📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Hijack This! Log, Suspect PC Is Virusy But Can't Find Anything

Options
13

Comments

  • LouLou
    LouLou Posts: 2,135 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Ok, another log:

    ComboFix 10-04-06.01 - Louise 07/04/2010 10:19:51.2.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3325.2176 [GMT 1:00]
    Running from: c:\users\Louise\Desktop\QWERTY.exe
    Command switches used :: c:\users\Louise\Desktop\CFScript.txt
    FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    FILE ::
    "c:\programdata\004b73ba.tmp"
    "c:\users\Louise\AppData\Local\Temp\catchme.dll"
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\programdata\004b73ba.tmp
    .
    ((((((((((((((((((((((((( Files Created from 2010-03-07 to 2010-04-07 )))))))))))))))))))))))))))))))
    .
    2010-04-07 09:25 . 2010-04-07 09:26
    d
    w- c:\users\Louise\AppData\Local\temp
    2010-04-07 09:25 . 2010-04-07 09:25
    d
    w- c:\users\Public\AppData\Local\temp
    2010-04-07 09:25 . 2010-04-07 09:25
    d
    w- c:\users\Default\AppData\Local\temp
    2010-04-07 08:18 . 2010-04-07 08:18
    d
    w- c:\windows\Sun
    2010-04-06 13:24 . 2010-04-06 13:24
    d
    w- c:\users\Louise\AppData\Roaming\Malwarebytes
    2010-04-06 13:24 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-06 13:24 . 2010-04-06 13:24
    d
    w- c:\programdata\Malwarebytes
    2010-04-06 13:23 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-06 13:23 . 2010-04-06 13:24
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-02 10:06 . 2010-04-02 10:07
    d
    w- c:\program files\QuickTime
    2010-03-10 23:04 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2010-03-10 23:04 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2010-03-10 23:04 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
    2010-03-09 09:56 . 2010-03-09 09:56
    d
    w- c:\program files\Common Files\Java
    2010-03-08 23:22 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-07 07:59 . 2009-09-22 14:05
    d
    w- c:\users\Louise\AppData\Roaming\uTorrent
    2010-04-06 14:22 . 2010-01-31 23:33
    d
    w- c:\program files\Spyware Doctor
    2010-04-06 14:15 . 2009-09-22 15:00
    d
    w- c:\program files\PeerGuardian2
    2010-04-06 13:26 . 2009-09-22 13:49
    d
    w- c:\program files\CCleaner
    2010-04-06 13:24 . 2009-09-22 14:17
    d
    w- c:\programdata\Spybot - Search & Destroy
    2010-04-06 13:12 . 2009-09-22 14:04
    d
    w- c:\users\Louise\AppData\Roaming\Vso
    2010-04-06 02:03 . 2009-09-22 14:17
    d
    w- c:\program files\SpywareBlaster
    2010-04-02 10:06 . 2009-09-22 14:42
    d
    w- c:\programdata\Apple Computer
    2010-03-24 00:30 . 2009-11-02 13:00
    d
    w- c:\program files\Topfield
    2010-03-11 10:21 . 2009-09-22 11:52 680 ----a-w- c:\users\Louise\AppData\Local\d3d9caps.dat
    2010-03-10 23:53 . 2006-11-02 11:18
    d
    w- c:\program files\Windows Mail
    2010-03-09 09:56 . 2009-09-22 13:12
    d
    w- c:\program files\Java
    2010-03-07 13:09 . 2010-03-07 12:56
    d
    w- c:\programdata\Astroburn Lite
    2010-03-07 12:57 . 2010-03-07 12:57
    d
    w- c:\program files\Astroburn Toolbar
    2010-03-07 12:56 . 2010-03-07 12:56
    d
    w- c:\program files\Astroburn Lite
    2010-03-07 12:56 . 2010-03-07 12:56
    d
    w- c:\users\Louise\AppData\Roaming\Astroburn Lite
    2010-02-25 07:55 . 2009-09-22 11:52 101504 ----a-w- c:\users\Louise\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-24 09:16 . 2009-10-03 01:15 181632
    w- c:\windows\system32\MpSigStub.exe
    2010-02-23 06:39 . 2010-03-31 15:59 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-23 06:33 . 2010-03-31 15:59 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-02-23 06:33 . 2010-03-31 15:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-02-23 04:55 . 2010-03-31 15:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-02-08 13:14 . 2010-02-03 11:34
    d
    w- c:\programdata\Yahoo!
    2010-02-08 13:14 . 2010-02-03 11:33
    d
    w- c:\program files\Yahoo!
    2010-01-25 12:00 . 2010-02-24 09:02 471552 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-01-25 12:00 . 2010-02-24 09:02 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-01-25 12:00 . 2010-02-24 09:02 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-01-25 12:00 . 2010-02-24 09:02 471552 ----a-w- c:\windows\system32\secproc.dll
    2010-01-25 11:58 . 2010-02-24 09:02 332288 ----a-w- c:\windows\system32\msdrm.dll
    2010-01-25 08:21 . 2010-02-24 09:02 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-01-25 08:21 . 2010-02-24 09:02 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-01-25 08:21 . 2010-02-24 09:02 518144 ----a-w- c:\windows\system32\RMActivate.exe
    2010-01-25 08:21 . 2010-02-24 09:02 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-01-23 09:26 . 2010-02-24 09:02 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-01-07 20:01 . 2010-01-07 20:01 93304 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\55\1\.cp\lib\OsTools.dll
    2010-01-07 20:01 . 2010-01-07 20:01 57344 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\6\1\.cp\lib\serialio.dll
    2010-01-07 20:01 . 2010-01-07 20:01 216184 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\57\1\.cp\lib\RegistryReader.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-22 289584]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
    "COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-09-22 1655552]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
    "Creative SB Monitoring Utility"="sbavmon.dll" [2009-05-25 98816]
    "OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\guard32.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):71,90,7f,3c,44,3c,ca,01
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-03 691696]
    R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-09-22 13224]
    R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
    R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
    R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
    R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
    R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
    R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
    R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
    R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
    R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
    R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
    R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
    R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
    R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
    R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
    R3 TfBulk;TfBulk;c:\windows\system32\DRIVERS\TfBulk.sys [2007-05-31 13312]
    S1 aswSP;avast! Self Protection; [x]
    S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-09-22 85008]
    S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-09-22 25104]
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-14 172032]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328]
    S2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2009-12-16 306296]
    S2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2009-12-16 162936]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
    S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-06-04 806272]
    S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder
    2010-04-07 c:\windows\Tasks\User_Feed_Synchronization-{7BD0E11B-A79B-4B7B-B689-56463642D248}.job
    - c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
    .
  • LouLou
    LouLou Posts: 2,135 Forumite
    Part of the Furniture 1,000 Posts Name Dropper

    Supplementary Scan
    .
    uInternet Settings,ProxyOverride = local
    Trusted Zone: gamestation.co.uk\www
    DPF: Microsoft XML Parser for Java - [URL]file:///C:/Windows/Java/classes/xmldso.cab[/URL]
    FF - ProfilePath - c:\users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\p0oe4k0q.default\
    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-07 10:26
    Windows 6.0.6002 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'winlogon.exe'(952)
    c:\windows\system32\guard32.dll
    - - - - - - - > 'lsass.exe'(692)
    c:\windows\system32\guard32.dll
    .
    Completion time: 2010-04-07 10:28:28
    ComboFix-quarantined-files.txt 2010-04-07 09:28
    ComboFix2.txt 2010-04-07 08:16
    Pre-Run: 323,557,367,808 bytes free
    Post-Run: 323,542,630,400 bytes free
    - - End Of File - - 24926ED9374B1E25DA12AB9C5035ABD4
  • LouLou
    LouLou Posts: 2,135 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    edited 7 April 2010 at 11:53AM
    I have Ad Aware, Spyware Blaster and Spybot on here too; should I keep those? (I uninstalled TuneUp).

    Did CCleaner's registry tool and the Glary Utilities 1-click; running system file checker. To be completely thorough I've run Avast! and it found a trojan.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    I suspect Avast found the quarantine folder of combofix

    If you wish, you can have another check (Will take hours though)

    Download and run the FREE version of DR WEB
    http://www.freedrweb.com/download+cureit/gr/
    Turn your anti virus OFF
    Click CANCEL to the 'Would you like to read purchase terms now?' message
    Click START click OK
    It will auto QUICK scan
    After that set to scan the WHOLE computer and press the 'play' icon

    ***DO NOT UPGRADE TO FULL VERSION***


    ..........................................
    Spybot (especially its IMMUNISE feature), and spywareblaster are fine. ADAWARE is next to useless
    :idea:
  • LouLou
    LouLou Posts: 2,135 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    The trojan Avast! found was in a hotmail folder (?). Don't mind leaving this running for hours; I'll try Dr Web. Thanks again.

    I'll say goodbye to Ad Aware!
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    You can still use your computer. Im just warning you it could be a long while

    I suspect the trojan was downloaded via MSN then as (So far as im aware) you dont get actual hotmail folders
    Are you sure it was a 'trojan'?
    :idea:
  • LouLou
    LouLou Posts: 2,135 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    On closer inspection, the "trojan" Avast! found seems to be a keygen (I have er, files on my online Skydrive on MSN).

    Don't mind waiting if my PC is clean at the end of it!
  • LouLou
    LouLou Posts: 2,135 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    No viruses on Dr Web on quick and full computer scans.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Id say your clean
    :idea:
  • LouLou
    LouLou Posts: 2,135 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    I appreciate all your help. Yesterday looking at Spyware Blaster (in between all the scans) it had definitions "undoing" themselves, which has been happening for a while. Hopefully I'm ok now after all the scans, etc.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.1K Banking & Borrowing
  • 253.2K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599.1K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.5K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.