We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
The Forum is currently experiencing technical issues which the team are working to resolve. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Hijack This! Log, Suspect PC Is Virusy But Can't Find Anything
Comments
-
o&o is a good defrag program. I believe the bad comments are the installer has malware with it (if ticked I assume)
Tuneup ive used before and can honestly say ill never use it again:idea:0 -
O&O doesn't have malware in the installer, not that I can ever remember, and I've installed it lots of times on various computers (?). Messenger Plus! did, but doesn't any more, that was fun when my 11 year-old niece decided to install it herself. (I like it for its audio clips function especially). Off on a tangent..
Can anyone help me out re my virusy PC
? 0 -
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
I get an error when I try to install it: "You cannot rename ComboFix as ComboFix[1]...please use another name preferably made of alphanumeric characters".0
-
I did put at the bottom of post #14 that if you get a renaming error then RIGHT CLICK the exe file and RENAME it:idea:0
-
It was late
Ok, some files were deleted after the scan (got a fright when my PC rebooted and went blank for a while, wasn't expecting that!).
Here's the log:
ComboFix 10-04-06.01 - Louise 07/04/2010 9:06.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3325.2319 [GMT 1:00]
Running from: c:\users\Louise\Desktop\QWERTY.exe
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\hpeEAE3.dll
c:\users\Louise\AppData\Roaming\inst.exe
.
((((((((((((((((((((((((( Files Created from 2010-03-07 to 2010-04-07 )))))))))))))))))))))))))))))))
.
2010-04-07 08:14 . 2010-04-07 08:14
d
w- c:\users\Louise\AppData\Local\temp
2010-04-07 08:14 . 2010-04-07 08:14
d
w- c:\users\Default\AppData\Local\temp
2010-04-06 13:24 . 2010-04-06 13:24
d
w- c:\users\Louise\AppData\Roaming\Malwarebytes
2010-04-06 13:24 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 13:24 . 2010-04-06 13:24
d
w- c:\programdata\Malwarebytes
2010-04-06 13:23 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-06 13:23 . 2010-04-06 13:24
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 10:06 . 2010-04-02 10:07
d
w- c:\program files\QuickTime
2010-03-10 23:04 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 23:04 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 23:04 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-09 09:56 . 2010-03-09 09:56
d
w- c:\program files\Common Files\Java
2010-03-08 23:22 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 07:59 . 2009-09-22 14:05
d
w- c:\users\Louise\AppData\Roaming\uTorrent
2010-04-06 14:22 . 2010-01-31 23:33
d
w- c:\program files\Spyware Doctor
2010-04-06 14:15 . 2009-09-22 15:00
d
w- c:\program files\PeerGuardian2
2010-04-06 13:26 . 2009-09-22 13:49
d
w- c:\program files\CCleaner
2010-04-06 13:24 . 2009-09-22 14:17
d
w- c:\programdata\Spybot - Search & Destroy
2010-04-06 13:12 . 2009-09-22 14:04
d
w- c:\users\Louise\AppData\Roaming\Vso
2010-04-06 02:03 . 2009-09-22 14:17
d
w- c:\program files\SpywareBlaster
2010-04-02 10:06 . 2009-09-22 14:42
d
w- c:\programdata\Apple Computer
2010-03-24 00:30 . 2009-11-02 13:00
d
w- c:\program files\Topfield
2010-03-11 10:21 . 2009-09-22 11:52 680 ----a-w- c:\users\Louise\AppData\Local\d3d9caps.dat
2010-03-10 23:53 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-03-09 09:56 . 2009-09-22 13:12
d
w- c:\program files\Java
2010-03-07 13:09 . 2010-03-07 12:56
d
w- c:\programdata\Astroburn Lite
2010-03-07 12:57 . 2010-03-07 12:57
d
w- c:\program files\Astroburn Toolbar
2010-03-07 12:56 . 2010-03-07 12:56
d
w- c:\program files\Astroburn Lite
2010-03-07 12:56 . 2010-03-07 12:56
d
w- c:\users\Louise\AppData\Roaming\Astroburn Lite
2010-02-25 07:55 . 2009-09-22 11:52 101504 ----a-w- c:\users\Louise\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-03 01:15 181632
w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 15:59 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 15:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 15:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 15:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-08 13:14 . 2010-02-03 11:34
d
w- c:\programdata\Yahoo!
2010-02-08 13:14 . 2010-02-03 11:33
d
w- c:\program files\Yahoo!
2010-01-25 12:00 . 2010-02-24 09:02 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 09:02 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 09:02 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 09:02 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 09:02 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 09:02 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 09:02 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 09:02 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 09:02 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 09:02 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-07 20:01 . 2010-01-07 20:01 93304 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\55\1\.cp\lib\OsTools.dll
2010-01-07 20:01 . 2010-01-07 20:01 57344 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\6\1\.cp\lib\serialio.dll
2010-01-07 20:01 . 2010-01-07 20:01 216184 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\57\1\.cp\lib\RegistryReader.dll
2010-01-07 20:01 . 2010-01-07 20:01 4 ----a-w- c:\programdata\004b73ba.tmp0 -
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-22 289584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-09-22 1655552]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Creative SB Monitoring Utility"="sbavmon.dll" [2009-05-25 98816]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):71,90,7f,3c,44,3c,ca,01
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-03 691696]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-09-22 13224]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 TfBulk;TfBulk;c:\windows\system32\DRIVERS\TfBulk.sys [2007-05-31 13312]
S1 aswSP;avast! Self Protection; [x]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-09-22 85008]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-09-22 25104]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-14 172032]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328]
S2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2009-12-16 306296]
S2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2009-12-16 162936]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-06-04 806272]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]0 -
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-04-07 c:\windows\Tasks\User_Feed_Synchronization-{7BD0E11B-A79B-4B7B-B689-56463642D248}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
Supplementary Scan
.
uInternet Settings,ProxyOverride = local
Trusted Zone: gamestation.co.uk\www
DPF: Microsoft XML Parser for Java - [URL]file:///C:/Windows/Java/classes/xmldso.cab[/URL]
FF - ProfilePath - c:\users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\p0oe4k0q.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 09:14
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\Louise\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\guard32.dll
- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\guard32.dll
.
Completion time: 2010-04-07 09:16:56
ComboFix-quarantined-files.txt 2010-04-07 08:16
Pre-Run: 323,609,812,992 bytes free
Post-Run: 323,546,775,552 bytes free
- - End Of File - - C10A6A0E45C3B8CDD8862103F06E8AA40 -
Open notepad and copy/paste the text in RED below
File::
c:\users\Louise\AppData\Local\Temp\catchme.dll
c:\programdata\004b73ba.tmp
Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
..........................................................................
Download CCLEANER
http://www.piriform.com/ccleaner/download/slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
reboot
Download GLARY UTILITIES
http://www.glaryutilities.com/download/gusetup_slim.exe
Run the ONE CLICK scan
Goto MODULES / SYSTEM TOOLS / WINDOWS STANDARD TOOLS / then run SYSTEM FILE CHECKER:idea:0 -
CCleaner is already on here. I'll do all that once I have the PC to myself; I'm working on stuff and lost files when it rebooted, so I'll get back to you in an hour or two. 0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.4K Banking & Borrowing
- 252.9K Reduce Debt & Boost Income
- 453.3K Spending & Discounts
- 243.4K Work, Benefits & Business
- 598K Mortgages, Homes & Bills
- 176.7K Life & Family
- 256.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards