We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Hijack this log - help needed
Comments
-
Yes it was a full scan, here's the log:
Malwarebytes' Anti-Malware 1.51.0.1200
https://www.malwarebytes.org
Database version: 6776
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
05/06/2011 21:52:49
mbam-log-2011-06-05 (21-52-49).txt
Scan type: Full scan (C:\|)
Objects scanned: 285307
Time elapsed: 57 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\timberflake\AppData\Local\Temp\jar_cache5053913834707407852.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\timberflake\AppData\Local\Temp\jar_cache6652231221247759154.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Quarantined and deleted successfully.
c:\Users\timberflake\AppData\Local\Temp\0.6791723930303153.exe (Trojan.Dropper) -> Quarantined and deleted successfully.0 -
uninstall alcohol?
and put avast on if you haven't already, see if it picks anything up!!
> . !!!! ----> .0 -
I've uninstaled alcohol, restarted the laptop, no difference.
Running a full scan on Avast now.0 -
If the other machine is fast, you could always backup data and restore to factory settings!!
> . !!!! ----> .0 -
timberflake wrote: »Scanned with Malwarebytes yesterday, came up with 6 trojans, which it duly removed.
Do you not think it would have been prudent to let us know that snipbit?
I think that also tells you AVG failed you:idea:0 -
Do you not think it would have been prudent to let us know that snipbit?
I think that also tells you AVG failed you
I didnt think it was overly relevant seeing as I had the same problem after I removed them.
I've also removed AVG, enabled Windows FW, installed Avast & ran a full scan which found nothing, but my upload speeds are still terrible.
I've stopped dropbox from running at start up, which had no effect. Im now convinced its a problem with the broadband & not my laptop, but im going to try a different laptop just to be certain.0 -
id have to disagreetimberflake wrote: »I didnt think it was overly relevant seeing as I had the same problem after I removed them.
If someone posts a hijack log and says their uploads are slow with no other information then we would think everything else is running fine so the cause must be some compatability issue
IF id heard there had recently been an infection (probably still is looking at the malwarebytes log) id have gone down the virus route (Would still have suggested removing AVG mind)
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive):idea:0 -
Ok, I know its a problem with my laptop, I've just connected another laptop in the exact same way and wan the exact same speedtest, got a solid 50mb down and 4.75mb up, mine are nothing like that on my laptop. Here's the ComboFix log:
ComboFix 11-06-06.07 - Timberflake 07/06/2011 17:28:00.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2038.1265 [GMT 1:00]
Running from: c:\users\Timberflake\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Timberflake\AppData\Roaming\inst.exe
c:\windows\system32\system
.
.
((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-07 16:36 . 2011-06-07 16:36
d
w- c:\users\Timberflake\AppData\Local\temp
2011-06-07 16:36 . 2011-06-07 16:36
d
w- c:\users\Default\AppData\Local\temp
2011-06-06 22:02 . 2011-05-24 18:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F556DFF-14B6-4BE1-9261-CB2B959E9A47}\mpengine.dll
2011-06-06 21:14 . 2011-06-07 16:22
d
w- c:\programdata\AVAST Software
2011-06-06 21:14 . 2011-06-06 21:14
d
w- c:\program files\AVAST Software
2011-06-06 17:36 . 2011-06-06 20:38
d
w- c:\users\Timberflake\AppData\Local\VirginMedia
2011-06-06 17:28 . 2011-06-06 17:28
d
w- c:\programdata\VirginMedia
2011-06-06 17:27 . 2010-10-06 12:00 4292096 ----a-w- c:\windows\system32\Redemption.dll
2011-06-05 21:33 . 2011-06-05 21:33 388096 ----a-r- c:\users\Timberflake\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-28 21:39 . 2011-05-28 21:41
d
w- c:\users\Timberflake\AppData\Roaming\KeePass
2011-05-25 15:58 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 16:17 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-15 09:21 . 2011-05-15 09:23
d
w- C:\488b7fbdb996113ede
2011-05-15 09:17 . 2011-05-15 09:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 09:11 . 2011-05-15 09:11 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-15 09:11 . 2011-05-15 09:11 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-15 09:11 . 2011-05-15 09:11 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-15 09:11 . 2011-05-15 09:11 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-15 09:11 . 2011-05-15 09:11 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-15 09:10 . 2011-05-15 09:10 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-15 09:10 . 2011-05-15 09:10 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-15 09:10 . 2011-05-15 09:10 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-15 08:16 . 2011-05-15 08:16
d
w- c:\program files\iPod
2011-05-15 08:16 . 2011-05-15 08:17
d
w- c:\program files\iTunes
2011-05-15 08:14 . 2011-05-15 08:14
d
w- c:\program files\Bonjour
2011-05-15 07:34 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-15 07:34 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 08:11 . 2009-10-27 09:51 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:11 . 2009-10-27 09:51 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 18:14 . 2009-10-26 21:13 222080
w- c:\windows\system32\MpSigStub.exe
2011-04-14 13:22 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-14 09:43 . 2011-04-14 09:43 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-14 09:43 . 2011-04-14 09:43 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-14 09:43 . 2011-04-14 09:43 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-14 09:43 . 2011-04-14 09:43 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-14 09:43 . 2011-04-14 09:43 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-14 09:43 . 2011-04-14 09:43 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-14 09:43 . 2011-04-14 09:43 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-14 09:43 . 2011-04-14 09:43 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-14 09:43 . 2011-04-14 09:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-14 09:43 . 2011-04-14 09:43 367104 ----a-w- c:\windows\system32\html.iec
2011-04-14 09:43 . 2011-04-14 09:43 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-14 09:43 . 2011-04-14 09:43 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-14 09:43 . 2011-04-14 09:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-14 09:43 . 2011-04-14 09:43 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-14 09:43 . 2011-04-14 09:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-14 09:43 . 2011-04-14 09:43 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-14 09:43 . 2011-04-14 09:43 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-14 09:43 . 2011-04-14 09:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-14 09:43 . 2011-04-14 09:43 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-14 09:43 . 2011-04-14 09:43 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-14 09:43 . 2011-04-14 09:43 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-12 11:23 . 2011-04-27 16:06 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:39 . 2011-04-27 16:06 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 05:39 . 2011-04-27 16:06 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:39 . 2011-04-27 16:06 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:39 . 2011-04-27 16:06 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:38 . 2011-04-27 16:06 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:38 . 2011-04-27 16:06 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:38 . 2011-04-27 16:06 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:33 . 2011-04-14 06:32 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-14 06:32 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33 . 2011-04-27 16:06 1699328 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:31 . 2011-04-27 16:06 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-05-15 09:10 . 2011-05-15 09:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Timberflake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Timberflake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Timberflake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Timberflake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2009-10-26 924632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Giganews Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Giganews Accelerator.lnk
backup=c:\windows\pss\Giganews Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Timberflake^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Timberflake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Timberflake^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Timberflake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 18:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 18:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 00:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-05-29 08:11 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 18:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 04:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz130;cpuz130;c:\users\TIMBER~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2011-03-02 38976]
R3 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys [2011-03-02 53312]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-12-21 16456]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-12-21 11088]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-01 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-28 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-01-30 812544]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
.
Supplementary Scan
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Timberflake\AppData\Roaming\Mozilla\Firefox\Profiles\9xhiuvb5.default\
FF - prefs.js: browser.startup.homepage - https://www.google.co.uk
.
.
File Associations
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-Backup & Storage - c:\program files\VirginMedia\V Stuff Backup\Backup & Storage.exe
MSConfigStartUp-BCSSync - c:\program files\Microsoft Office\Office14\BCSSync.exe
MSConfigStartUp-Google Update - c:\users\Timberflake\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-KeePass 2 PreLoad - c:\program files\KeePass Password Safe 2\KeePass.exe
.
.
.
LOCKED REGISTRY KEYS
.
[HKEY_USERS\S-1-5-21-2237050540-3898779269-2471375575-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C5B8AAC3-EB3B-6CA7-51DA-E80ED87DCA9D}*]
@Allowed: (Read) (RestrictedCode)
"iajcdbpdnhonmjknoe"=hex:6b,61,64,70,69,63,65,6d,64,6a,66,6f,68,6a,65,68,62,6c,
70,6d,66,6a,00,00
"hapdncglabhmjhhb"=hex:6b,61,64,70,69,63,65,6d,64,6a,66,6f,68,6a,65,68,62,6c,
70,6d,66,6a,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-07 17:38:38
ComboFix-quarantined-files.txt 2011-06-07 16:38
.
Pre-Run: 138,190,913,536 bytes free
Post-Run: 138,117,382,144 bytes free
.
- - End Of File - - 66D5FE067EEDF6A70AEFBA65FE3CDADB0 -
Manually find and delete this folder and anything in it
C:\488b7fbdb996113ede
Hows it running now?:idea:0 -
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.5K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.5K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.5K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards