We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Hijack This! Log, Suspect PC Is Virusy But Can't Find Anything
Comments
-
Ok, another log:
ComboFix 10-04-06.01 - Louise 07/04/2010 10:19:51.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3325.2176 [GMT 1:00]
Running from: c:\users\Louise\Desktop\QWERTY.exe
Command switches used :: c:\users\Louise\Desktop\CFScript.txt
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\programdata\004b73ba.tmp"
"c:\users\Louise\AppData\Local\Temp\catchme.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\004b73ba.tmp
.
((((((((((((((((((((((((( Files Created from 2010-03-07 to 2010-04-07 )))))))))))))))))))))))))))))))
.
2010-04-07 09:25 . 2010-04-07 09:26
d
w- c:\users\Louise\AppData\Local\temp
2010-04-07 09:25 . 2010-04-07 09:25
d
w- c:\users\Public\AppData\Local\temp
2010-04-07 09:25 . 2010-04-07 09:25
d
w- c:\users\Default\AppData\Local\temp
2010-04-07 08:18 . 2010-04-07 08:18
d
w- c:\windows\Sun
2010-04-06 13:24 . 2010-04-06 13:24
d
w- c:\users\Louise\AppData\Roaming\Malwarebytes
2010-04-06 13:24 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 13:24 . 2010-04-06 13:24
d
w- c:\programdata\Malwarebytes
2010-04-06 13:23 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-06 13:23 . 2010-04-06 13:24
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 10:06 . 2010-04-02 10:07
d
w- c:\program files\QuickTime
2010-03-10 23:04 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 23:04 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 23:04 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-09 09:56 . 2010-03-09 09:56
d
w- c:\program files\Common Files\Java
2010-03-08 23:22 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 07:59 . 2009-09-22 14:05
d
w- c:\users\Louise\AppData\Roaming\uTorrent
2010-04-06 14:22 . 2010-01-31 23:33
d
w- c:\program files\Spyware Doctor
2010-04-06 14:15 . 2009-09-22 15:00
d
w- c:\program files\PeerGuardian2
2010-04-06 13:26 . 2009-09-22 13:49
d
w- c:\program files\CCleaner
2010-04-06 13:24 . 2009-09-22 14:17
d
w- c:\programdata\Spybot - Search & Destroy
2010-04-06 13:12 . 2009-09-22 14:04
d
w- c:\users\Louise\AppData\Roaming\Vso
2010-04-06 02:03 . 2009-09-22 14:17
d
w- c:\program files\SpywareBlaster
2010-04-02 10:06 . 2009-09-22 14:42
d
w- c:\programdata\Apple Computer
2010-03-24 00:30 . 2009-11-02 13:00
d
w- c:\program files\Topfield
2010-03-11 10:21 . 2009-09-22 11:52 680 ----a-w- c:\users\Louise\AppData\Local\d3d9caps.dat
2010-03-10 23:53 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-03-09 09:56 . 2009-09-22 13:12
d
w- c:\program files\Java
2010-03-07 13:09 . 2010-03-07 12:56
d
w- c:\programdata\Astroburn Lite
2010-03-07 12:57 . 2010-03-07 12:57
d
w- c:\program files\Astroburn Toolbar
2010-03-07 12:56 . 2010-03-07 12:56
d
w- c:\program files\Astroburn Lite
2010-03-07 12:56 . 2010-03-07 12:56
d
w- c:\users\Louise\AppData\Roaming\Astroburn Lite
2010-02-25 07:55 . 2009-09-22 11:52 101504 ----a-w- c:\users\Louise\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-03 01:15 181632
w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 15:59 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 15:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 15:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 15:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-08 13:14 . 2010-02-03 11:34
d
w- c:\programdata\Yahoo!
2010-02-08 13:14 . 2010-02-03 11:33
d
w- c:\program files\Yahoo!
2010-01-25 12:00 . 2010-02-24 09:02 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 09:02 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 09:02 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 09:02 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 09:02 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 09:02 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 09:02 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 09:02 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 09:02 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 09:02 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-07 20:01 . 2010-01-07 20:01 93304 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\55\1\.cp\lib\OsTools.dll
2010-01-07 20:01 . 2010-01-07 20:01 57344 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\6\1\.cp\lib\serialio.dll
2010-01-07 20:01 . 2010-01-07 20:01 216184 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\57\1\.cp\lib\RegistryReader.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-22 289584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-09-22 1655552]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Creative SB Monitoring Utility"="sbavmon.dll" [2009-05-25 98816]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):71,90,7f,3c,44,3c,ca,01
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-03 691696]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-09-22 13224]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 TfBulk;TfBulk;c:\windows\system32\DRIVERS\TfBulk.sys [2007-05-31 13312]
S1 aswSP;avast! Self Protection; [x]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-09-22 85008]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-09-22 25104]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-14 172032]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328]
S2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2009-12-16 306296]
S2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2009-12-16 162936]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-06-04 806272]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-04-07 c:\windows\Tasks\User_Feed_Synchronization-{7BD0E11B-A79B-4B7B-B689-56463642D248}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.0 -
Supplementary Scan
.
uInternet Settings,ProxyOverride = local
Trusted Zone: gamestation.co.uk\www
DPF: Microsoft XML Parser for Java - [URL]file:///C:/Windows/Java/classes/xmldso.cab[/URL]
FF - ProfilePath - c:\users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\p0oe4k0q.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 10:26
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\guard32.dll
- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\guard32.dll
.
Completion time: 2010-04-07 10:28:28
ComboFix-quarantined-files.txt 2010-04-07 09:28
ComboFix2.txt 2010-04-07 08:16
Pre-Run: 323,557,367,808 bytes free
Post-Run: 323,542,630,400 bytes free
- - End Of File - - 24926ED9374B1E25DA12AB9C5035ABD40 -
I have Ad Aware, Spyware Blaster and Spybot on here too; should I keep those? (I uninstalled TuneUp).
Did CCleaner's registry tool and the Glary Utilities 1-click; running system file checker. To be completely thorough I've run Avast! and it found a trojan.0 -
I suspect Avast found the quarantine folder of combofix
If you wish, you can have another check (Will take hours though)
Download and run the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/gr/
Turn your anti virus OFF
Click CANCEL to the 'Would you like to read purchase terms now?' message
Click START click OK
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon
***DO NOT UPGRADE TO FULL VERSION***
..........................................
Spybot (especially its IMMUNISE feature), and spywareblaster are fine. ADAWARE is next to useless:idea:0 -
The trojan Avast! found was in a hotmail folder (?). Don't mind leaving this running for hours; I'll try Dr Web. Thanks again.
I'll say goodbye to Ad Aware!0 -
You can still use your computer. Im just warning you it could be a long while
I suspect the trojan was downloaded via MSN then as (So far as im aware) you dont get actual hotmail folders
Are you sure it was a 'trojan'?:idea:0 -
On closer inspection, the "trojan" Avast! found seems to be a keygen (I have er, files on my online Skydrive on MSN).
Don't mind waiting if my PC is clean at the end of it!0 -
No viruses on Dr Web on quick and full computer scans.0
-
Id say your clean:idea:0
-
I appreciate all your help. Yesterday looking at Spyware Blaster (in between all the scans) it had definitions "undoing" themselves, which has been happening for a while. Hopefully I'm ok now after all the scans, etc.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.4K Banking & Borrowing
- 253.3K Reduce Debt & Boost Income
- 453.8K Spending & Discounts
- 244.4K Work, Benefits & Business
- 599.6K Mortgages, Homes & Bills
- 177.1K Life & Family
- 257.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards