Installed IE8 trying to fix problem. Many good things coming from our exchanges so far as thanks to your excellent guidance on scans, I have now rectified two serious problems. My pc had no recovery console and my external Lacie Porsche hard drive (K) was not being recognised by system. Drivers now installed. Many thanks.
Resolved Hidden Internet Explorer
- Thread starter netjock
- Start date
- Status
esults of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 20
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3.3
Mozilla Firefox (3.6.6)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 20
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3.3
Mozilla Firefox (3.6.6)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
Bobbye
Posts: 16,313 +36
About the Security Check: It appears you have the paid AdAware. That comes with an app called AdWatch which runs in Real Time. You also have Tea Timer running from Spybot S&D, which also runs in Real Time. My recommendation is to disable both of them-or-if you don't want to do that, run eitherAdWatch or Tea Timer, but not both. Any 'real time' program has the potential for causing a conflict- having 2 programs basically trying to do the same thing just double that possibility.
AVG is gone- that sure was all over the system!
What is the problem you're having with the Combofix script? It is important to Save the script as CFScript.txt, in the same location as ComboFix.exe Then you follow the Drag animation. At what point are you having the problem?
Don't worry about the logs- it was so strange that there was a 'run' on Word Wrap!
AVG is gone- that sure was all over the system!
What is the problem you're having with the Combofix script? It is important to Save the script as CFScript.txt, in the same location as ComboFix.exe Then you follow the Drag animation. At what point are you having the problem?
Don't worry about the logs- it was so strange that there was a 'run' on Word Wrap!
Hi Bobbye. Hope you are well. New AdAware downloaded a couple of days ago seems to offer live Adwatch free. Turned it off as you suggested for latest scans. Think I'm getting there slowly with ComboFix dragging and enclose latest log, in two parts, which seems to wipe out old Macafee traces. Not certain AVG has gone though as Windows Security Center still has it running when I turn off Norton. The dialogue continues to have great benefits as I have now discovered through running your suggested scans that my wirelesly attached laptop had had it's Security Center mysteriously disabled and there were more than 400 instances of Rogue.RegTool, now quarantined.
ComboFix 10-07-07.02 - HP_Owner 09/07/2010 0:42.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.377 [GMT 1:00]
Running from: c:\documents and settings\HP_Owner\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\My Documents\CFScript..txt
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FILE ::
"c:\windows\system32\DRIVERS\avgfwdx.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\~0
c:\documents and settings\All Users\Application Data\McAfee
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\Common\McCHSvc\McCHSvc000.log
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\McUICnt\McUICnt\McUICnt000.log
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\McCHSvc\McCHSvc000.log
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\McUICnt\McUICnt000.log
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\SecurityScanner\McUICnt\McUICnt000.log
c:\documents and settings\HP_Owner\Local Settings\Application Data\Sunbelt Software
c:\documents and settings\LocalService\Application Data\McAfee
c:\documents and settings\LocalService\Application Data\McAfee\sacore\sacore.db
c:\documents and settings\LocalService\Application Data\McAfee\sacore\sacore_cache.db
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Avgfwdx
-------\Service_Avgfwfd
((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.
2010-07-08 14:13 . 2010-07-08 14:13 -------- d-----w- c:\program files\ESET
2010-07-07 12:21 . 2010-07-06 17:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-07 08:11 . 2010-07-06 17:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-07 08:06 . 2010-07-07 08:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-07 08:06 . 2010-07-06 17:29 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-05 16:12 . 2003-11-26 13:02 11831 ----a-w- c:\windows\system32\drivers\SlUSBFlt.sys
2010-07-05 16:12 . 2001-10-19 11:07 13395 ----a-w- c:\windows\system32\drivers\SlFilter.sys
2010-07-05 16:12 . 2010-07-05 16:12 -------- d-----w- c:\program files\LaCieTools
2010-07-05 14:55 . 2010-07-05 14:55 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\ElevatedDiagnostics
2010-07-04 15:25 . 2010-07-04 15:25 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2010-07-04 15:25 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-04 15:25 . 2010-07-04 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-04 15:25 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 15:25 . 2010-07-04 15:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 18:24 . 2010-07-03 18:24 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Norton Utilities 14
2010-07-03 16:04 . 2010-07-03 16:06 -------- dc-h--w- c:\windows\ie8
2010-06-28 12:59 . 2010-06-28 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-28 11:12 . 2010-06-28 11:12 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abcc075-n\msvcp71.dll
2010-06-28 11:12 . 2010-06-28 11:12 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abcc075-n\jmc.dll
2010-06-28 11:12 . 2010-06-28 11:12 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abcc075-n\msvcr71.dll
2010-06-28 11:12 . 2010-06-28 11:12 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5c3b8747-n\decora-sse.dll
2010-06-28 11:12 . 2010-06-28 11:12 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5c3b8747-n\decora-d3d.dll
2010-06-28 11:12 . 2010-07-04 14:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-28 10:29 . 2010-06-28 10:29 -------- d-----w- c:\program files\NOS
2010-06-28 09:02 . 2010-06-28 09:03 -------- d-----w- c:\program files\QuickTime
2010-06-10 07:29 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 23:59 . 2007-04-14 17:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-08 14:03 . 2007-04-14 15:36 26246 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2010-07-07 23:53 . 2007-04-14 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-07 08:08 . 2007-04-14 13:44 -------- d-----w- c:\program files\Google
2010-07-07 08:05 . 2007-06-16 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-07 08:05 . 2007-04-15 10:29 -------- d-----w- c:\program files\Lavasoft
2010-07-06 13:03 . 2009-02-14 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-04 15:11 . 2007-04-14 15:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-04 14:59 . 2004-01-02 01:46 -------- d-----w- c:\program files\Common Files\Java
2010-07-04 14:54 . 2004-01-02 01:46 -------- d-----w- c:\program files\Java
2010-07-04 13:03 . 2009-01-19 14:31 -------- d-----w- c:\program files\Trend Micro
2010-07-04 11:36 . 2007-04-14 17:58 -------- d-----w- c:\program files\SpywareBlaster
2010-07-03 18:22 . 2010-04-28 11:49 -------- d-----w- c:\program files\Norton Utilities 14
2010-06-28 14:51 . 2010-04-28 09:57 -------- d-----w- c:\program files\NortonInstaller
2010-06-28 14:51 . 2008-11-28 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-28 10:33 . 2009-11-05 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-28 09:02 . 2004-01-02 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-07 17:07 . 2010-06-07 17:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll
2010-06-06 00:23 . 2010-06-06 00:23 339968 ----a-w- c:\windows\system32\RapportBuka.dll
2010-06-04 22:54 . 2009-08-10 19:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-17 10:40 . 2007-04-24 14:15 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Canon
2010-05-15 11:23 . 2007-07-07 08:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 10:41 . 2007-04-14 19:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2007-04-14 19:22 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 12:29 . 2007-04-14 15:49 44888 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-28 10:05 . 2010-04-28 10:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-28 10:05 . 2010-04-28 10:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-20 05:30 . 2007-04-14 19:16 285696 ----a-w- c:\windows\system32\atmfd.dll
2008-06-30 12:44 . 2008-10-20 15:48 324976 ------w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-10-15 06:55 . 2007-05-09 12:13 122880 ------w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2005-02-02 13:55 . 2007-04-14 19:42 0 -csh--w- c:\windows\SMINST\HPCD.SYS
.
((((((((((((((((((((((((((((( SnapShot@2010-07-07_13.05.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-08 16:11 . 2010-07-08 16:11 16384 c:\windows\Temp\Perflib_Perfdata_6f0.dat
+ 2010-07-08 23:57 . 2010-07-08 23:57 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat
.
(
ComboFix 10-07-07.02 - HP_Owner 09/07/2010 0:42.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.377 [GMT 1:00]
Running from: c:\documents and settings\HP_Owner\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\My Documents\CFScript..txt
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FILE ::
"c:\windows\system32\DRIVERS\avgfwdx.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\~0
c:\documents and settings\All Users\Application Data\McAfee
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\Common\McCHSvc\McCHSvc000.log
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\McUICnt\McUICnt\McUICnt000.log
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\McCHSvc\McCHSvc000.log
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\McUICnt\McUICnt000.log
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\SecurityScanner\McUICnt\McUICnt000.log
c:\documents and settings\HP_Owner\Local Settings\Application Data\Sunbelt Software
c:\documents and settings\LocalService\Application Data\McAfee
c:\documents and settings\LocalService\Application Data\McAfee\sacore\sacore.db
c:\documents and settings\LocalService\Application Data\McAfee\sacore\sacore_cache.db
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Avgfwdx
-------\Service_Avgfwfd
((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.
2010-07-08 14:13 . 2010-07-08 14:13 -------- d-----w- c:\program files\ESET
2010-07-07 12:21 . 2010-07-06 17:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-07 08:11 . 2010-07-06 17:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-07 08:06 . 2010-07-07 08:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-07 08:06 . 2010-07-06 17:29 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-05 16:12 . 2003-11-26 13:02 11831 ----a-w- c:\windows\system32\drivers\SlUSBFlt.sys
2010-07-05 16:12 . 2001-10-19 11:07 13395 ----a-w- c:\windows\system32\drivers\SlFilter.sys
2010-07-05 16:12 . 2010-07-05 16:12 -------- d-----w- c:\program files\LaCieTools
2010-07-05 14:55 . 2010-07-05 14:55 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\ElevatedDiagnostics
2010-07-04 15:25 . 2010-07-04 15:25 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2010-07-04 15:25 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-04 15:25 . 2010-07-04 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-04 15:25 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 15:25 . 2010-07-04 15:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 18:24 . 2010-07-03 18:24 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Norton Utilities 14
2010-07-03 16:04 . 2010-07-03 16:06 -------- dc-h--w- c:\windows\ie8
2010-06-28 12:59 . 2010-06-28 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-28 11:12 . 2010-06-28 11:12 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abcc075-n\msvcp71.dll
2010-06-28 11:12 . 2010-06-28 11:12 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abcc075-n\jmc.dll
2010-06-28 11:12 . 2010-06-28 11:12 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abcc075-n\msvcr71.dll
2010-06-28 11:12 . 2010-06-28 11:12 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5c3b8747-n\decora-sse.dll
2010-06-28 11:12 . 2010-06-28 11:12 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5c3b8747-n\decora-d3d.dll
2010-06-28 11:12 . 2010-07-04 14:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-28 10:29 . 2010-06-28 10:29 -------- d-----w- c:\program files\NOS
2010-06-28 09:02 . 2010-06-28 09:03 -------- d-----w- c:\program files\QuickTime
2010-06-10 07:29 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 23:59 . 2007-04-14 17:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-08 14:03 . 2007-04-14 15:36 26246 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2010-07-07 23:53 . 2007-04-14 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-07 08:08 . 2007-04-14 13:44 -------- d-----w- c:\program files\Google
2010-07-07 08:05 . 2007-06-16 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-07 08:05 . 2007-04-15 10:29 -------- d-----w- c:\program files\Lavasoft
2010-07-06 13:03 . 2009-02-14 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-04 15:11 . 2007-04-14 15:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-04 14:59 . 2004-01-02 01:46 -------- d-----w- c:\program files\Common Files\Java
2010-07-04 14:54 . 2004-01-02 01:46 -------- d-----w- c:\program files\Java
2010-07-04 13:03 . 2009-01-19 14:31 -------- d-----w- c:\program files\Trend Micro
2010-07-04 11:36 . 2007-04-14 17:58 -------- d-----w- c:\program files\SpywareBlaster
2010-07-03 18:22 . 2010-04-28 11:49 -------- d-----w- c:\program files\Norton Utilities 14
2010-06-28 14:51 . 2010-04-28 09:57 -------- d-----w- c:\program files\NortonInstaller
2010-06-28 14:51 . 2008-11-28 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-28 10:33 . 2009-11-05 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-28 09:02 . 2004-01-02 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-07 17:07 . 2010-06-07 17:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll
2010-06-06 00:23 . 2010-06-06 00:23 339968 ----a-w- c:\windows\system32\RapportBuka.dll
2010-06-04 22:54 . 2009-08-10 19:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-17 10:40 . 2007-04-24 14:15 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Canon
2010-05-15 11:23 . 2007-07-07 08:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 10:41 . 2007-04-14 19:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2007-04-14 19:22 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 12:29 . 2007-04-14 15:49 44888 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-28 10:05 . 2010-04-28 10:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-28 10:05 . 2010-04-28 10:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-20 05:30 . 2007-04-14 19:16 285696 ----a-w- c:\windows\system32\atmfd.dll
2008-06-30 12:44 . 2008-10-20 15:48 324976 ------w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-10-15 06:55 . 2007-05-09 12:13 122880 ------w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2005-02-02 13:55 . 2007-04-14 19:42 0 -csh--w- c:\windows\SMINST\HPCD.SYS
.
((((((((((((((((((((((((((((( SnapShot@2010-07-07_13.05.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-08 16:11 . 2010-07-08 16:11 16384 c:\windows\Temp\Perflib_Perfdata_6f0.dat
+ 2010-07-08 23:57 . 2010-07-08 23:57 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat
.
(
ComboFix Part 2
(((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-14 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-07-03 4105576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-10 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-07 8720384]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
backup=c:\windows\pss\BT Broadband Help.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check(3).lnk]
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(3).lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-07-06 17:28 864112 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 17:06 88363 ------w- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 12:47 57344 ------w- c:\windows\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMLite8AgentLaCie]
2008-09-18 08:05 189056 ----a-w- c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-10-15 06:55 29744 ------w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 16:04 52736 ------w- c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2004-04-21 18:28 286720 ------w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2004-12-09 11:02 421888 ------w- c:\progra~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2007-12-07 07:33 8720384 ------w- c:\program files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-17 00:07 8491008 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-17 00:07 81920 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-09-17 00:07 1626112 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 11:00 49152 ------w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-10-16 16:57 81920 ------w- c:\windows\system32\ps2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-14 20:43 233472 ------w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
2004-05-20 09:47 249856 ------w- c:\windows\system32\Keyhook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAP]
2004-02-17 09:19 536576 ------w- c:\program files\Arcadyan Wireless\NetCfgWizard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-14 17:00 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-10 08:56 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
2004-07-30 10:41 192512 ------w- c:\program files\InterVideo\Common\Bin\WinRemote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless SoftAP]
2004-02-17 09:20 667648 ------w- c:\program files\Arcadyan Wireless\Configuration\SoftAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2005-08-31 16:11 2478080 ------w- c:\progra~1\Yahoo!\MESSEN~1\ypager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2003-12-09 11:03 57344 ------w- c:\progra~1\Yahoo!\browser\ybrwicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/07/2010 09:11 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [25/05/2010 12:47 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [25/05/2010 12:47 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [23/06/2010 08:46 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [25/05/2010 12:47 501888]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [24/02/2010 11:29 390528]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [07/06/2010 18:07 59240]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/06/2010 18:07 166632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [25/05/2010 12:47 116784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [06/07/2010 18:28 1352832]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [25/05/2010 12:46 126392]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe [29/04/2010 14:53 103280]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe [29/04/2010 14:53 126392]
R2 PCTWPASV;SoftAP WPA Authenticator Service;c:\program files\Arcadyan Wireless\pctwpasv.exe [30/01/2004 13:59 204800]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/06/2010 18:07 840936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/05/2010 21:24 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100707.001\IDSXpx86.sys [08/07/2010 08:49 331640]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [02/01/2004 03:19 24608]
R3 SlUSBFlt;Silver USB Filter (USB BUS Filter Driver);c:\windows\system32\drivers\SlUSBFlt.sys [05/07/2010 17:12 11831]
S2 gupdate1c995ce4d4e0972;Google Update Service (gupdate1c995ce4d4e0972);c:\program files\Google\Update\GoogleUpdate.exe [23/02/2009 16:49 133104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [14/04/2007 16:47 29744]
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [02/01/2004 03:17 350282]
S3 SlFilter;Silver 1394 Filter (1394 BUS Filter Driver);c:\windows\system32\drivers\SlFilter.sys [05/07/2010 17:12 13395]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-07-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 17:28]
2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-07-02 c:\windows\Tasks\backup.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\backup.bks [2007-04-21 12:07]
2010-07-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2010-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-14 09:47]
2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 15:49]
2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 15:49]
2010-07-09 c:\windows\Tasks\User_Feed_Synchronization-{9D80D5D8-9F2E-425B-845E-2C7851F5F049}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\390w2b2o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rlz=1R0GGIC_en
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\390w2b2o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 00:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
--
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.2.547\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-468578920-4183780032-2647741159-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(6600)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\System32\GEARSec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-07-09 01:06:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-09 00:06
ComboFix2.txt 2010-07-08 23:16
ComboFix3.txt 2010-07-08 11:27
ComboFix4.txt 2010-07-07 13:09
Pre-Run: 145,144,606,720 bytes free
Post-Run: 145,147,580,416 bytes free
- - End Of File - - 840CD49F60EF8ED2BEACF07DD55634BC
Kind Regards.
(((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-14 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-07-03 4105576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-10 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-07 8720384]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
backup=c:\windows\pss\BT Broadband Help.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check(3).lnk]
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(3).lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-07-06 17:28 864112 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 17:06 88363 ------w- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 12:47 57344 ------w- c:\windows\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMLite8AgentLaCie]
2008-09-18 08:05 189056 ----a-w- c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-10-15 06:55 29744 ------w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 16:04 52736 ------w- c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2004-04-21 18:28 286720 ------w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2004-12-09 11:02 421888 ------w- c:\progra~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2007-12-07 07:33 8720384 ------w- c:\program files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-17 00:07 8491008 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-17 00:07 81920 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-09-17 00:07 1626112 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 11:00 49152 ------w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-10-16 16:57 81920 ------w- c:\windows\system32\ps2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-14 20:43 233472 ------w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
2004-05-20 09:47 249856 ------w- c:\windows\system32\Keyhook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAP]
2004-02-17 09:19 536576 ------w- c:\program files\Arcadyan Wireless\NetCfgWizard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-14 17:00 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-10 08:56 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
2004-07-30 10:41 192512 ------w- c:\program files\InterVideo\Common\Bin\WinRemote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless SoftAP]
2004-02-17 09:20 667648 ------w- c:\program files\Arcadyan Wireless\Configuration\SoftAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2005-08-31 16:11 2478080 ------w- c:\progra~1\Yahoo!\MESSEN~1\ypager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2003-12-09 11:03 57344 ------w- c:\progra~1\Yahoo!\browser\ybrwicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/07/2010 09:11 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [25/05/2010 12:47 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [25/05/2010 12:47 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [23/06/2010 08:46 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [25/05/2010 12:47 501888]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [24/02/2010 11:29 390528]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [07/06/2010 18:07 59240]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/06/2010 18:07 166632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [25/05/2010 12:47 116784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [06/07/2010 18:28 1352832]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [25/05/2010 12:46 126392]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe [29/04/2010 14:53 103280]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe [29/04/2010 14:53 126392]
R2 PCTWPASV;SoftAP WPA Authenticator Service;c:\program files\Arcadyan Wireless\pctwpasv.exe [30/01/2004 13:59 204800]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/06/2010 18:07 840936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/05/2010 21:24 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100707.001\IDSXpx86.sys [08/07/2010 08:49 331640]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [02/01/2004 03:19 24608]
R3 SlUSBFlt;Silver USB Filter (USB BUS Filter Driver);c:\windows\system32\drivers\SlUSBFlt.sys [05/07/2010 17:12 11831]
S2 gupdate1c995ce4d4e0972;Google Update Service (gupdate1c995ce4d4e0972);c:\program files\Google\Update\GoogleUpdate.exe [23/02/2009 16:49 133104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [14/04/2007 16:47 29744]
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [02/01/2004 03:17 350282]
S3 SlFilter;Silver 1394 Filter (1394 BUS Filter Driver);c:\windows\system32\drivers\SlFilter.sys [05/07/2010 17:12 13395]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-07-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 17:28]
2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-07-02 c:\windows\Tasks\backup.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\backup.bks [2007-04-21 12:07]
2010-07-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2010-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-14 09:47]
2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 15:49]
2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 15:49]
2010-07-09 c:\windows\Tasks\User_Feed_Synchronization-{9D80D5D8-9F2E-425B-845E-2C7851F5F049}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\390w2b2o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rlz=1R0GGIC_en
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\390w2b2o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 00:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
--
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.2.547\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-468578920-4183780032-2647741159-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(6600)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\System32\GEARSec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-07-09 01:06:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-09 00:06
ComboFix2.txt 2010-07-08 23:16
ComboFix3.txt 2010-07-08 11:27
ComboFix4.txt 2010-07-07 13:09
Pre-Run: 145,144,606,720 bytes free
Post-Run: 145,147,580,416 bytes free
- - End Of File - - 840CD49F60EF8ED2BEACF07DD55634BC
Kind Regards.
Here's the latest Security Check log:
Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
Norton Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 20
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3.3
Mozilla Firefox (3.6.6)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
Norton Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 20
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3.3
Mozilla Firefox (3.6.6)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
Thought things were moving along too well. Just experienced first system crash.On reboot message appeared saying Windows closed unexpectedly due to recent hardware or software change. Then after sign in, pop up appeared with New Hardware Wizard. Checked cancel as I have not installed anything new. Balloon in bottom left of screen then popped up warning that problem occurred during new hardware installation which could affect running of my pc. Ignored.
Event viewer with System showing a Dhcp Error 1002 IP address lease for network card address denied and security log registering log on failure unknown user name r bad password..
Also AVG still showing as running antivirus in the background in Security Center. Please help
Event viewer with System showing a Dhcp Error 1002 IP address lease for network card address denied and security log registering log on failure unknown user name r bad password..
Also AVG still showing as running antivirus in the background in Security Center. Please help
Bobbye
Posts: 16,313 +36
Where is AVG showing running? Have you rebooted the computer since I moved the AVG processes?
Security log shows as Pass or Fail security audit. Events in system and Apps have the type of info you left.
Double click on the Error to open. Click on Copy button, paste the Error information here.
Problem getting IP is fairly frequent, especially when servers are busy. Dhcp Error 1002 isn't related to the new hardware problem and I don't think either of these problems is related to malware.
I'll go over the Combofix report and see if I need to move and files with script and will get back to you. Please open NotePad> Format> uncheck Word Wrap before running any other program with log.
Security log shows as Pass or Fail security audit. Events in system and Apps have the type of info you left.
Double click on the Error to open. Click on Copy button, paste the Error information here.
Problem getting IP is fairly frequent, especially when servers are busy. Dhcp Error 1002 isn't related to the new hardware problem and I don't think either of these problems is related to malware.
I'll go over the Combofix report and see if I need to move and files with script and will get back to you. Please open NotePad> Format> uncheck Word Wrap before running any other program with log.
Hi Bobbye. Many thanks again for your time and expertise. The only indication I have that AVG is running is from Security Center when I turn off Norton. Nothing in task manager nor search where only the removal tool you sent me and three items in folder Qoobox/Quarantine.are showing. Theses are Notify-Avgrstarter, Service-Avgfwdx.reg and Notigy Avgfwfd.reg. Complete mystery.
Yes, I have rebooted several times since you moved AVG processes. Never leave my pc on when not in use. Environmentally aware, or maybe just a penny-pinching Scotsman.
Here is one of the many security locks I get every day. Nearest to the crash, I believe.
L
ogon Failure:
Reason: Unknown user name or bad password
User Name: HP_Owner
Domain: YOUR-D65BBC6695
Logon Type: 2
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: YOUR-D65BBC6695
And here is the Systems error from same time:
The IP address lease 192.168.0.2 for the Network Card with network address 00112FA1C86D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message)
Do I need to send you a fresh XomboFix log?
Kind regards and many thanks again.
Yes, I have rebooted several times since you moved AVG processes. Never leave my pc on when not in use. Environmentally aware, or maybe just a penny-pinching Scotsman.
Here is one of the many security locks I get every day. Nearest to the crash, I believe.
L
ogon Failure:
Reason: Unknown user name or bad password
User Name: HP_Owner
Domain: YOUR-D65BBC6695
Logon Type: 2
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: YOUR-D65BBC6695
And here is the Systems error from same time:
The IP address lease 192.168.0.2 for the Network Card with network address 00112FA1C86D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message)
Do I need to send you a fresh XomboFix log?
Kind regards and many thanks again.
That's that then. AVG still on pc and running unwanted live monitoring. Some unknown agent disconnected my K drive LaCie by Porsche backup external drive, cannot email or send photo files to the web and Norton Utilities restore dates are infuriatingly useless. Appreciated greatly the unpaid assistance from Techspot friends, but sadly I seem to be in a greater mess than when first posted. 
(
(
Bobbye
Posts: 16,313 +36
Go ahead and run Combofix again. You can delete the previous logs on the desktop- not the program, just the logs. I will be able to see by date what is going on. It's difficult to assess when there appear to be ongoing system problems also.
Let me know please if you are still experiencing the 'hidden Internet Explorer' in your subject. I don't want to know what Spybot says- it's what you're seeing.
One of the deleted entries in the original Combofix log indicate a possible infection on and from a flash drive.
Let me know please if you are still experiencing the 'hidden Internet Explorer' in your subject. I don't want to know what Spybot says- it's what you're seeing.
One of the deleted entries in the original Combofix log indicate a possible infection on and from a flash drive.
Hi Bobbye. Hope you are well. Here is the updated ComboFix you requested. Coming in two parts.
ComboFix 10-07-15.05 - HP_Owner 17/07/2010 15:24:37.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.388 [GMT 1:00]
Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 )))))))))))))))))))))))))))))))
.
2010-07-15 05:27 . 2010-07-15 05:27 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\WinBatch
2010-07-14 07:19 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 22:37 . 2010-07-09 22:37 655360 ----a-w- c:\documents and settings\HP_Owner\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-07-09 22:37 . 2010-07-09 22:37 282624 ----a-w- c:\documents and settings\HP_Owner\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-07-09 22:37 . 2010-07-09 22:37 208896 ----a-w- c:\documents and settings\HP_Owner\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-07-07 12:21 . 2010-07-06 17:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-07 08:11 . 2010-07-06 17:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-07 08:06 . 2010-07-07 08:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-07 08:06 . 2010-07-06 17:29 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-05 16:12 . 2003-11-26 13:02 11831 ----a-w- c:\windows\system32\drivers\SlUSBFlt.sys
2010-07-05 16:12 . 2001-10-19 11:07 13395 ----a-w- c:\windows\system32\drivers\SlFilter.sys
2010-07-05 16:12 . 2010-07-05 16:12 -------- d-----w- c:\program files\LaCieTools
2010-07-05 14:55 . 2010-07-05 14:55 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\ElevatedDiagnostics
2010-07-04 15:25 . 2010-07-04 15:25 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2010-07-04 15:25 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-04 15:25 . 2010-07-04 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-04 15:25 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 15:25 . 2010-07-04 15:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 18:24 . 2010-07-03 18:24 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Norton Utilities 14
2010-07-03 16:04 . 2010-07-03 16:06 -------- dc-h--w- c:\windows\ie8
2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll
2010-06-28 12:59 . 2010-06-28 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-28 11:12 . 2010-06-28 11:12 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abcc075-n\msvcp71.dll
2010-06-28 11:12 . 2010-06-28 11:12 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abcc075-n\jmc.dll
2010-06-28 11:12 . 2010-06-28 11:12 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abcc075-n\msvcr71.dll
2010-06-28 11:12 . 2010-06-28 11:12 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5c3b8747-n\decora-sse.dll
2010-06-28 11:12 . 2010-06-28 11:12 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5c3b8747-n\decora-d3d.dll
2010-06-28 11:12 . 2010-07-04 14:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-28 10:29 . 2010-06-28 10:29 -------- d-----w- c:\program files\NOS
2010-06-28 09:02 . 2010-06-28 09:03 -------- d-----w- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 14:20 . 2007-04-14 15:36 26396 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2010-07-17 12:57 . 2007-04-14 17:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-16 15:43 . 2007-04-14 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-15 23:41 . 2009-07-26 17:41 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Spotify
2010-07-13 15:49 . 2010-04-28 11:49 -------- d-----w- c:\program files\Norton Utilities 14
2010-07-07 08:08 . 2007-04-14 13:44 -------- d-----w- c:\program files\Google
2010-07-07 08:05 . 2007-06-16 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-07 08:05 . 2007-04-15 10:29 -------- d-----w- c:\program files\Lavasoft
2010-07-06 13:03 . 2009-02-14 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-04 15:11 . 2007-04-14 15:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-04 14:59 . 2004-01-02 01:46 -------- d-----w- c:\program files\Common Files\Java
2010-07-04 14:54 . 2004-01-02 01:46 -------- d-----w- c:\program files\Java
2010-07-04 13:03 . 2009-01-19 14:31 -------- d-----w- c:\program files\Trend Micro
2010-07-04 11:36 . 2007-04-14 17:58 -------- d-----w- c:\program files\SpywareBlaster
2010-06-28 14:51 . 2010-04-28 09:57 -------- d-----w- c:\program files\NortonInstaller
2010-06-28 14:51 . 2008-11-28 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-28 10:33 . 2009-11-05 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-28 09:02 . 2004-01-02 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-14 14:31 . 2007-04-14 19:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-06 00:23 . 2010-06-06 00:23 339968 ----a-w- c:\windows\system32\RapportBuka.dll
2010-06-04 22:54 . 2009-08-10 19:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-15 11:23 . 2007-07-07 08:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 10:41 . 2007-04-14 19:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2007-04-14 19:22 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 12:29 . 2007-04-14 15:49 44888 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-28 10:05 . 2010-04-28 10:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-28 10:05 . 2010-04-28 10:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-20 05:30 . 2007-04-14 19:16 285696 ----a-w- c:\windows\system32\atmfd.dll
2008-06-30 12:44 . 2008-10-20 15:48 324976 ------w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-10-15 06:55 . 2007-05-09 12:13 122880 ------w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2005-02-02 13:55 . 2007-04-14 19:42 0 -csh--w- c:\windows\SMINST\HPCD.SYS
.
ComboFix 10-07-15.05 - HP_Owner 17/07/2010 15:24:37.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.388 [GMT 1:00]
Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 )))))))))))))))))))))))))))))))
.
2010-07-15 05:27 . 2010-07-15 05:27 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\WinBatch
2010-07-14 07:19 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 22:37 . 2010-07-09 22:37 655360 ----a-w- c:\documents and settings\HP_Owner\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-07-09 22:37 . 2010-07-09 22:37 282624 ----a-w- c:\documents and settings\HP_Owner\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-07-09 22:37 . 2010-07-09 22:37 208896 ----a-w- c:\documents and settings\HP_Owner\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-07-07 12:21 . 2010-07-06 17:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-07 08:11 . 2010-07-06 17:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-07 08:06 . 2010-07-07 08:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-07 08:06 . 2010-07-06 17:29 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-05 16:12 . 2003-11-26 13:02 11831 ----a-w- c:\windows\system32\drivers\SlUSBFlt.sys
2010-07-05 16:12 . 2001-10-19 11:07 13395 ----a-w- c:\windows\system32\drivers\SlFilter.sys
2010-07-05 16:12 . 2010-07-05 16:12 -------- d-----w- c:\program files\LaCieTools
2010-07-05 14:55 . 2010-07-05 14:55 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\ElevatedDiagnostics
2010-07-04 15:25 . 2010-07-04 15:25 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2010-07-04 15:25 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-04 15:25 . 2010-07-04 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-04 15:25 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 15:25 . 2010-07-04 15:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 18:24 . 2010-07-03 18:24 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Norton Utilities 14
2010-07-03 16:04 . 2010-07-03 16:06 -------- dc-h--w- c:\windows\ie8
2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll
2010-06-28 12:59 . 2010-06-28 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-28 11:12 . 2010-06-28 11:12 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abcc075-n\msvcp71.dll
2010-06-28 11:12 . 2010-06-28 11:12 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abcc075-n\jmc.dll
2010-06-28 11:12 . 2010-06-28 11:12 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abcc075-n\msvcr71.dll
2010-06-28 11:12 . 2010-06-28 11:12 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5c3b8747-n\decora-sse.dll
2010-06-28 11:12 . 2010-06-28 11:12 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5c3b8747-n\decora-d3d.dll
2010-06-28 11:12 . 2010-07-04 14:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-28 10:29 . 2010-06-28 10:29 -------- d-----w- c:\program files\NOS
2010-06-28 09:02 . 2010-06-28 09:03 -------- d-----w- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 14:20 . 2007-04-14 15:36 26396 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2010-07-17 12:57 . 2007-04-14 17:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-16 15:43 . 2007-04-14 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-15 23:41 . 2009-07-26 17:41 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Spotify
2010-07-13 15:49 . 2010-04-28 11:49 -------- d-----w- c:\program files\Norton Utilities 14
2010-07-07 08:08 . 2007-04-14 13:44 -------- d-----w- c:\program files\Google
2010-07-07 08:05 . 2007-06-16 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-07 08:05 . 2007-04-15 10:29 -------- d-----w- c:\program files\Lavasoft
2010-07-06 13:03 . 2009-02-14 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-04 15:11 . 2007-04-14 15:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-04 14:59 . 2004-01-02 01:46 -------- d-----w- c:\program files\Common Files\Java
2010-07-04 14:54 . 2004-01-02 01:46 -------- d-----w- c:\program files\Java
2010-07-04 13:03 . 2009-01-19 14:31 -------- d-----w- c:\program files\Trend Micro
2010-07-04 11:36 . 2007-04-14 17:58 -------- d-----w- c:\program files\SpywareBlaster
2010-06-28 14:51 . 2010-04-28 09:57 -------- d-----w- c:\program files\NortonInstaller
2010-06-28 14:51 . 2008-11-28 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-28 10:33 . 2009-11-05 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-28 09:02 . 2004-01-02 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-14 14:31 . 2007-04-14 19:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-06 00:23 . 2010-06-06 00:23 339968 ----a-w- c:\windows\system32\RapportBuka.dll
2010-06-04 22:54 . 2009-08-10 19:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-15 11:23 . 2007-07-07 08:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 10:41 . 2007-04-14 19:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2007-04-14 19:22 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 12:29 . 2007-04-14 15:49 44888 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-28 10:05 . 2010-04-28 10:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-28 10:05 . 2010-04-28 10:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-20 05:30 . 2007-04-14 19:16 285696 ----a-w- c:\windows\system32\atmfd.dll
2008-06-30 12:44 . 2008-10-20 15:48 324976 ------w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-10-15 06:55 . 2007-05-09 12:13 122880 ------w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2005-02-02 13:55 . 2007-04-14 19:42 0 -csh--w- c:\windows\SMINST\HPCD.SYS
.
ComboFix (2)
((((((((((((((((((((((((((((( SnapShot@2010-07-07_13.05.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-17 12:43 . 2010-07-17 12:43 16384 c:\windows\Temp\Perflib_Perfdata_708.dat
+ 2010-07-17 12:41 . 2010-07-17 12:41 16384 c:\windows\Temp\Perflib_Perfdata_6ac.dat
+ 2007-09-21 08:59 . 2010-07-14 10:16 5788 c:\windows\system32\Restore\rstrlog.dat
+ 2009-11-05 08:56 . 2010-07-14 22:09 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe
- 2009-11-05 08:56 . 2010-06-15 10:37 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe
+ 2009-11-05 08:56 . 2010-07-14 22:09 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe
- 2009-11-05 08:56 . 2010-06-15 10:37 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe
- 2009-11-05 08:56 . 2010-06-15 10:37 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe
+ 2009-11-05 08:56 . 2010-07-14 22:09 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe
+ 2010-07-14 22:09 . 2010-07-14 22:09 1527296 c:\windows\Installer\16f4b.msi
+ 2007-04-14 14:26 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-14 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-07-03 4105576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-10 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-07 8720384]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
backup=c:\windows\pss\BT Broadband Help.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check(3).lnk]
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(3).lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-07-06 17:28 864112 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 17:06 88363 ------w- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 12:47 57344 ------w- c:\windows\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMLite8AgentLaCie]
2008-09-18 08:05 189056 ----a-w- c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-10-15 06:55 29744 ------w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 16:04 52736 ------w- c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2004-04-21 18:28 286720 ------w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2004-12-09 11:02 421888 ------w- c:\progra~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2007-12-07 07:33 8720384 ------w- c:\program files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-17 00:07 8491008 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-17 00:07 81920 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-09-17 00:07 1626112 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 11:00 49152 ------w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-10-16 16:57 81920 ------w- c:\windows\system32\ps2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-14 20:43 233472 ------w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
2004-05-20 09:47 249856 ------w- c:\windows\system32\Keyhook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAP]
2004-02-17 09:19 536576 ------w- c:\program files\Arcadyan Wireless\NetCfgWizard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-14 17:00 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-10 08:56 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
2004-07-30 10:41 192512 ------w- c:\program files\InterVideo\Common\Bin\WinRemote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless SoftAP]
2004-02-17 09:20 667648 ------w- c:\program files\Arcadyan Wireless\Configuration\SoftAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2005-08-31 16:11 2478080 ------w- c:\progra~1\Yahoo!\MESSEN~1\ypager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2003-12-09 11:03 57344 ------w- c:\progra~1\Yahoo!\browser\ybrwicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/07/2010 09:11 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [25/05/2010 12:47 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [25/05/2010 12:47 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [13/07/2010 08:38 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [25/05/2010 12:47 501888]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [24/02/2010 11:29 390528]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [25/05/2010 12:47 116784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [06/07/2010 18:28 1352832]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [25/05/2010 12:46 126392]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe [29/04/2010 14:53 103280]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe [29/04/2010 14:53 126392]
R2 PCTWPASV;SoftAP WPA Authenticator Service;c:\program files\Arcadyan Wireless\pctwpasv.exe [30/01/2004 13:59 204800]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/05/2010 21:24 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100716.001\IDSXpx86.sys [16/07/2010 23:20 331640]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [02/01/2004 03:19 24608]
R3 SlUSBFlt;Silver USB Filter (USB BUS Filter Driver);c:\windows\system32\drivers\SlUSBFlt.sys [05/07/2010 17:12 11831]
S2 gupdate1c995ce4d4e0972;Google Update Service (gupdate1c995ce4d4e0972);c:\program files\Google\Update\GoogleUpdate.exe [23/02/2009 16:49 133104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [14/04/2007 16:47 29744]
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [02/01/2004 03:17 350282]
S3 SlFilter;Silver 1394 Filter (1394 BUS Filter Driver);c:\windows\system32\drivers\SlFilter.sys [05/07/2010 17:12 13395]
--- Other Services/Drivers In Memory ---
*Deregistered* - kfwyypoc
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-07-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 17:28]
2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-07-16 c:\windows\Tasks\backup.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\backup.bks [2007-04-21 12:07]
2010-07-17 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2010-07-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-14 09:47]
2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 15:49]
2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 15:49]
2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{9D80D5D8-9F2E-425B-845E-2C7851F5F049}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\390w2b2o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rlz=1R0GGIC_en
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\390w2b2o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 15:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
--
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.2.547\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-468578920-4183780032-2647741159-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(15396)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-17 15:37:26
ComboFix-quarantined-files.txt 2010-07-17 14:37
Pre-Run: 144,714,047,488 bytes free
Post-Run: 144,698,396,672 bytes free
- - End Of File - - D318E35405B026ACF968A98CD0EDCFF0
((((((((((((((((((((((((((((( SnapShot@2010-07-07_13.05.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-17 12:43 . 2010-07-17 12:43 16384 c:\windows\Temp\Perflib_Perfdata_708.dat
+ 2010-07-17 12:41 . 2010-07-17 12:41 16384 c:\windows\Temp\Perflib_Perfdata_6ac.dat
+ 2007-09-21 08:59 . 2010-07-14 10:16 5788 c:\windows\system32\Restore\rstrlog.dat
+ 2009-11-05 08:56 . 2010-07-14 22:09 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe
- 2009-11-05 08:56 . 2010-06-15 10:37 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe
+ 2009-11-05 08:56 . 2010-07-14 22:09 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe
- 2009-11-05 08:56 . 2010-06-15 10:37 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe
- 2009-11-05 08:56 . 2010-06-15 10:37 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe
+ 2009-11-05 08:56 . 2010-07-14 22:09 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe
+ 2010-07-14 22:09 . 2010-07-14 22:09 1527296 c:\windows\Installer\16f4b.msi
+ 2007-04-14 14:26 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-14 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-07-03 4105576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-10 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-07 8720384]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
backup=c:\windows\pss\BT Broadband Help.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check(3).lnk]
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(3).lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-07-06 17:28 864112 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 17:06 88363 ------w- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 12:47 57344 ------w- c:\windows\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMLite8AgentLaCie]
2008-09-18 08:05 189056 ----a-w- c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-10-15 06:55 29744 ------w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 16:04 52736 ------w- c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2004-04-21 18:28 286720 ------w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2004-12-09 11:02 421888 ------w- c:\progra~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2007-12-07 07:33 8720384 ------w- c:\program files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-17 00:07 8491008 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-17 00:07 81920 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-09-17 00:07 1626112 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 11:00 49152 ------w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-10-16 16:57 81920 ------w- c:\windows\system32\ps2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-14 20:43 233472 ------w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
2004-05-20 09:47 249856 ------w- c:\windows\system32\Keyhook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAP]
2004-02-17 09:19 536576 ------w- c:\program files\Arcadyan Wireless\NetCfgWizard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-14 17:00 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-10 08:56 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
2004-07-30 10:41 192512 ------w- c:\program files\InterVideo\Common\Bin\WinRemote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless SoftAP]
2004-02-17 09:20 667648 ------w- c:\program files\Arcadyan Wireless\Configuration\SoftAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2005-08-31 16:11 2478080 ------w- c:\progra~1\Yahoo!\MESSEN~1\ypager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2003-12-09 11:03 57344 ------w- c:\progra~1\Yahoo!\browser\ybrwicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/07/2010 09:11 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [25/05/2010 12:47 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [25/05/2010 12:47 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [13/07/2010 08:38 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [25/05/2010 12:47 501888]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [24/02/2010 11:29 390528]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [25/05/2010 12:47 116784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [06/07/2010 18:28 1352832]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [25/05/2010 12:46 126392]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe [29/04/2010 14:53 103280]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe [29/04/2010 14:53 126392]
R2 PCTWPASV;SoftAP WPA Authenticator Service;c:\program files\Arcadyan Wireless\pctwpasv.exe [30/01/2004 13:59 204800]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/05/2010 21:24 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100716.001\IDSXpx86.sys [16/07/2010 23:20 331640]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [02/01/2004 03:19 24608]
R3 SlUSBFlt;Silver USB Filter (USB BUS Filter Driver);c:\windows\system32\drivers\SlUSBFlt.sys [05/07/2010 17:12 11831]
S2 gupdate1c995ce4d4e0972;Google Update Service (gupdate1c995ce4d4e0972);c:\program files\Google\Update\GoogleUpdate.exe [23/02/2009 16:49 133104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [14/04/2007 16:47 29744]
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [02/01/2004 03:17 350282]
S3 SlFilter;Silver 1394 Filter (1394 BUS Filter Driver);c:\windows\system32\drivers\SlFilter.sys [05/07/2010 17:12 13395]
--- Other Services/Drivers In Memory ---
*Deregistered* - kfwyypoc
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-07-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 17:28]
2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-07-16 c:\windows\Tasks\backup.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\backup.bks [2007-04-21 12:07]
2010-07-17 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2010-07-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-14 09:47]
2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 15:49]
2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 15:49]
2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{9D80D5D8-9F2E-425B-845E-2C7851F5F049}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\390w2b2o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rlz=1R0GGIC_en
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\390w2b2o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 15:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
--
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.2.547\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-468578920-4183780032-2647741159-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(15396)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-17 15:37:26
ComboFix-quarantined-files.txt 2010-07-17 14:37
Pre-Run: 144,714,047,488 bytes free
Post-Run: 144,698,396,672 bytes free
- - End Of File - - D318E35405B026ACF968A98CD0EDCFF0
Thought this latest GMER log might help also in addiition to Combofix just sent. Two parts. Kind Regards.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-17 15:03:44
Windows 5.1.2600 Service Pack 3
Running: oicz7lbq.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\kfwyypoc.sys
---- System - GMER 1.0.15 ----
SSDT 86F461A8 ZwAlertResumeThread
SSDT 85EFC108 ZwAlertThread
SSDT 8604C268 ZwAllocateVirtualMemory
SSDT 86F841A8 ZwAssignProcessToJobObject
SSDT 86E37C80 ZwConnectPort
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xF30FA704]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF3248210]
SSDT 85FA8268 ZwCreateMutant
SSDT 85F951F8 ZwCreateSymbolicLinkObject
SSDT 85FED1E8 ZwCreateThread
SSDT 86722218 ZwDebugActiveProcess
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xF30FA864]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF3248490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF32489F0]
SSDT 860501B8 ZwDuplicateObject
SSDT 85FC91F8 ZwFreeVirtualMemory
SSDT 86F871A8 ZwImpersonateAnonymousToken
SSDT 85FE6218 ZwImpersonateThread
SSDT 86DC12C8 ZwLoadDriver
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xF30FE21A]
SSDT 85FC7218 ZwMapViewOfSection
SSDT 86F451A8 ZwOpenEvent
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xF30FA7C8]
SSDT 85FD91B8 ZwOpenProcess
SSDT 86F9F1F8 ZwOpenProcessToken
SSDT 860621A8 ZwOpenSection
SSDT 860511F8 ZwOpenThread
SSDT 85F991B8 ZwProtectVirtualMemory
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xF30FE190]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xF30FE0FA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xF30FE12C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xF30FE15E]
SSDT 85FEA1A8 ZwResumeThread
SSDT 86FAA200 ZwSetContextThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xF30FA8C4]
SSDT 85FC41F8 ZwSetInformationProcess
SSDT 85FE31A8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF3248C40]
SSDT 85FE41A8 ZwSuspendProcess
SSDT 86E921A8 ZwSuspendThread
SSDT 86FAC570 ZwTerminateProcess
SSDT 86FC1670 ZwTerminateThread
SSDT 86FA52F8 ZwUnmapViewOfSection
SSDT 85FCC1B8 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF638E360, 0x307AC7, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[864] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414A50 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[864] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[864] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[864] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[864] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3932] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00438CE0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3932] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3932] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3932] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 716E0022
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 017DF7A0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 017DF750
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 017DB490
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 017DC700
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 017DE4D0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 017DCDA0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 017DC9E0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 017DDAD0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 017DF450
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 017DF490
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 017DF830
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 017DF310
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 017DE430
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 017DD360
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 017DCC70
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 017DD0A0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 017DFDB0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 017DDE20
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 017DE290
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 017DE950
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 017DE6E0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 017DE8D0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 017DEDF0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 017DEB00
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 017DCB40
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 017DD210
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 017DF570
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 017DE820
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 017DE3D0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 017DE250
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 017DE5E0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 017DF850
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 017DE620
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 017DFAF0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 017DFA90
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 017DFCE0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 017DFD80
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 017DFBB0
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-17 15:03:44
Windows 5.1.2600 Service Pack 3
Running: oicz7lbq.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\kfwyypoc.sys
---- System - GMER 1.0.15 ----
SSDT 86F461A8 ZwAlertResumeThread
SSDT 85EFC108 ZwAlertThread
SSDT 8604C268 ZwAllocateVirtualMemory
SSDT 86F841A8 ZwAssignProcessToJobObject
SSDT 86E37C80 ZwConnectPort
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xF30FA704]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF3248210]
SSDT 85FA8268 ZwCreateMutant
SSDT 85F951F8 ZwCreateSymbolicLinkObject
SSDT 85FED1E8 ZwCreateThread
SSDT 86722218 ZwDebugActiveProcess
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xF30FA864]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF3248490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF32489F0]
SSDT 860501B8 ZwDuplicateObject
SSDT 85FC91F8 ZwFreeVirtualMemory
SSDT 86F871A8 ZwImpersonateAnonymousToken
SSDT 85FE6218 ZwImpersonateThread
SSDT 86DC12C8 ZwLoadDriver
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xF30FE21A]
SSDT 85FC7218 ZwMapViewOfSection
SSDT 86F451A8 ZwOpenEvent
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xF30FA7C8]
SSDT 85FD91B8 ZwOpenProcess
SSDT 86F9F1F8 ZwOpenProcessToken
SSDT 860621A8 ZwOpenSection
SSDT 860511F8 ZwOpenThread
SSDT 85F991B8 ZwProtectVirtualMemory
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xF30FE190]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xF30FE0FA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xF30FE12C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xF30FE15E]
SSDT 85FEA1A8 ZwResumeThread
SSDT 86FAA200 ZwSetContextThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xF30FA8C4]
SSDT 85FC41F8 ZwSetInformationProcess
SSDT 85FE31A8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF3248C40]
SSDT 85FE41A8 ZwSuspendProcess
SSDT 86E921A8 ZwSuspendThread
SSDT 86FAC570 ZwTerminateProcess
SSDT 86FC1670 ZwTerminateThread
SSDT 86FA52F8 ZwUnmapViewOfSection
SSDT 85FCC1B8 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF638E360, 0x307AC7, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[864] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414A50 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[864] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[864] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[864] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[864] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3932] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00438CE0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3932] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3932] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3932] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 716E0022
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 017DF7A0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 017DF750
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 017DB490
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 017DC700
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 017DE4D0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 017DCDA0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 017DC9E0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 017DDAD0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 017DF450
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 017DF490
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 017DF830
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 017DF310
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 017DE430
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 017DD360
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 017DCC70
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 017DD0A0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 017DFDB0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 017DDE20
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 017DE290
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 017DE950
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 017DE6E0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 017DE8D0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 017DEDF0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 017DEB00
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 017DCB40
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 017DD210
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 017DF570
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 017DE820
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 017DE3D0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 017DE250
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 017DE5E0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 017DF850
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 017DE620
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 017DFAF0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 017DFA90
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 017DFCE0
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 017DFD80
IAT C:\Program Files\Norton Utilities 14\nu.exe[1872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 017DFBB0
GMER log (2)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Owner at 15:08:57.01 on 17/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.32 [GMT 1:00]
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Norton Utilities 14\nu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\HP_Owner\My Documents\Downloads\dds(4).scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [NortonUtilities] c:\program files\norton utilities 14\nu.exe /H
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Owner at 15:08:57.01 on 17/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.32 [GMT 1:00]
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Norton Utilities 14\nu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\HP_Owner\My Documents\Downloads\dds(4).scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [NortonUtilities] c:\program files\norton utilities 14\nu.exe /H
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
GMER (part 3)
================= FIREFOX ===================
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-7 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-25 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-25 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100709.001\BHDrvx86.sys [2010-7-13 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-25 501888]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-24 390528]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-25 116784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1352832]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-25 126392]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.2.547\SymcPCCULaunchSvc.exe [2010-4-29 103280]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.2.547\ccSvcHst.exe [2010-4-29 126392]
R2 PCTWPASV;SoftAP WPA Authenticator Service;c:\program files\arcadyan wireless\pctwpasv.exe [2004-1-30 204800]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-7-1 840936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100716.001\IDSXpx86.sys [2010-7-16 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20100716.024\NAVENG.SYS [2010-7-17 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20100716.024\NAVEX15.SYS [2010-7-17 1362608]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-1-2 24608]
R3 SlUSBFlt;Silver USB Filter (USB BUS Filter Driver);c:\windows\system32\drivers\SlUSBFlt.sys [2010-7-5 11831]
S2 gupdate1c995ce4d4e0972;Google Update Service (gupdate1c995ce4d4e0972);c:\program files\google\update\GoogleUpdate.exe [2009-2-23 133104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-4-14 29744]
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [2004-1-2 350282]
S3 SlFilter;Silver 1394 Filter (1394 BUS Filter Driver);c:\windows\system32\drivers\SlFilter.sys [2010-7-5 13395]
=============== Created Last 30 ================
2010-07-15 05:27:29 0 d-----w- c:\docume~1\hp_owner\applic~1\WinBatch
2010-07-14 07:19:00 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-07 12:52:14 0 d-sha-r- C:\cmdcons
2010-07-07 12:49:31 98816 ----a-w- c:\windows\sed.exe
2010-07-07 12:49:31 77312 ----a-w- c:\windows\MBR.exe
2010-07-07 12:49:31 256512 ----a-w- c:\windows\PEV.exe
2010-07-07 12:49:31 161792 ----a-w- c:\windows\SWREG.exe
2010-07-07 12:21:47 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-07 08:11:22 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-07 08:06:01 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-05 16:12:41 608 ----a-w- c:\windows\UnDeviceUpd
2010-07-05 16:12:41 11831 ----a-w- c:\windows\system32\drivers\SlUSBFlt.sys
2010-07-05 16:12:40 13395 ----a-w- c:\windows\system32\drivers\SlFilter.sys
2010-07-05 16:12:39 0 d-----w- c:\program files\LaCieTools
2010-07-05 14:55:00 0 d-----w- c:\docume~1\hp_owner\applic~1\ElevatedDiagnostics
2010-07-04 15:25:51 0 d-----w- c:\docume~1\hp_owner\applic~1\Malwarebytes
2010-07-04 15:25:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-04 15:25:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-04 15:25:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 15:25:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-04 14:59:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-07-03 18:24:43 0 d-----w- c:\docume~1\hp_owner\applic~1\Norton Utilities 14
2010-07-03 16:49:15 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-07-03 16:49:15 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-07-03 16:49:14 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-07-03 16:04:02 0 dc-h--w- c:\windows\ie8
2010-07-03 09:59:42 3072 ----a-w- c:\documents and settings\hp_owner\Cache.db
2010-06-28 12:59:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-06-28 11:12:17 411368 ----a-w- c:\windows\system32\deployJava1.dll
==================== Find3M ====================
2010-07-17 14:04:55 26396 ----a-w- c:\docume~1\hp_owner\applic~1\wklnhst.dat
2010-06-06 00:23:37 339968 ----a-w- c:\windows\system32\RapportBuka.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 10:05:42 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2005-02-02 13:55:56 0 -csh--w- c:\windows\sminst\HPCD.SYS
2008-06-04 18:49:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008060420080605\index.dat
============= FINISH: 15:10:01.21 ===============
================= FIREFOX ===================
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-7 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-25 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-25 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100709.001\BHDrvx86.sys [2010-7-13 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-25 501888]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-24 390528]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-25 116784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1352832]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-25 126392]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.2.547\SymcPCCULaunchSvc.exe [2010-4-29 103280]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.2.547\ccSvcHst.exe [2010-4-29 126392]
R2 PCTWPASV;SoftAP WPA Authenticator Service;c:\program files\arcadyan wireless\pctwpasv.exe [2004-1-30 204800]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-7-1 840936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100716.001\IDSXpx86.sys [2010-7-16 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20100716.024\NAVENG.SYS [2010-7-17 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20100716.024\NAVEX15.SYS [2010-7-17 1362608]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-1-2 24608]
R3 SlUSBFlt;Silver USB Filter (USB BUS Filter Driver);c:\windows\system32\drivers\SlUSBFlt.sys [2010-7-5 11831]
S2 gupdate1c995ce4d4e0972;Google Update Service (gupdate1c995ce4d4e0972);c:\program files\google\update\GoogleUpdate.exe [2009-2-23 133104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-4-14 29744]
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [2004-1-2 350282]
S3 SlFilter;Silver 1394 Filter (1394 BUS Filter Driver);c:\windows\system32\drivers\SlFilter.sys [2010-7-5 13395]
=============== Created Last 30 ================
2010-07-15 05:27:29 0 d-----w- c:\docume~1\hp_owner\applic~1\WinBatch
2010-07-14 07:19:00 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-07 12:52:14 0 d-sha-r- C:\cmdcons
2010-07-07 12:49:31 98816 ----a-w- c:\windows\sed.exe
2010-07-07 12:49:31 77312 ----a-w- c:\windows\MBR.exe
2010-07-07 12:49:31 256512 ----a-w- c:\windows\PEV.exe
2010-07-07 12:49:31 161792 ----a-w- c:\windows\SWREG.exe
2010-07-07 12:21:47 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-07 08:11:22 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-07 08:06:01 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-05 16:12:41 608 ----a-w- c:\windows\UnDeviceUpd
2010-07-05 16:12:41 11831 ----a-w- c:\windows\system32\drivers\SlUSBFlt.sys
2010-07-05 16:12:40 13395 ----a-w- c:\windows\system32\drivers\SlFilter.sys
2010-07-05 16:12:39 0 d-----w- c:\program files\LaCieTools
2010-07-05 14:55:00 0 d-----w- c:\docume~1\hp_owner\applic~1\ElevatedDiagnostics
2010-07-04 15:25:51 0 d-----w- c:\docume~1\hp_owner\applic~1\Malwarebytes
2010-07-04 15:25:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-04 15:25:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-04 15:25:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 15:25:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-04 14:59:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-07-03 18:24:43 0 d-----w- c:\docume~1\hp_owner\applic~1\Norton Utilities 14
2010-07-03 16:49:15 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-07-03 16:49:15 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-07-03 16:49:14 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-07-03 16:04:02 0 dc-h--w- c:\windows\ie8
2010-07-03 09:59:42 3072 ----a-w- c:\documents and settings\hp_owner\Cache.db
2010-06-28 12:59:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-06-28 11:12:17 411368 ----a-w- c:\windows\system32\deployJava1.dll
==================== Find3M ====================
2010-07-17 14:04:55 26396 ----a-w- c:\docume~1\hp_owner\applic~1\wklnhst.dat
2010-06-06 00:23:37 339968 ----a-w- c:\windows\system32\RapportBuka.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 10:05:42 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2005-02-02 13:55:56 0 -csh--w- c:\windows\sminst\HPCD.SYS
2008-06-04 18:49:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008060420080605\index.dat
============= FINISH: 15:10:01.21 ===============
Bobbye
Posts: 16,313 +36
Please strop running these extra scans.
Tell me in as few words as possible what the problems are. I don't see any bad entries in these logs. The only thing I would remove is the AVG entries showing in the header of Combofix:
Custom CFScript
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt .
====================
Tell me in as few words as possible what the problems are. I don't see any bad entries in these logs. The only thing I would remove is the AVG entries showing in the header of Combofix:
Custom CFScript
[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:
Code:
File::
SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}
{8decf618-9569-4340-b34a-d78d28969b66}Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt .
====================
Hi Bobbye. I know you hate other scans apart from yours, but I have continuing issues and have no peace of mind after finding from my latest AdAware full system scan that I apparently have two cases of the rather nasty Trojan.Win32.Generic!BT, Are these false positives, or do I still have a big problem? Kind regards.
Thanks for all your efforts Bobbye. Very much appreciated. Sadly. position at end of the day not improved. Now Norton says I have yet another problem.- Trojan. Gen embodied in HP recovery. On top of that, new Java update 21 console simply will not be recognised and there are constant unwanted changes in start up. Despite many years of studious atempts to keep this pc secure, I now feel it is an uphill struggle I can no longer afford to continue. Please close this post. Kind regards.
Bobbye
Posts: 16,313 +36
Sorry you can't continue. Perhaps you would be better doing a reformat/reinstall. I will caution you though about accessing security log entries as they will often show malware in locations that have already been handled. This would mean that that malware is no active in the system.
Examples would be:
Qoobox: where Combofix send the entries it quarantines.
System Volume: the System Restore points. No threat unless you do a system restore and choose that particular date.
Recycler: the folder with contents of Recycle Bin after deletions.
All of these get removed later in the cleaning process but are not a threat to the system in the meantime.
I am closing this thread per member's request..
Examples would be:
Qoobox: where Combofix send the entries it quarantines.
System Volume: the System Restore points. No threat unless you do a system restore and choose that particular date.
Recycler: the folder with contents of Recycle Bin after deletions.
All of these get removed later in the cleaning process but are not a threat to the system in the meantime.
I am closing this thread per member's request..
- Status
Similar threads
Latest posts
-
How Sam Altman became a billionaire without equity in OpenAI
- anastrophe replied
