Ok here r some logs u asked for. Had some difficulty downloading combifix firefox and computer froze but when restarted it was on download list. There was no option to save it anywhere so just renamed it and dragged to desktop where I ran it. I ran the first session in safe mode and the second in normal mode. I had a few access denied msgs in the first report but none in the second. The dns msg at end of each report is different. The other log from screen 317 detected some security programs on the computer but I dont think it detected all there is, some arent actively running. When suspected infection downloaded lots of stuff!! Most I don't really understand to be honest (whats a pdd scanner application ??). I am dissapointed that a particular type of infection can be on a computer and nothing detect it apart from a small last line of defence program and a one off scan from a relatively obscure program (rapport and threat expert) so am seriously considering linux as had it with this all really. Not long ago reinstalled vista after another serious infection with other security programs that missed it a first. Anyway just one more thing to mention. I have a firefox add on or plug in called bit defender quick scan that (obviously) comes up with nothing. However I havent had dns errors recently but if i try and go to bitdefender website through google search results it takes ages to load and eventually have to stop trying. I am not cut off however. If i try and type the url directly into the address bar i can access the site no problem. I hardly ever use iexplorer mainly firefox. Hope above info helps will stop going on and here are the logs thanks for ur time. p.s (if i have done something wrong can scan again or whatever)
combifix safe mode first scanComboFix 10-11-29.03 - nunakin 30/11/2010 0:44.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2814.2302 [GMT 0:00]
Running from: c:\users\nunakin\Downloads\commy.exe.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-30 )))))))))))))))))))))))))))))))
.
2010-11-30 00:50 . 2010-11-30 00:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-30 00:38 . 2010-11-30 00:44 -------- d-----w- C:\ComboFix
2010-11-29 21:19 . 2010-11-29 21:19 -------- d-----w- C:\rsit
2010-11-28 18:51 . 2010-11-29 21:19 -------- d-----w- c:\program files\Trend Micro
2010-11-28 16:28 . 2010-11-28 16:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-11-28 16:27 . 2010-11-28 16:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-28 09:42 . 2010-11-28 09:43 -------- d-----r- c:\program files\Norton Support
2010-11-27 21:39 . 1998-06-23 23:00 67376 ----a-w- c:\windows\system32\sysinfo.ocx
2010-11-27 21:36 . 2010-11-29 21:38 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2010-11-27 17:21 . 2010-11-27 17:21 -------- d-----w- c:\program files\VirusTotalUploader2
2010-11-26 22:53 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A99BF900-49C5-479C-95D1-8831FDF40EE2}\mpengine.dll
2010-11-26 22:35 . 2010-11-27 17:57 -------- d-----w- c:\programdata\SystemExplorer
2010-11-26 22:35 . 2010-11-27 17:55 -------- d-----w- c:\program files\System Explorer
2010-11-26 21:18 . 2010-11-27 16:24 -------- dc-h--w- c:\programdata\~0
2010-11-26 20:32 . 2010-11-26 20:37 -------- d-----w- c:\program files\iKnowPS
2010-11-26 20:12 . 2010-11-26 22:40 -------- d-----w- c:\program files\Uniblue
2010-11-25 21:01 . 2010-11-25 21:02 -------- d-----w- c:\program files\CCleaner
2010-11-25 20:53 . 2010-11-25 20:53 -------- d-----w- c:\programdata\PC Tools
2010-11-24 15:17 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-20 20:01 . 2010-11-20 20:01 -------- d-----w- c:\program files\VideoLAN
2010-11-19 16:23 . 2009-03-09 15:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-11-19 13:28 . 2010-11-19 13:28 -------- d-----w- c:\programdata\CCP
2010-11-19 13:28 . 2010-11-19 13:28 -------- d-----w- c:\program files\CCP
2010-11-18 21:05 . 2010-11-18 21:05 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2010-11-18 21:05 . 2010-11-18 21:05 -------- d-----w- c:\program files\Norton PC Checkup
2010-11-18 18:19 . 2010-11-18 18:19 -------- d-----w- c:\programdata\ReviverSoft
2010-11-18 17:53 . 2010-11-18 17:53 -------- d-----w- c:\program files\iPod
2010-11-18 17:53 . 2010-11-18 17:54 -------- d-----w- c:\program files\iTunes
2010-11-18 17:47 . 2010-11-22 22:58 -------- d-----w- c:\programdata\Soluto
2010-11-17 21:02 . 2010-11-30 00:05 -------- d-----w- c:\program files\WinMHR
2010-11-17 20:41 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-17 20:41 . 2010-11-17 20:41 -------- d-----w- c:\programdata\Malwarebytes
2010-11-17 20:41 . 2010-11-17 20:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-17 20:41 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-17 20:35 . 2010-11-17 20:35 -------- d-----w- c:\programdata\WEBREG
2010-11-16 22:55 . 2008-10-24 11:48 321536 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll
2010-11-16 20:07 . 2010-11-24 18:20 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-11-16 10:54 . 2010-11-16 10:54 -------- d-----w- c:\programdata\HP Product Assistant
2010-11-10 20:52 . 2010-08-12 11:46 758784 ----a-w- c:\windows\system32\cohelper.dll
2010-11-10 17:29 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-10 17:29 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-10 17:29 . 2010-11-26 22:45 -------- dc----w- c:\windows\system32\DRVSTORE
2010-11-10 17:28 . 2010-11-10 17:29 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-10 17:24 . 2010-11-10 17:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-11-10 17:24 . 2010-11-10 17:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-11-10 17:24 . 2010-11-10 17:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-11-10 17:24 . 2010-11-10 17:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-11-10 17:24 . 2010-11-10 17:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-11-10 17:24 . 2010-11-10 17:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-11-10 17:24 . 2010-11-10 17:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-11-10 17:23 . 2010-11-10 17:24 -------- d-----w- c:\program files\QuickTime
2010-11-10 17:23 . 2010-11-18 17:53 -------- d-----w- c:\programdata\Apple Computer
2010-11-10 17:22 . 2010-11-10 17:22 -------- d-----w- c:\program files\Apple Software Update
2010-11-10 17:18 . 2010-11-18 17:53 -------- d-----w- c:\program files\Common Files\Apple
2010-11-10 17:18 . 2010-11-10 17:18 -------- d-----w- c:\programdata\Apple
2010-11-10 10:42 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-09 19:34 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-11-09 19:34 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2010-11-09 19:34 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2010-11-09 19:34 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2010-11-09 19:29 . 2010-11-09 19:29 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-11-09 19:23 . 2010-11-09 19:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-09 18:28 . 2010-11-09 18:28 -------- d-----w- c:\program files\Windows Portable Devices
2010-11-09 18:21 . 2010-09-07 20:09 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-11-09 18:21 . 2010-09-07 20:09 65640 ----a-w- c:\windows\system32\nvapo32v.dll
2010-11-09 18:21 . 2010-09-07 20:08 123496 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-11-09 18:21 . 2010-09-07 20:08 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-11-09 17:29 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-11-09 17:29 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-11-09 17:29 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-11-09 17:28 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2010-11-09 17:28 . 2009-09-24 22:54 258048 ----a-w- c:\windows\system32\winspool.drv
2010-11-09 17:28 . 2009-09-25 01:27 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-11-09 17:28 . 2009-09-25 01:27 37888 ----a-w- c:\windows\system32\cdd.dll
2010-11-09 17:26 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-11-09 17:26 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-11-09 17:26 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-11-09 17:26 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-11-09 17:26 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-11-09 17:26 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-11-09 17:26 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-11-09 17:26 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-11-09 17:26 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-11-09 17:26 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-11-09 17:26 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-11-09 17:26 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-11-09 17:26 . 2009-10-01 01:01 227840 ----a-w- c:\windows\system32\drivers\UMDF\WpdFs.dll
2010-11-09 17:25 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-11-09 17:25 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-11-09 17:25 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-11-09 00:06 . 2010-11-09 00:06 -------- d-----w- c:\windows\system32\ca-ES
2010-11-09 00:06 . 2010-11-09 00:06 -------- d-----w- c:\windows\system32\eu-ES
2010-11-09 00:06 . 2010-11-09 00:06 -------- d-----w- c:\windows\system32\vi-VN
2010-11-08 23:34 . 2008-10-24 02:35 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-11-08 23:34 . 2008-10-24 11:48 118272 ----a-w- c:\windows\system32\hpz3l696.dll
2010-11-08 23:34 . 2008-10-24 02:34 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2010-11-08 23:34 . 2008-10-24 02:34 309760 ----a-w- c:\windows\system32\difxapi.dll
2010-11-08 23:34 . 2008-10-24 02:34 737280 ----a-w- c:\windows\system32\hposwia_p01a.dll
2010-11-08 23:34 . 2008-10-24 02:34 974848 ----a-w- c:\windows\system32\hpost_p01a.dll
2010-11-08 23:34 . 2008-10-24 02:34 307200 ----a-w- c:\windows\system32\hposc_p01a.dll
2010-11-08 23:33 . 2010-11-08 23:33 -------- d-----w- c:\program files\Common Files\HP
2010-11-08 23:33 . 2010-11-08 23:33 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-11-08 23:27 . 2010-11-08 23:27 -------- d-----w- c:\windows\system32\EventProviders
2010-11-08 23:25 . 2010-11-17 19:46 -------- d-----w- c:\programdata\HP
2010-11-08 23:24 . 2010-11-08 23:24 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-11-08 22:59 . 2010-11-08 22:59 -------- d-----w- c:\programdata\Symantec
2010-11-08 22:07 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-11-08 22:05 . 2009-04-11 06:28 978432 ----a-w- c:\windows\system32\drmv2clt.dll
2010-11-08 22:04 . 2009-04-11 06:28 2012160 ----a-w- c:\windows\system32\milcore.dll
2010-11-08 22:03 . 2009-04-11 06:28 67584 ----a-w- c:\windows\system32\slwmi.dll
2010-11-08 22:02 . 2009-04-11 06:28 311808 ----a-w- c:\windows\system32\swprv.dll
2010-11-08 22:01 . 2009-04-11 06:32 149480 ----a-w- c:\windows\system32\drivers\pci.sys
2010-11-08 22:00 . 2009-04-11 06:28 223232 ----a-w- c:\windows\system32\mswsock.dll
2010-11-08 21:59 . 2009-04-11 06:28 140800 ----a-w- c:\windows\system32\wusa.exe
2010-11-08 21:58 . 2009-04-11 06:28 306176 ----a-w- c:\windows\system32\scesrv.dll
2010-11-08 21:57 . 2010-11-08 21:57 -------- d-----w- c:\program files\Trusteer
2010-11-08 21:57 . 2009-04-11 04:45 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2010-11-08 21:55 . 2009-04-11 06:28 178176 ----a-w- c:\windows\system32\credui.dll
2010-11-08 21:54 . 2009-04-11 04:42 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2010-11-08 21:54 . 2009-04-11 04:46 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2010-11-08 21:54 . 2009-04-11 05:42 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2010-11-08 21:54 . 2009-04-11 04:42 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-11-08 21:54 . 2009-04-11 04:46 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2010-11-08 21:54 . 2009-04-11 04:46 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2010-11-08 21:54 . 2009-04-11 06:22 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 01:33 . 2008-10-29 04:50 1053232 ----a-w- c:\windows\system32\MFC71u.dll
2010-11-08 01:33 . 2008-08-06 22:29 353840 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-08 01:33 . 2008-08-06 22:27 505392 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-08 01:33 . 2008-10-29 04:50 1066544 ----a-w- c:\windows\system32\MFC71.dll
2010-11-08 01:32 . 2008-10-29 05:03 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-10-16 18:55 . 2010-11-08 21:44 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-10-16 18:55 . 2009-07-23 21:01 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55 . 2009-07-23 21:01 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 12:42 . 2010-10-16 12:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 12:42 . 2010-10-16 12:42 279144 ----a-w- c:\windows\system32\nvhotkey.dll
2010-10-16 12:42 . 2010-10-16 12:42 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-10-16 12:42 . 2010-10-16 12:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 12:42 . 2010-10-16 12:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 12:42 . 2010-10-16 12:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll
2010-09-08 11:17 . 2010-09-08 11:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 11:17 . 2010-09-08 11:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMHR"="c:\program files\WinMHR\WinMHR.exe" [2010-11-23 779528]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Winsonar"="c:\users\nunakin\AppData\Local\Winsonar\winsonar.exe" [2010-04-12 549888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backupExtension=.CommonStartup
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
[HKLM\~\startupfolder\C:^Users^nunakin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\nunakin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backupExtension=.Startup
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 10:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 00:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 01:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 11:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-06-13 18:11 210216 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2010-01-20 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-11-08 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101124.002\IDSvix86.sys [2010-10-19 353840]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_19917.sys [2010-11-04 34792]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2010-11-04 62568]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-11-04 156776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2010-10-14 2806000]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-01-20 117640]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.6.11\SymcPCCULaunchSvc.exe [2010-09-16 115056]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.6.11\ccSvcHst.exe [2009-08-24 126392]
R2 ProSecur;ProSecur;c:\program files\Real-time Defender Professional\ProSecur.sys
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-11-04 763112]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-09-19 72808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-07 102448]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2010-01-20 48688]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2010-11-04 58472]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2010-01-20 310320]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-11-29 c:\windows\Tasks\User_Feed_Synchronization-{EFA01BA6-A925-482B-9DB1-353BCBD509F3}.job
- c:\windows\system32\msfeedssync.exe [2010-11-08 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\nunakin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Extension: Team Cymru's MHR:
[email protected] - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\
[email protected]FF - Extension: BrowserProtect:
[email protected] - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\
[email protected]FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-SystemExplorer - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-SolutoService
AddRemove-{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF} - c:\program files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe
AddRemove-UnityWebPlayer - c:\users\nunakin\AppData\Local\Unity\WebPlayer\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-11-30 00:50
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.6.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.6.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-30 00:52:35
ComboFix-quarantined-files.txt 2010-11-30 00:52
Pre-Run: 104,737,058,816 bytes free
Post-Run: 104,667,619,328 bytes free
- - End Of File - - 4CEDFE834078DCC3A5F2F6D2553241FC
combifix normal mode second scanComboFix 10-11-29.03 - nunakin 30/11/2010 1:38.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2814.1657 [GMT 0:00]
Running from: c:\users\nunakin\Desktop\commy.exe.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-30 )))))))))))))))))))))))))))))))
.
2010-11-30 01:46 . 2010-11-30 01:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-30 00:38 . 2010-11-30 00:44 -------- d-----w- C:\ComboFix
2010-11-29 21:19 . 2010-11-29 21:19 -------- d-----w- C:\rsit
2010-11-28 18:51 . 2010-11-29 21:19 -------- d-----w- c:\program files\Trend Micro
2010-11-28 16:28 . 2010-11-28 16:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-11-28 16:27 . 2010-11-28 16:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-28 09:42 . 2010-11-28 09:43 -------- d-----r- c:\program files\Norton Support
2010-11-27 21:39 . 1998-06-23 23:00 67376 ----a-w- c:\windows\system32\sysinfo.ocx
2010-11-27 21:36 . 2010-11-29 21:38 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2010-11-27 17:21 . 2010-11-27 17:21 -------- d-----w- c:\program files\VirusTotalUploader2
2010-11-26 22:53 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A99BF900-49C5-479C-95D1-8831FDF40EE2}\mpengine.dll
2010-11-26 22:35 . 2010-11-27 17:57 -------- d-----w- c:\programdata\SystemExplorer
2010-11-26 22:35 . 2010-11-27 17:55 -------- d-----w- c:\program files\System Explorer
2010-11-26 21:18 . 2010-11-27 16:24 -------- dc-h--w- c:\programdata\~0
2010-11-26 20:32 . 2010-11-26 20:37 -------- d-----w- c:\program files\iKnowPS
2010-11-26 20:12 . 2010-11-26 22:40 -------- d-----w- c:\program files\Uniblue
2010-11-25 21:01 . 2010-11-25 21:02 -------- d-----w- c:\program files\CCleaner
2010-11-25 20:53 . 2010-11-25 20:53 -------- d-----w- c:\programdata\PC Tools
2010-11-24 15:17 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-20 20:01 . 2010-11-20 20:01 -------- d-----w- c:\program files\VideoLAN
2010-11-19 16:23 . 2009-03-09 15:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-11-19 13:28 . 2010-11-19 13:28 -------- d-----w- c:\programdata\CCP
2010-11-19 13:28 . 2010-11-19 13:28 -------- d-----w- c:\program files\CCP
2010-11-18 21:05 . 2010-11-18 21:05 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2010-11-18 21:05 . 2010-11-18 21:05 -------- d-----w- c:\program files\Norton PC Checkup
2010-11-18 18:19 . 2010-11-18 18:19 -------- d-----w- c:\programdata\ReviverSoft
2010-11-18 17:53 . 2010-11-18 17:53 -------- d-----w- c:\program files\iPod
2010-11-18 17:53 . 2010-11-18 17:54 -------- d-----w- c:\program files\iTunes
2010-11-18 17:47 . 2010-11-22 22:58 -------- d-----w- c:\programdata\Soluto
2010-11-17 21:02 . 2010-11-30 00:05 -------- d-----w- c:\program files\WinMHR
2010-11-17 20:41 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-17 20:41 . 2010-11-17 20:41 -------- d-----w- c:\programdata\Malwarebytes
2010-11-17 20:41 . 2010-11-17 20:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-17 20:41 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-17 20:35 . 2010-11-17 20:35 -------- d-----w- c:\programdata\WEBREG
2010-11-16 22:55 . 2008-10-24 11:48 321536 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll
2010-11-16 20:07 . 2010-11-24 18:20 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-11-16 10:54 . 2010-11-16 10:54 -------- d-----w- c:\programdata\HP Product Assistant
2010-11-10 20:52 . 2010-08-12 11:46 758784 ----a-w- c:\windows\system32\cohelper.dll
2010-11-10 17:29 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-10 17:29 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-10 17:29 . 2010-11-26 22:45 -------- dc----w- c:\windows\system32\DRVSTORE
2010-11-10 17:28 . 2010-11-10 17:29 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-10 17:24 . 2010-11-10 17:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-11-10 17:24 . 2010-11-10 17:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-11-10 17:24 . 2010-11-10 17:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-11-10 17:24 . 2010-11-10 17:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-11-10 17:24 . 2010-11-10 17:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-11-10 17:24 . 2010-11-10 17:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-11-10 17:24 . 2010-11-10 17:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-11-10 17:23 . 2010-11-10 17:24 -------- d-----w- c:\program files\QuickTime
2010-11-10 17:23 . 2010-11-18 17:53 -------- d-----w- c:\programdata\Apple Computer
2010-11-10 17:22 . 2010-11-10 17:22 -------- d-----w- c:\program files\Apple Software Update
2010-11-10 17:18 . 2010-11-18 17:53 -------- d-----w- c:\program files\Common Files\Apple
2010-11-10 17:18 . 2010-11-10 17:18 -------- d-----w- c:\programdata\Apple
2010-11-10 10:42 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-09 19:34 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-11-09 19:34 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2010-11-09 19:34 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2010-11-09 19:34 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2010-11-09 19:29 . 2010-11-09 19:29 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-11-09 19:23 . 2010-11-09 19:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-09 18:28 . 2010-11-09 18:28 -------- d-----w- c:\program files\Windows Portable Devices
2010-11-09 18:21 . 2010-09-07 20:09 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-11-09 18:21 . 2010-09-07 20:09 65640 ----a-w- c:\windows\system32\nvapo32v.dll
2010-11-09 18:21 . 2010-09-07 20:08 123496 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-11-09 18:21 . 2010-09-07 20:08 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-11-09 17:29 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-11-09 17:29 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-11-09 17:29 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-11-09 17:28 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2010-11-09 17:28 . 2009-09-24 22:54 258048 ----a-w- c:\windows\system32\winspool.drv
2010-11-09 17:28 . 2009-09-25 01:27 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-11-09 17:28 . 2009-09-25 01:27 37888 ----a-w- c:\windows\system32\cdd.dll
2010-11-09 17:26 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-11-09 17:26 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-11-09 17:26 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-11-09 17:26 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-11-09 17:26 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-11-09 17:26 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-11-09 17:26 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-11-09 17:26 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-11-09 17:26 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-11-09 17:26 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-11-09 17:26 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-11-09 17:26 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-11-09 17:26 . 2009-10-01 01:01 227840 ----a-w- c:\windows\system32\drivers\UMDF\WpdFs.dll
2010-11-09 17:25 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-11-09 17:25 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-11-09 17:25 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-11-09 00:06 . 2010-11-09 00:06 -------- d-----w- c:\windows\system32\ca-ES
2010-11-09 00:06 . 2010-11-09 00:06 -------- d-----w- c:\windows\system32\eu-ES
2010-11-09 00:06 . 2010-11-09 00:06 -------- d-----w- c:\windows\system32\vi-VN
2010-11-08 23:34 . 2008-10-24 02:35 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-11-08 23:34 . 2008-10-24 11:48 118272 ----a-w- c:\windows\system32\hpz3l696.dll
2010-11-08 23:34 . 2008-10-24 02:34 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2010-11-08 23:34 . 2008-10-24 02:34 309760 ----a-w- c:\windows\system32\difxapi.dll
2010-11-08 23:34 . 2008-10-24 02:34 737280 ----a-w- c:\windows\system32\hposwia_p01a.dll
2010-11-08 23:34 . 2008-10-24 02:34 974848 ----a-w- c:\windows\system32\hpost_p01a.dll
2010-11-08 23:34 . 2008-10-24 02:34 307200 ----a-w- c:\windows\system32\hposc_p01a.dll
2010-11-08 23:33 . 2010-11-08 23:33 -------- d-----w- c:\program files\Common Files\HP
2010-11-08 23:33 . 2010-11-08 23:33 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-11-08 23:27 . 2010-11-08 23:27 -------- d-----w- c:\windows\system32\EventProviders
2010-11-08 23:25 . 2010-11-17 19:46 -------- d-----w- c:\programdata\HP
2010-11-08 23:24 . 2010-11-08 23:24 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-11-08 22:59 . 2010-11-08 22:59 -------- d-----w- c:\programdata\Symantec
2010-11-08 22:07 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-11-08 22:05 . 2009-04-11 06:28 978432 ----a-w- c:\windows\system32\drmv2clt.dll
2010-11-08 22:04 . 2009-04-11 06:28 2012160 ----a-w- c:\windows\system32\milcore.dll
2010-11-08 22:03 . 2009-04-11 06:28 67584 ----a-w- c:\windows\system32\slwmi.dll
2010-11-08 22:02 . 2009-04-11 06:28 311808 ----a-w- c:\windows\system32\swprv.dll
2010-11-08 22:01 . 2009-04-11 06:32 149480 ----a-w- c:\windows\system32\drivers\pci.sys
2010-11-08 22:00 . 2009-04-11 06:28 223232 ----a-w- c:\windows\system32\mswsock.dll
2010-11-08 21:59 . 2009-04-11 06:28 140800 ----a-w- c:\windows\system32\wusa.exe
2010-11-08 21:58 . 2009-04-11 06:28 306176 ----a-w- c:\windows\system32\scesrv.dll
2010-11-08 21:57 . 2010-11-08 21:57 -------- d-----w- c:\program files\Trusteer
2010-11-08 21:57 . 2009-04-11 04:45 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2010-11-08 21:55 . 2009-04-11 06:28 178176 ----a-w- c:\windows\system32\credui.dll
2010-11-08 21:54 . 2009-04-11 04:42 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2010-11-08 21:54 . 2009-04-11 04:46 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2010-11-08 21:54 . 2009-04-11 05:42 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2010-11-08 21:54 . 2009-04-11 04:42 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-11-08 21:54 . 2009-04-11 04:46 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2010-11-08 21:54 . 2009-04-11 04:46 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2010-11-08 21:54 . 2009-04-11 06:22 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 01:33 . 2008-10-29 04:50 1053232 ----a-w- c:\windows\system32\MFC71u.dll
2010-11-08 01:33 . 2008-08-06 22:29 353840 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-08 01:33 . 2008-08-06 22:27 505392 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-08 01:33 . 2008-10-29 04:50 1066544 ----a-w- c:\windows\system32\MFC71.dll
2010-11-08 01:32 . 2008-10-29 05:03 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-10-16 18:55 . 2010-11-08 21:44 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-10-16 18:55 . 2009-07-23 21:01 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55 . 2009-07-23 21:01 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 12:42 . 2010-10-16 12:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 12:42 . 2010-10-16 12:42 279144 ----a-w- c:\windows\system32\nvhotkey.dll
2010-10-16 12:42 . 2010-10-16 12:42 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-10-16 12:42 . 2010-10-16 12:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 12:42 . 2010-10-16 12:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 12:42 . 2010-10-16 12:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll
2010-09-08 11:17 . 2010-09-08 11:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 11:17 . 2010-09-08 11:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMHR"="c:\program files\WinMHR\WinMHR.exe" [2010-11-23 779528]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Winsonar"="c:\users\nunakin\AppData\Local\Winsonar\winsonar.exe" [2010-04-12 549888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backupExtension=.CommonStartup
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
[HKLM\~\startupfolder\C:^Users^nunakin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\nunakin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backupExtension=.Startup
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 10:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 00:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 01:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 11:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-06-13 18:11 210216 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ProSecur;ProSecur;c:\program files\Real-time Defender Professional\ProSecur.sys
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-09-19 72808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2010-11-04 58472]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2010-01-20 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2010-01-20 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-11-08 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101124.002\IDSvix86.sys [2010-10-19 353840]
S1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_19917.sys [2010-11-04 34792]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2010-11-04 62568]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-11-04 156776]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2010-10-14 2806000]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-01-20 117640]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.6.11\SymcPCCULaunchSvc.exe [2010-09-16 115056]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.6.11\ccSvcHst.exe [2009-08-24 126392]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-11-04 763112]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-07 102448]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2010-01-20 48688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-11-30 c:\windows\Tasks\User_Feed_Synchronization-{EFA01BA6-A925-482B-9DB1-353BCBD509F3}.job
- c:\windows\system32\msfeedssync.exe [2010-11-08 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\nunakin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Extension: Team Cymru's MHR:
[email protected] - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\
[email protected]FF - Extension: BrowserProtect:
[email protected] - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\
[email protected]FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\users\nunakin\AppData\Roaming\Mozilla\Firefox\Profiles\u4jxz356.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-11-30 01:46
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.6.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.6.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-30 01:49:27
ComboFix-quarantined-files.txt 2010-11-30 01:49
ComboFix2.txt 2010-11-30 00:52
Pre-Run: 104,517,369,856 bytes free
Post-Run: 104,484,818,944 bytes free
- - End Of File - - 2EB4917E6D497E451451B29B46493475
screen 317 test log Results of screen317's Security Check version 0.99.6
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check: Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update. ```````````````````````````````
Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Java(TM) 6 Update 7
Out of date Java installed! Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Mozilla Firefox (3.6.12)
````````````````````````````````
Process Check:
objlist.exe by Laurent Norton ccSvcHst.exe
Emsisoft Anti-Malware a2service.exe
````````````````````````````````
DNS Vulnerability Check: Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?) ``````````End of Log```````````` last thing busy lately and did scans yesterday so maybe a bit confused but i ran a screen 317 test i think in safe mode but didnt save log where it said the dns vulnerability was ok this one is different thought can run another if necessary. I am not on a wireless router it is wired.