ComboFix (2)
((((((((((((((((((((((((((((( SnapShot@2010-07-07_13.05.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-17 12:43 . 2010-07-17 12:43 16384 c:\windows\Temp\Perflib_Perfdata_708.dat
+ 2010-07-17 12:41 . 2010-07-17 12:41 16384 c:\windows\Temp\Perflib_Perfdata_6ac.dat
+ 2007-09-21 08:59 . 2010-07-14 10:16 5788 c:\windows\system32\Restore\rstrlog.dat
+ 2009-11-05 08:56 . 2010-07-14 22:09 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe
- 2009-11-05 08:56 . 2010-06-15 10:37 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe
+ 2009-11-05 08:56 . 2010-07-14 22:09 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe
- 2009-11-05 08:56 . 2010-06-15 10:37 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe
- 2009-11-05 08:56 . 2010-06-15 10:37 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe
+ 2009-11-05 08:56 . 2010-07-14 22:09 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe
+ 2010-07-14 22:09 . 2010-07-14 22:09 1527296 c:\windows\Installer\16f4b.msi
+ 2007-04-14 14:26 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-14 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-07-03 4105576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-10 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-07 8720384]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
backup=c:\windows\pss\BT Broadband Help.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check(3).lnk]
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(3).lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-07-06 17:28 864112 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 17:06 88363 ------w- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 12:47 57344 ------w- c:\windows\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMLite8AgentLaCie]
2008-09-18 08:05 189056 ----a-w- c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-10-15 06:55 29744 ------w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 16:04 52736 ------w- c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2004-04-21 18:28 286720 ------w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2004-12-09 11:02 421888 ------w- c:\progra~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2007-12-07 07:33 8720384 ------w- c:\program files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-17 00:07 8491008 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-17 00:07 81920 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-09-17 00:07 1626112 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 11:00 49152 ------w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-10-16 16:57 81920 ------w- c:\windows\system32\ps2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-14 20:43 233472 ------w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
2004-05-20 09:47 249856 ------w- c:\windows\system32\Keyhook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAP]
2004-02-17 09:19 536576 ------w- c:\program files\Arcadyan Wireless\NetCfgWizard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-14 17:00 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-10 08:56 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
2004-07-30 10:41 192512 ------w- c:\program files\InterVideo\Common\Bin\WinRemote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless SoftAP]
2004-02-17 09:20 667648 ------w- c:\program files\Arcadyan Wireless\Configuration\SoftAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2005-08-31 16:11 2478080 ------w- c:\progra~1\Yahoo!\MESSEN~1\ypager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2003-12-09 11:03 57344 ------w- c:\progra~1\Yahoo!\browser\ybrwicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/07/2010 09:11 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [25/05/2010 12:47 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [25/05/2010 12:47 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [13/07/2010 08:38 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [25/05/2010 12:47 501888]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [24/02/2010 11:29 390528]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [25/05/2010 12:47 116784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [06/07/2010 18:28 1352832]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [25/05/2010 12:46 126392]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe [29/04/2010 14:53 103280]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe [29/04/2010 14:53 126392]
R2 PCTWPASV;SoftAP WPA Authenticator Service;c:\program files\Arcadyan Wireless\pctwpasv.exe [30/01/2004 13:59 204800]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/05/2010 21:24 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100716.001\IDSXpx86.sys [16/07/2010 23:20 331640]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [02/01/2004 03:19 24608]
R3 SlUSBFlt;Silver USB Filter (USB BUS Filter Driver);c:\windows\system32\drivers\SlUSBFlt.sys [05/07/2010 17:12 11831]
S2 gupdate1c995ce4d4e0972;Google Update Service (gupdate1c995ce4d4e0972);c:\program files\Google\Update\GoogleUpdate.exe [23/02/2009 16:49 133104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [14/04/2007 16:47 29744]
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [02/01/2004 03:17 350282]
S3 SlFilter;Silver 1394 Filter (1394 BUS Filter Driver);c:\windows\system32\drivers\SlFilter.sys [05/07/2010 17:12 13395]
--- Other Services/Drivers In Memory ---
*Deregistered* - kfwyypoc
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-07-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 17:28]
2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-07-16 c:\windows\Tasks\backup.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\backup.bks [2007-04-21 12:07]
2010-07-17 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2010-07-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-14 09:47]
2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 15:49]
2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 15:49]
2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{9D80D5D8-9F2E-425B-845E-2C7851F5F049}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*
http://uk.docs.yahoo.com/info/bt_side.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\390w2b2o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rlz=1R0GGIC_en
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\390w2b2o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-07-17 15:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
--
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.2.547\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-468578920-4183780032-2647741159-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(15396)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-17 15:37:26
ComboFix-quarantined-files.txt 2010-07-17 14:37
Pre-Run: 144,714,047,488 bytes free
Post-Run: 144,698,396,672 bytes free
- - End Of File - - D318E35405B026ACF968A98CD0EDCFF0