . 2009-03-09 15:27   4178264   ----a-w-   c:\windows\system32\D3DX9_41.dll
2010-11-19 13:28 . 2010-11-19 13:28   --------   d-----w-   c:\programdata\CCP
2010-11-19 13:28 . 2010-11-19 13:28   --------   d-----w-   c:\program files\CCP
2010-11-18 21:05 . 2010-11-18 21:05   --------   d-----w-   c:\windows\system32\drivers\NortonPCCheckup
2010-11-18 21:05 . 2010-11-18 21:05   --------   d-----w-   c:\program files\Norton PC Checkup
2010-11-18 18:19 . 2010-11-18 18:19   --------   d-----w-   c:\programdata\ReviverSoft
2010-11-18 17:53 . 2010-11-18 17:53   --------   d-----w-   c:\program files\iPod
2010-11-18 17:53 . 2010-11-18 17:54   --------   d-----w-   c:\program files\iTunes
2010-11-18 17:47 . 2010-11-22 22:58   --------   d-----w-   c:\programdata\Soluto
2010-11-17 21:02 . 2010-11-30 00:05   --------   d-----w-   c:\program files\WinMHR
2010-11-17 20:41 . 2010-04-29 15:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-17 20:41 . 2010-11-17 20:41   --------   d-----w-   c:\programdata\Malwarebytes
2010-11-17 20:41 . 2010-11-17 20:41   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-11-17 20:41 . 2010-04-29 15:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-11-17 20:35 . 2010-11-17 20:35   --------   d-----w-   c:\programdata\WEBREG
2010-11-16 22:55 . 2008-10-24 11:48   321536   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll
2010-11-16 20:07 . 2010-11-24 18:20   --------   d-----w-   c:\program files\Emsisoft Anti-Malware
2010-11-16 10:54 . 2010-11-16 10:54   --------   d-----w-   c:\programdata\HP Product Assistant
2010-11-10 20:52 . 2010-08-12 11:46   758784   ----a-w-   c:\windows\system32\cohelper.dll
2010-11-10 17:29 . 2009-05-18 13:17   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-10 17:29 . 2008-04-17 12:12   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2010-11-10 17:29 . 2010-11-26 22:45   --------   dc----w-   c:\windows\system32\DRVSTORE
2010-11-10 17:28 . 2010-11-10 17:29   --------   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-10 17:24 . 2010-11-10 17:24   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-11-10 17:24 . 2010-11-10 17:24   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-11-10 17:24 . 2010-11-10 17:24   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-11-10 17:24 . 2010-11-10 17:24   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-11-10 17:24 . 2010-11-10 17:24   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-11-10 17:24 . 2010-11-10 17:24   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-11-10 17:24 . 2010-11-10 17:24   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-11-10 17:23 . 2010-11-10 17:24   --------   d-----w-   c:\program files\QuickTime
2010-11-10 17:23 . 2010-11-18 17:53   --------   d-----w-   c:\programdata\Apple Computer
2010-11-10 17:22 . 2010-11-10 17:22   --------   d-----w-   c:\program files\Apple Software Update
2010-11-10 17:18 . 2010-11-18 17:53   --------   d-----w-   c:\program files\Common Files\Apple
2010-11-10 17:18 . 2010-11-10 17:18   --------   d-----w-   c:\programdata\Apple
2010-11-10 10:42 . 2010-10-07 11:37   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2010-11-09 19:34 . 2009-10-09 21:56   2048   ----a-w-   c:\windows\system32\winrsmgr.dll
2010-11-09 19:34 . 2009-10-09 21:56   12800   ----a-w-   c:\windows\system32\wsmprovhost.exe
2010-11-09 19:34 . 2009-10-09 21:56   20480   ----a-w-   c:\windows\system32\winrshost.exe
2010-11-09 19:34 . 2009-10-09 21:56   40448   ----a-w-   c:\windows\system32\winrs.exe
2010-11-09 19:29 . 2010-11-09 19:29   --------   d-----w-   c:\users\Default\AppData\Local\Microsoft Help
2010-11-09 19:23 . 2010-11-09 19:23   --------   d-----w-   c:\program files\Common Files\Adobe
2010-11-09 18:28 . 2010-11-09 18:28   --------   d-----w-   c:\program files\Windows Portable Devices
2010-11-09 18:21 . 2010-09-07 20:09   26216   ----a-w-   c:\windows\system32\nvhdap32.dll
2010-11-09 18:21 . 2010-09-07 20:09   65640   ----a-w-   c:\windows\system32\nvapo32v.dll
2010-11-09 18:21 . 2010-09-07 20:08   123496   ----a-w-   c:\windows\system32\drivers\nvhda32v.sys
2010-11-09 18:21 . 2010-09-07 20:08   813672   ----a-w-   c:\windows\system32\nvgenco32.dll
2010-11-09 17:29 . 2009-09-10 02:00   92672   ----a-w-   c:\windows\system32\UIAnimation.dll
2010-11-09 17:29 . 2009-09-10 02:00   1164800   ----a-w-   c:\windows\system32\UIRibbonRes.dll
2010-11-09 17:29 . 2009-09-10 02:01   3023360   ----a-w-   c:\windows\system32\UIRibbon.dll
2010-11-09 17:28 . 2009-09-25 01:33   369664   ----a-w-   c:\windows\system32\WMPhoto.dll
2010-11-09 17:28 . 2009-09-24 22:54   258048   ----a-w-   c:\windows\system32\winspool.drv
2010-11-09 17:28 . 2009-09-25 01:27   634880   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2010-11-09 17:28 . 2009-09-25 01:27   37888   ----a-w-   c:\windows\system32\cdd.dll
2010-11-09 17:26 . 2009-10-01 01:02   30208   ----a-w-   c:\windows\system32\WPDShextAutoplay.exe
2010-11-09 17:26 . 2009-10-01 01:02   31232   ----a-w-   c:\windows\system32\BthMtpContextHandler.dll
2010-11-09 17:26 . 2009-10-01 01:01   81920   ----a-w-   c:\windows\system32\wpdbusenum.dll
2010-11-09 17:26 . 2009-10-01 01:01   60928   ----a-w-   c:\windows\system32\PortableDeviceConnectApi.dll
2010-11-09 17:26 . 2009-10-01 01:02   2537472   ----a-w-   c:\windows\system32\wpdshext.dll
2010-11-09 17:26 . 2009-10-01 01:02   334848   ----a-w-   c:\windows\system32\PortableDeviceApi.dll
2010-11-09 17:26 . 2009-10-01 01:02   87552   ----a-w-   c:\windows\system32\WPDShServiceObj.dll
2010-11-09 17:26 . 2009-10-01 01:01   546816   ----a-w-   c:\windows\system32\wpd_ci.dll
2010-11-09 17:26 . 2009-10-01 01:01   160256   ----a-w-   c:\windows\system32\PortableDeviceTypes.dll
2010-11-09 17:26 . 2009-10-01 01:01   350208   ----a-w-   c:\windows\system32\WPDSp.dll
2010-11-09 17:26 . 2009-10-01 01:01   196608   ----a-w-   c:\windows\system32\PortableDeviceWMDRM.dll
2010-11-09 17:26 . 2009-10-01 01:01   100864   ----a-w-   c:\windows\system32\PortableDeviceClassExtension.dll
2010-11-09 17:26 . 2009-10-01 01:01   227840   ----a-w-   c:\windows\system32\drivers\UMDF\WpdFs.dll
2010-11-09 17:25 . 2009-10-08 21:07   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
2010-11-09 17:25 . 2009-10-08 21:08   234496   ----a-w-   c:\windows\system32\oleacc.dll
2010-11-09 17:25 . 2009-10-08 21:08   555520   ----a-w-   c:\windows\system32\UIAutomationCore.dll
2010-11-09 00:06 . 2010-11-09 00:06   --------   d-----w-   c:\windows\system32\ca-ES
2010-11-09 00:06 . 2010-11-09 00:06   --------   d-----w-   c:\windows\system32\eu-ES
2010-11-09 00:06 . 2010-11-09 00:06   --------   d-----w-   c:\windows\system32\vi-VN
2010-11-08 23:34 . 2008-10-24 02:35   271704   ----a-w-   c:\windows\system32\hpzids01.dll
2010-11-08 23:34 . 2008-10-24 11:48   118272   ----a-w-   c:\windows\system32\hpz3l696.dll
2010-11-08 23:34 . 2008-10-24 02:34   372736   ----a-w-   c:\windows\system32\hppldcoi.dll
2010-11-08 23:34 . 2008-10-24 02:34   309760   ----a-w-   c:\windows\system32\difxapi.dll
2010-11-08 23:34 . 2008-10-24 02:34   737280   ----a-w-   c:\windows\system32\hposwia_p01a.dll
2010-11-08 23:34 . 2008-10-24 02:34   974848   ----a-w-   c:\windows\system32\hpost_p01a.dll
2010-11-08 23:34 . 2008-10-24 02:34   307200   ----a-w-   c:\windows\system32\hposc_p01a.dll
2010-11-08 23:33 . 2010-11-08 23:33   --------   d-----w-   c:\program files\Common Files\HP
2010-11-08 23:33 . 2010-11-08 23:33   --------   d-----w-   c:\program files\Common Files\Hewlett-Packard
2010-11-08 23:27 . 2010-11-08 23:27   --------   d-----w-   c:\windows\system32\EventProviders
2010-11-08 23:25 . 2010-11-17 19:46   --------   d-----w-   c:\programdata\HP
2010-11-08 23:24 . 2010-11-08 23:24   --------   d-----w-   c:\programdata\Office Genuine Advantage
2010-11-08 22:59 . 2010-11-08 22:59   --------   d-----w-   c:\programdata\Symantec
2010-11-08 22:07 . 2009-04-11 05:03   12240896   ----a-w-   c:\windows\system32\NlsLexicons0007.dll
2010-11-08 22:05 . 2009-04-11 06:28   978432   ----a-w-   c:\windows\system32\drmv2clt.dll
2010-11-08 22:04 . 2009-04-11 06:28   2012160   ----a-w-   c:\windows\system32\milcore.dll
2010-11-08 22:03 . 2009-04-11 06:28   67584   ----a-w-   c:\windows\system32\slwmi.dll
2010-11-08 22:02 . 2009-04-11 06:28   311808   ----a-w-   c:\windows\system32\swprv.dll
2010-11-08 22:01 . 2009-04-11 06:32   149480   ----a-w-   c:\windows\system32\drivers\pci.sys
2010-11-08 22:00 . 2009-04-11 06:28   223232   ----a-w-   c:\windows\system32\mswsock.dll
2010-11-08 21:59 . 2009-04-11 06:28   140800   ----a-w-   c:\windows\system32\wusa.exe
2010-11-08 21:58 . 2009-04-11 06:28   306176   ----a-w-   c:\windows\system32\scesrv.dll
2010-11-08 21:57 . 2010-11-08 21:57   --------   d-----w-   c:\program files\Trusteer
2010-11-08 21:57 . 2009-04-11 04:45   72192   ----a-w-   c:\windows\system32\drivers\tdx.sys
2010-11-08 21:55 . 2009-04-11 06:28   178176   ----a-w-   c:\windows\system32\credui.dll
2010-11-08 21:54 . 2009-04-11 04:42   52992   ----a-w-   c:\windows\system32\drivers\stream.sys
2010-11-08 21:54 . 2009-04-11 04:46   33280   ----a-w-   c:\windows\system32\drivers\RNDISMP.sys
2010-11-08 21:54 . 2009-04-11 05:42   93696   ----a-w-   c:\windows\system32\drivers\bridge.sys
2010-11-08 21:54 . 2009-04-11 04:42   19456   ----a-w-   c:\windows\system32\drivers\usbohci.sys
2010-11-08 21:54 . 2009-04-11 04:46   15872   ----a-w-   c:\windows\system32\drivers\usb8023.sys
2010-11-08 21:54 . 2009-04-11 04:46   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys
2010-11-08 21:54 . 2009-04-11 06:22   7168   ----a-w-   c:\windows\system32\f3ahvoas.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 01:33 . 2008-10-29 04:50   1053232   ----a-w-   c:\windows\system32\MFC71u.dll
2010-11-08 01:33 . 2008-08-06 22:29   353840   ----a-w-   c:\windows\system32\msvcr71.dll
2010-11-08 01:33 . 2008-08-06 22:27   505392   ----a-w-   c:\windows\system32\msvcp71.dll
2010-11-08 01:33 . 2008-10-29 04:50   1066544   ----a-w-   c:\windows\system32\MFC71.dll
2010-11-08 01:32 . 2008-10-29 05:03   588472   ----a-w-   c:\windows\system32\ezsvc7x.dll
2010-10-16 18:55 . 2010-11-08 21:44   10920   ----a-w-   c:\windows\system32\drivers\nvBridge.kmd
2010-10-16 18:55 . 2009-07-23 21:01   1719912   ----a-w-   c:\windows\system32\nvapi.dll
2010-10-16 18:55 . 2009-07-23 21:01   10023528   ----a-w-   c:\windows\system32\nvd3dum.dll
2010-10-16 12:42 . 2010-10-16 12:42   600680   ----a-w-   c:\windows\system32\nvvsvc.exe
2010-10-16 12:42 . 2010-10-16 12:42   279144   ----a-w-   c:\windows\system32\nvhotkey.dll
2010-10-16 12:42 . 2010-10-16 12:42   1881704   ----a-w-   c:\windows\system32\nvsvcr.dll
2010-10-16 12:42 . 2010-10-16 12:42   110696   ----a-w-   c:\windows\system32\nvmctray.dll
2010-10-16 12:42 . 2010-10-16 12:42   3420776   ----a-w-   c:\windows\system32\nvcpl.dll
2010-10-16 12:42 . 2010-10-16 12:42   2079336   ----a-w-   c:\windows\system32\nvsvc.dll
2010-09-08 11:17 . 2010-09-08 11:17   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-09-08 11:17 . 2010-09-08 11:17   69632   ----a-w-   c:\windows\system32\QuickTime.qts
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMHR"="c:\program files\WinMHR\WinMHR.exe" [2010-11-23 779528]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Winsonar"="c:\users\nunakin\AppData\Local\Winsonar\winsonar.exe" [2010-04-12 549888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backupExtension=.CommonStartup
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

[HKLM\~\startupfolder\C:^Users^nunakin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\nunakin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backupExtension=.Startup
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56   972080   ----a-w-   c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 10:54   150016   ----a-w-   c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51   488752   ----a-w-   c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 00:40   421160   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14   202032   ----a-w-   c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 01:21   468264   ----a-w-   c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 11:17   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-06-13 18:11   210216   ------w-   c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11   210216   ------w-   c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11   210216   ------w-   c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11   210216   ------w-   c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42   210216   ------w-   c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2010-01-20 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-11-08 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101124.002\IDSvix86.sys [2010-10-19 353840]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_19917.sys [2010-11-04 34792]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2010-11-04 62568]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-11-04 156776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2010-10-14 2806000]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-01-20 117640]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.6.11\SymcPCCULaunchSvc.exe [2010-09-16 115056]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.6.11\ccSvcHst.exe [2009-08-24 126392]
R2 ProSecur;ProSecur;c:\program files\Real-time Defender Professional\ProSecur.sys

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-11-04 763112]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-09-19 72808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-07 102448]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2010-01-20 48688]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2010-11-04 58472]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2010-01-20 310320]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
bthsvcs   REG_MULTI_SZ      BthServ
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ      HPSLPSVC
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-11-29 c:\windows\Tasks\User_Feed_Synchronization-{EFA01BA6-A925-482B-9DB1-353BCBD509F3}.job
- c:\windows\system32\msfeedssync.exe [2010-11-08 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\nunakin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Extension: Team Cymru's MHR: [email protected] - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\[email protected]
FF - Extension: BrowserProtect: [email protected] - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\[email protected]
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SystemExplorer - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-SolutoService
AddRemove-{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF} - c:\program files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe
AddRemove-UnityWebPlayer - c:\users\nunakin\AppData\Local\Unity\WebPlayer\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 00:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.6.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.6.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-30  00:52:35
ComboFix-quarantined-files.txt  2010-11-30 00:52

Pre-Run: 104,737,058,816 bytes free
Post-Run: 104,667,619,328 bytes free

- - End Of File - - 4CEDFE834078DCC3A5F2F6D2553241FC

combifix normal mode second scan

ComboFix 10-11-29.03 - nunakin 30/11/2010   1:38.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.44.1033.18.2814.1657 [GMT 0:00]
Running from: c:\users\nunakin\Desktop\commy.exe.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((   Files Created from 2010-10-28 to 2010-11-30  )))))))))))))))))))))))))))))))
.

2010-11-30 01:46 . 2010-11-30 01:46   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-11-30 00:38 . 2010-11-30 00:44   --------   d-----w-   C:\ComboFix
2010-11-29 21:19 . 2010-11-29 21:19   --------   d-----w-   C:\rsit
2010-11-28 18:51 . 2010-11-29 21:19   --------   d-----w-   c:\program files\Trend Micro
2010-11-28 16:28 . 2010-11-28 16:28   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-11-28 16:27 . 2010-11-28 16:28   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-11-28 09:42 . 2010-11-28 09:43   --------   d-----r-   c:\program files\Norton Support
2010-11-27 21:39 . 1998-06-23 23:00   67376   ----a-w-   c:\windows\system32\sysinfo.ocx
2010-11-27 21:36 . 2010-11-29 21:38   --------   d-----w-   c:\program files\ThreatExpert Memory Scanner
2010-11-27 17:21 . 2010-11-27 17:21   --------   d-----w-   c:\program files\VirusTotalUploader2
2010-11-26 22:53 . 2010-11-10 04:33   6273872   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{A99BF900-49C5-479C-95D1-8831FDF40EE2}\mpengine.dll
2010-11-26 22:35 . 2010-11-27 17:57   --------   d-----w-   c:\programdata\SystemExplorer
2010-11-26 22:35 . 2010-11-27 17:55   --------   d-----w-   c:\program files\System Explorer
2010-11-26 21:18 . 2010-11-27 16:24   --------   dc-h--w-   c:\programdata\~0
2010-11-26 20:32 . 2010-11-26 20:37   --------   d-----w-   c:\program files\iKnowPS
2010-11-26 20:12 . 2010-11-26 22:40   --------   d-----w-   c:\program files\Uniblue
2010-11-25 21:01 . 2010-11-25 21:02   --------   d-----w-   c:\program files\CCleaner
2010-11-25 20:53 . 2010-11-25 20:53   --------   d-----w-   c:\programdata\PC Tools
2010-11-24 15:17 . 2010-10-19 04:27   7680   ----a-w-   c:\program files\Internet Explorer\iecompat.dll
2010-11-20 20:01 . 2010-11-20 20:01   --------   d-----w-   c:\program files\VideoLAN
2010-11-19 16:23 . 2009-03-09 15:27   4178264   ----a-w-   c:\windows\system32\D3DX9_41.dll
2010-11-19 13:28 . 2010-11-19 13:28   --------   d-----w-   c:\programdata\CCP
2010-11-19 13:28 . 2010-11-19 13:28   --------   d-----w-   c:\program files\CCP
2010-11-18 21:05 . 2010-11-18 21:05   --------   d-----w-   c:\windows\system32\drivers\NortonPCCheckup
2010-11-18 21:05 . 2010-11-18 21:05   --------   d-----w-   c:\program files\Norton PC Checkup
2010-11-18 18:19 . 2010-11-18 18:19   --------   d-----w-   c:\programdata\ReviverSoft
2010-11-18 17:53 . 2010-11-18 17:53   --------   d-----w-   c:\program files\iPod
2010-11-18 17:53 . 2010-11-18 17:54   --------   d-----w-   c:\program files\iTunes
2010-11-18 17:47 . 2010-11-22 22:58   --------   d-----w-   c:\programdata\Soluto
2010-11-17 21:02 . 2010-11-30 00:05   --------   d-----w-   c:\program files\WinMHR
2010-11-17 20:41 . 2010-04-29 15:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-17 20:41 . 2010-11-17 20:41   --------   d-----w-   c:\programdata\Malwarebytes
2010-11-17 20:41 . 2010-11-17 20:41   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-11-17 20:41 . 2010-04-29 15:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-11-17 20:35 . 2010-11-17 20:35   --------   d-----w-   c:\programdata\WEBREG
2010-11-16 22:55 . 2008-10-24 11:48   321536   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll
2010-11-16 20:07 . 2010-11-24 18:20   --------   d-----w-   c:\program files\Emsisoft Anti-Malware
2010-11-16 10:54 . 2010-11-16 10:54   --------   d-----w-   c:\programdata\HP Product Assistant
2010-11-10 20:52 . 2010-08-12 11:46   758784   ----a-w-   c:\windows\system32\cohelper.dll
2010-11-10 17:29 . 2009-05-18 13:17   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-10 17:29 . 2008-04-17 12:12   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2010-11-10 17:29 . 2010-11-26 22:45   --------   dc----w-   c:\windows\system32\DRVSTORE
2010-11-10 17:28 . 2010-11-10 17:29   --------   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-10 17:24 . 2010-11-10 17:24   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-11-10 17:24 . 2010-11-10 17:24   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-11-10 17:24 . 2010-11-10 17:24   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-11-10 17:24 . 2010-11-10 17:24   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-11-10 17:24 . 2010-11-10 17:24   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-11-10 17:24 . 2010-11-10 17:24   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-11-10 17:24 . 2010-11-10 17:24   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-11-10 17:23 . 2010-11-10 17:24   --------   d-----w-   c:\program files\QuickTime
2010-11-10 17:23 . 2010-11-18 17:53   --------   d-----w-   c:\programdata\Apple Computer
2010-11-10 17:22 . 2010-11-10 17:22   --------   d-----w-   c:\program files\Apple Software Update
2010-11-10 17:18 . 2010-11-18 17:53   --------   d-----w-   c:\program files\Common Files\Apple
2010-11-10 17:18 . 2010-11-10 17:18   --------   d-----w-   c:\programdata\Apple
2010-11-10 10:42 . 2010-10-07 11:37   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2010-11-09 19:34 . 2009-10-09 21:56   2048   ----a-w-   c:\windows\system32\winrsmgr.dll
2010-11-09 19:34 . 2009-10-09 21:56   12800   ----a-w-   c:\windows\system32\wsmprovhost.exe
2010-11-09 19:34 . 2009-10-09 21:56   20480   ----a-w-   c:\windows\system32\winrshost.exe
2010-11-09 19:34 . 2009-10-09 21:56   40448   ----a-w-   c:\windows\system32\winrs.exe
2010-11-09 19:29 . 2010-11-09 19:29   --------   d-----w-   c:\users\Default\AppData\Local\Microsoft Help
2010-11-09 19:23 . 2010-11-09 19:23   --------   d-----w-   c:\program files\Common Files\Adobe
2010-11-09 18:28 . 2010-11-09 18:28   --------   d-----w-   c:\program files\Windows Portable Devices
2010-11-09 18:21 . 2010-09-07 20:09   26216   ----a-w-   c:\windows\system32\nvhdap32.dll
2010-11-09 18:21 . 2010-09-07 20:09   65640   ----a-w-   c:\windows\system32\nvapo32v.dll
2010-11-09 18:21 . 2010-09-07 20:08   123496   ----a-w-   c:\windows\system32\drivers\nvhda32v.sys
2010-11-09 18:21 . 2010-09-07 20:08   813672   ----a-w-   c:\windows\system32\nvgenco32.dll
2010-11-09 17:29 . 2009-09-10 02:00   92672   ----a-w-   c:\windows\system32\UIAnimation.dll
2010-11-09 17:29 . 2009-09-10 02:00   1164800   ----a-w-   c:\windows\system32\UIRibbonRes.dll
2010-11-09 17:29 . 2009-09-10 02:01   3023360   ----a-w-   c:\windows\system32\UIRibbon.dll
2010-11-09 17:28 . 2009-09-25 01:33   369664   ----a-w-   c:\windows\system32\WMPhoto.dll
2010-11-09 17:28 . 2009-09-24 22:54   258048   ----a-w-   c:\windows\system32\winspool.drv
2010-11-09 17:28 . 2009-09-25 01:27   634880   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2010-11-09 17:28 . 2009-09-25 01:27   37888   ----a-w-   c:\windows\system32\cdd.dll
2010-11-09 17:26 . 2009-10-01 01:02   30208   ----a-w-   c:\windows\system32\WPDShextAutoplay.exe
2010-11-09 17:26 . 2009-10-01 01:02   31232   ----a-w-   c:\windows\system32\BthMtpContextHandler.dll
2010-11-09 17:26 . 2009-10-01 01:01   81920   ----a-w-   c:\windows\system32\wpdbusenum.dll
2010-11-09 17:26 . 2009-10-01 01:01   60928   ----a-w-   c:\windows\system32\PortableDeviceConnectApi.dll
2010-11-09 17:26 . 2009-10-01 01:02   2537472   ----a-w-   c:\windows\system32\wpdshext.dll
2010-11-09 17:26 . 2009-10-01 01:02   334848   ----a-w-   c:\windows\system32\PortableDeviceApi.dll
2010-11-09 17:26 . 2009-10-01 01:02   87552   ----a-w-   c:\windows\system32\WPDShServiceObj.dll
2010-11-09 17:26 . 2009-10-01 01:01   546816   ----a-w-   c:\windows\system32\wpd_ci.dll
2010-11-09 17:26 . 2009-10-01 01:01   160256   ----a-w-   c:\windows\system32\PortableDeviceTypes.dll
2010-11-09 17:26 . 2009-10-01 01:01   350208   ----a-w-   c:\windows\system32\WPDSp.dll
2010-11-09 17:26 . 2009-10-01 01:01   196608   ----a-w-   c:\windows\system32\PortableDeviceWMDRM.dll
2010-11-09 17:26 . 2009-10-01 01:01   100864   ----a-w-   c:\windows\system32\PortableDeviceClassExtension.dll
2010-11-09 17:26 . 2009-10-01 01:01   227840   ----a-w-   c:\windows\system32\drivers\UMDF\WpdFs.dll
2010-11-09 17:25 . 2009-10-08 21:07   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
2010-11-09 17:25 . 2009-10-08 21:08   234496   ----a-w-   c:\windows\system32\oleacc.dll
2010-11-09 17:25 . 2009-10-08 21:08   555520   ----a-w-   c:\windows\system32\UIAutomationCore.dll
2010-11-09 00:06 . 2010-11-09 00:06   --------   d-----w-   c:\windows\system32\ca-ES
2010-11-09 00:06 . 2010-11-09 00:06   --------   d-----w-   c:\windows\system32\eu-ES
2010-11-09 00:06 . 2010-11-09 00:06   --------   d-----w-   c:\windows\system32\vi-VN
2010-11-08 23:34 . 2008-10-24 02:35   271704   ----a-w-   c:\windows\system32\hpzids01.dll
2010-11-08 23:34 . 2008-10-24 11:48   118272   ----a-w-   c:\windows\system32\hpz3l696.dll
2010-11-08 23:34 . 2008-10-24 02:34   372736   ----a-w-   c:\windows\system32\hppldcoi.dll
2010-11-08 23:34 . 2008-10-24 02:34   309760   ----a-w-   c:\windows\system32\difxapi.dll
2010-11-08 23:34 . 2008-10-24 02:34   737280   ----a-w-   c:\windows\system32\hposwia_p01a.dll
2010-11-08 23:34 . 2008-10-24 02:34   974848   ----a-w-   c:\windows\system32\hpost_p01a.dll
2010-11-08 23:34 . 2008-10-24 02:34   307200   ----a-w-   c:\windows\system32\hposc_p01a.dll
2010-11-08 23:33 . 2010-11-08 23:33   --------   d-----w-   c:\program files\Common Files\HP
2010-11-08 23:33 . 2010-11-08 23:33   --------   d-----w-   c:\program files\Common Files\Hewlett-Packard
2010-11-08 23:27 . 2010-11-08 23:27   --------   d-----w-   c:\windows\system32\EventProviders
2010-11-08 23:25 . 2010-11-17 19:46   --------   d-----w-   c:\programdata\HP
2010-11-08 23:24 . 2010-11-08 23:24   --------   d-----w-   c:\programdata\Office Genuine Advantage
2010-11-08 22:59 . 2010-11-08 22:59   --------   d-----w-   c:\programdata\Symantec
2010-11-08 22:07 . 2009-04-11 05:03   12240896   ----a-w-   c:\windows\system32\NlsLexicons0007.dll
2010-11-08 22:05 . 2009-04-11 06:28   978432   ----a-w-   c:\windows\system32\drmv2clt.dll
2010-11-08 22:04 . 2009-04-11 06:28   2012160   ----a-w-   c:\windows\system32\milcore.dll
2010-11-08 22:03 . 2009-04-11 06:28   67584   ----a-w-   c:\windows\system32\slwmi.dll
2010-11-08 22:02 . 2009-04-11 06:28   311808   ----a-w-   c:\windows\system32\swprv.dll
2010-11-08 22:01 . 2009-04-11 06:32   149480   ----a-w-   c:\windows\system32\drivers\pci.sys
2010-11-08 22:00 . 2009-04-11 06:28   223232   ----a-w-   c:\windows\system32\mswsock.dll
2010-11-08 21:59 . 2009-04-11 06:28   140800   ----a-w-   c:\windows\system32\wusa.exe
2010-11-08 21:58 . 2009-04-11 06:28   306176   ----a-w-   c:\windows\system32\scesrv.dll
2010-11-08 21:57 . 2010-11-08 21:57   --------   d-----w-   c:\program files\Trusteer
2010-11-08 21:57 . 2009-04-11 04:45   72192   ----a-w-   c:\windows\system32\drivers\tdx.sys
2010-11-08 21:55 . 2009-04-11 06:28   178176   ----a-w-   c:\windows\system32\credui.dll
2010-11-08 21:54 . 2009-04-11 04:42   52992   ----a-w-   c:\windows\system32\drivers\stream.sys
2010-11-08 21:54 . 2009-04-11 04:46   33280   ----a-w-   c:\windows\system32\drivers\RNDISMP.sys
2010-11-08 21:54 . 2009-04-11 05:42   93696   ----a-w-   c:\windows\system32\drivers\bridge.sys
2010-11-08 21:54 . 2009-04-11 04:42   19456   ----a-w-   c:\windows\system32\drivers\usbohci.sys
2010-11-08 21:54 . 2009-04-11 04:46   15872   ----a-w-   c:\windows\system32\drivers\usb8023.sys
2010-11-08 21:54 . 2009-04-11 04:46   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys
2010-11-08 21:54 . 2009-04-11 06:22   7168   ----a-w-   c:\windows\system32\f3ahvoas.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 01:33 . 2008-10-29 04:50   1053232   ----a-w-   c:\windows\system32\MFC71u.dll
2010-11-08 01:33 . 2008-08-06 22:29   353840   ----a-w-   c:\windows\system32\msvcr71.dll
2010-11-08 01:33 . 2008-08-06 22:27   505392   ----a-w-   c:\windows\system32\msvcp71.dll
2010-11-08 01:33 . 2008-10-29 04:50   1066544   ----a-w-   c:\windows\system32\MFC71.dll
2010-11-08 01:32 . 2008-10-29 05:03   588472   ----a-w-   c:\windows\system32\ezsvc7x.dll
2010-10-16 18:55 . 2010-11-08 21:44   10920   ----a-w-   c:\windows\system32\drivers\nvBridge.kmd
2010-10-16 18:55 . 2009-07-23 21:01   1719912   ----a-w-   c:\windows\system32\nvapi.dll
2010-10-16 18:55 . 2009-07-23 21:01   10023528   ----a-w-   c:\windows\system32\nvd3dum.dll
2010-10-16 12:42 . 2010-10-16 12:42   600680   ----a-w-   c:\windows\system32\nvvsvc.exe
2010-10-16 12:42 . 2010-10-16 12:42   279144   ----a-w-   c:\windows\system32\nvhotkey.dll
2010-10-16 12:42 . 2010-10-16 12:42   1881704   ----a-w-   c:\windows\system32\nvsvcr.dll
2010-10-16 12:42 . 2010-10-16 12:42   110696   ----a-w-   c:\windows\system32\nvmctray.dll
2010-10-16 12:42 . 2010-10-16 12:42   3420776   ----a-w-   c:\windows\system32\nvcpl.dll
2010-10-16 12:42 . 2010-10-16 12:42   2079336   ----a-w-   c:\windows\system32\nvsvc.dll
2010-09-08 11:17 . 2010-09-08 11:17   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-09-08 11:17 . 2010-09-08 11:17   69632   ----a-w-   c:\windows\system32\QuickTime.qts
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMHR"="c:\program files\WinMHR\WinMHR.exe" [2010-11-23 779528]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Winsonar"="c:\users\nunakin\AppData\Local\Winsonar\winsonar.exe" [2010-04-12 549888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backupExtension=.CommonStartup
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

[HKLM\~\startupfolder\C:^Users^nunakin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\nunakin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backupExtension=.Startup
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56   972080   ----a-w-   c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 10:54   150016   ----a-w-   c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51   488752   ----a-w-   c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 00:40   421160   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14   202032   ----a-w-   c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 01:21   468264   ----a-w-   c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 11:17   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-06-13 18:11   210216   ------w-   c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11   210216   ------w-   c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11   210216   ------w-   c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11   210216   ------w-   c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42   210216   ------w-   c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ProSecur;ProSecur;c:\program files\Real-time Defender Professional\ProSecur.sys

R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-09-19 72808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2010-11-04 58472]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2010-01-20 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2010-01-20 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-11-08 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101124.002\IDSvix86.sys [2010-10-19 353840]
S1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_19917.sys [2010-11-04 34792]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2010-11-04 62568]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-11-04 156776]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2010-10-14 2806000]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-01-20 117640]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.6.11\SymcPCCULaunchSvc.exe [2010-09-16 115056]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.6.11\ccSvcHst.exe [2009-08-24 126392]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-11-04 763112]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-07 102448]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2010-01-20 48688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
bthsvcs   REG_MULTI_SZ      BthServ
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ      HPSLPSVC
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-11-30 c:\windows\Tasks\User_Feed_Synchronization-{EFA01BA6-A925-482B-9DB1-353BCBD509F3}.job
- c:\windows\system32\msfeedssync.exe [2010-11-08 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\nunakin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Extension: Team Cymru's MHR: [email protected] - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\[email protected]
FF - Extension: BrowserProtect: [email protected] - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\[email protected]
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 01:46
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.6.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.6.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-30  01:49:27
ComboFix-quarantined-files.txt  2010-11-30 01:49
ComboFix2.txt  2010-11-30 00:52

Pre-Run: 104,517,369,856 bytes free
Post-Run: 104,484,818,944 bytes free

- - End Of File - - 2EB4917E6D497E451451B29B46493475


screen 317 test log

 Results of screen317's Security Check version 0.99.6 
 Windows Vista Service Pack 2 (UAC is enabled)
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled! 
 Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 CCleaner     
 Java(TM) 6 Update 22 
 Java(TM) 6 Update 7 
 Out of date Java installed!
 Adobe Flash Player 10.1.102.64 
Adobe Reader 9.4.1
 Mozilla Firefox (3.6.12)
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Norton ccSvcHst.exe
 Emsisoft Anti-Malware a2service.exe   
````````````````````````````````
DNS Vulnerability Check:
 Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

``````````End of Log````````````


last thing busy lately and did scans yesterday so maybe a bit confused but i ran a screen 317 test i think in safe mode but didnt save log where it said the dns vulnerability was ok this one is different thought can run another if necessary. I am not on a wireless router it is wired. 

[SuperDave]

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was

extracted to. Open the text file and copy/paste the log here.
[/list]

[ohnonotagain]

ok thanks. during the log creation before scan root box came up the not responding msg came up for the program but then the scan root box eventually appeared. ran it as admin. heres the log

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 96CD0000
Module End: 96CDB000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 96CDB000
Module End: 96CE3000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAlertResumeThread
Address: 87868B60
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAlertThread
Address: 87867A60
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAllocateVirtualMemory
Address: 87888F40
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAlpcConnectPort
Address: 86EB7810
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAssignProcessToJobObject
Address: 878A64C8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateFile
Address: 96666A38
Driver Base: 96665000
Driver End: 9668A000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwCreateMutant
Address: 878A1680
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateSymbolicLinkObject
Address: 878ADC38
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: 8786DB20
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDebugActiveProcess
Address: 878A4050
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteFile
Address: 96666BB6
Driver Base: 96665000
Driver End: 9668A000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwDeleteKey
Address: 9666A3D4
Driver Base: 96665000
Driver End: 9668A000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwDeleteValueKey
Address: 9666A406
Driver Base: 96665000
Driver End: 9668A000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwDuplicateObject
Address: 878871E8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwFreeVirtualMemory
Address: 878887A0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateAnonymousToken
Address: 878A0440
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateThread
Address: 87878048
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadDriver
Address: 876CA3A0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadKey
Address: 9666A568
Driver Base: 96665000
Driver End: 9668A000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwMapViewOfSection
Address: 87889008
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenEvent
Address: 878A1048
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenFile
Address: 96666B0E
Driver Base: 96665000
Driver End: 9668A000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwOpenProcess
Address: 878874C8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcessToken
Address: 87727870
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenSection
Address: 878A3190
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 87887338
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwProtectVirtualMemory
Address: 878A7E00
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwQueryValueKey
Address: 9666A4DE
Driver Base: 96665000
Driver End: 9668A000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwRenameKey
Address: 9666A448
Driver Base: 96665000
Driver End: 9668A000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwReplaceKey
Address: 9666A47A
Driver Base: 96665000
Driver End: 9668A000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwRestoreKey
Address: 9666A4AC
Driver Base: 96665000
Driver End: 9668A000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwResumeThread
Address: 8772D768
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: 8784A8A0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetInformationFile
Address: 96666C22
Driver Base: 96665000
Driver End: 9668A000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwSetInformationProcess
Address: 87888400
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSystemInformation
Address: 878A4F50
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: 9669B82E
Driver Base: 96698000
Driver End: 966A0000
Driver Name: \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_19917.sys

Function Name: ZwSuspendProcess
Address: 878A3D10
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendThread
Address: 8783E488
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 877B6660
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 8781E258
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwUnmapViewOfSection
Address: 877258A0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwWriteVirtualMemory
Address: 87888B70
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThreadEx
Address: 878A72A0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\026C2B3B.TMP
Status: Access denied

Object: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\78D22262.TMP
Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\026C2B3B.TMP
Status: Access denied

Object: C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\78D22262.TMP
Status: Access denied

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied

[SuperDave]

That looks good. How's your computer running?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[ohnonotagain]

C:\ProgramData\ReviverSoft\RegistryReviver\InstallCache\{E31E4E05-4B6B-42A5-8623-EB530F8147F5}\RegistryReviver.msi   a variant of Win32/SlowPCfighter application   deleted - quarantined

thanks gr8! sorry thought i had been abandoned ---before this scan did a rootkit scan with trend micro and deleted some file streams from downloaded software. also uninstalled some security programs and left rapport and winmhr. Updated norton to 360 v. 5 beta and kept emsisoft a2. defragmented disk with auslogics disk defrag. disabled net framework plugin or add on in mozilla. Thinking of uninstalling.


This is trend micro log just in case anyway may have solved problem going to see if i can get on bit defender site, run a few more scans and monitor rapport console for unusual activity 


+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 2.80.0.1077
+----------------------------------------------------


--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
[FILE_STREAM]:
   FullPath      : C:\ProgramData\Soluto\Installer\SolutoInstaller.exe:Zone.Identifier:$DATA
   FullPathLength: 51
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\All Users\Soluto\Installer\SolutoInstaller.exe:Zone.Identifier:$DATA
   FullPathLength: 55
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\74A726D9-00000001.eml:OECustomProperty:$DATA
   FullPathLength: 103
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\AppData\Local\temp\Temp1_RootkitBuster_2.80.1077.zip\RootkitBuster.exe:Zone.Identifier:$DATA
   FullPathLength: 87
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Desktop\backsupport.html:Zone.Identifier:$DATA
   FullPathLength: 41
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Desktop\bhs order.htm:Zone.Identifier:$DATA
   FullPathLength: 38
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Desktop\indoor condenser.htm:Zone.Identifier:$DATA
   FullPathLength: 45
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Desktop\order_valcard.php.htm:Zone.Identifier:$DATA
   FullPathLength: 46
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Desktop\philips-dcm292-05-ipod-docking-station-black-06238797-pdt.html:Zone.Identifier:$DATA
   FullPathLength: 87
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Desktop\ReservationConfirmationDisplayView.htm:Zone.Identifier:$DATA
   FullPathLength: 63
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Desktop\sdasetup.exe:Zone.Identifier:$DATA
   FullPathLength: 37
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Desktop\SysProt.exe:Zone.Identifier:$DATA
   FullPathLength: 36
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Desktop\tescolastshop.htm:Zone.Identifier:$DATA
   FullPathLength: 42
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\activescan2_en.exe:Zone.Identifier:$DATA
   FullPathLength: 45
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\a2emergencykit_readme.txt:Zone.Identifier:$DATA
   FullPathLength: 73
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\autorun.inf:Zone.Identifier:$DATA
   FullPathLength: 59
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\CommandlineScanner.bat:Zone.Identifier:$DATA
   FullPathLength: 70
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\EmergencyKitScanner.bat:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Languages\ar-sa.lng:Zone.Identifier:$DATA
   FullPathLength: 67
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Languages\cz-cz.lng:Zone.Identifier:$DATA
   FullPathLength: 67
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Languages\de-de.lng:Zone.Identifier:$DATA
   FullPathLength: 67
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Languages\en-us.lng:Zone.Identifier:$DATA
   FullPathLength: 67
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Languages\fr-fr.lng:Zone.Identifier:$DATA
   FullPathLength: 67
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Languages\nl-nl.lng:Zone.Identifier:$DATA
   FullPathLength: 67
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Languages\pt-br.lng:Zone.Identifier:$DATA
   FullPathLength: 67
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Languages\sl-si.lng:Zone.Identifier:$DATA
   FullPathLength: 67
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Languages\vi-vn.lng:Zone.Identifier:$DATA
   FullPathLength: 67
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\a2cmd.exe:Zone.Identifier:$DATA
   FullPathLength: 61
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\a2cmd_readme.txt:Zone.Identifier:$DATA
   FullPathLength: 68
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\a2emergencykit.exe:Zone.Identifier:$DATA
   FullPathLength: 70
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\a2framework.dll:Zone.Identifier:$DATA
   FullPathLength: 67
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\a2heur.dat:Zone.Identifier:$DATA
   FullPathLength: 62
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\a2HiJackFree.exe:Zone.Identifier:$DATA
   FullPathLength: 68
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\a2mor.dll:Zone.Identifier:$DATA
   FullPathLength: 61
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\a2trust.dat:Zone.Identifier:$DATA
   FullPathLength: 63
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\a2update.dll:Zone.Identifier:$DATA
   FullPathLength: 64
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\a2wl.dat:Zone.Identifier:$DATA
   FullPathLength: 60
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\BlitzBlank.exe:Zone.Identifier:$DATA
   FullPathLength: 66
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\engine.dll:Zone.Identifier:$DATA
   FullPathLength: 62
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\ar-sa.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\bg-bg.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\ca-es.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\cn-cn.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\cz-cz.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\de-de.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\en-us.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\es-es.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\fi-fi.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\fr-fr.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\hr-hr.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\hu-hu.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\it-it.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\ja-jp.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\nl-nl.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\pl-pl.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\pt-br.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\ru-ru.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\sl-si.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\sr-sp.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\sv-se.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\tr-tr.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\ua-ua.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\vi-vn.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Languages\zh-tw.lng:Zone.Identifier:$DATA
   FullPathLength: 71
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\license_de.rtf:Zone.Identifier:$DATA
   FullPathLength: 66
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\license_en.rtf:Zone.Identifier:$DATA
   FullPathLength: 66
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100901.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100902.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100903.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100906.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100907.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100909.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100911.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100913.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100914.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100916.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100917.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100920.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100921.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100922.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100923.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100924.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100927.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100928.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100929.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20100930.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101001.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101004.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101005.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101006.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101007.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101009.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101011.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101012.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101013.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101015.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101016.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101018.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101019.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101020.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101021.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101023.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101025.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101026.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101027.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101028.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101029.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101101.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101103.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101104.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101105.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101108.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101109.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101110.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101111.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101112.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101115.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101116.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101118.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101119.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101122.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101123.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101124.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101125.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\20101127.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000101.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000102.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000103.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000104.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000105.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000106.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000107.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000108.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000109.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000110.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000111.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000112.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000113.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000114.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000115.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000116.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000117.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000118.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000119.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000120.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000121.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000122.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000123.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000124.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000125.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000126.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000127.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000128.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000129.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000201.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000202.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000203.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000204.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000205.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000206.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000207.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000208.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000209.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000210.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000211.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000212.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000213.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000214.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000215.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000216.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000217.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000301.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000401.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000601.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000602.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000701.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\Signatures\30000702.sig:Zone.Identifier:$DATA
   FullPathLength: 75
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[FILE_STREAM]:
   FullPath      : C:\Users\nunakin\Downloads\EmsisoftEmergencyKit\Run\T3.dll:Zone.Identifier:$DATA
   FullPathLength: 58
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x

[ohnonotagain]

hold on winMHR just identified a malicious file---

#WinMHR version beta 2   
 #Name
NIRCMD.exe

MD5
ae72e8619cb31d84da25e2435e55003c

SHA-1
2ed893a9aa82da248b5f4344819fcf6ad2d2824 0

Path
C:\WINDOWS\NIRCMD.exe

30.5 KB

Detection Rate   Last Seen By MHR   Check State   Status   
13   21/04/2009 07:09   Checked.   Malware detected.

what is this? have options to do full scan or open file location

[ohnonotagain]

no its a combofix file sorry 


still cannot access this site from google search which is worrying

BitDefender.co.uk/Internet-Security

currently doing a full scan with norton

[SuperDave]

I specifically asked you not to run any tools while I was helping you.

4. Please DO NOT run any other tools or scans while I am helping you.

If you insist on doing this, then you're on your own.[/COLOR]