We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help with trojans please.
spud17
Posts: 4,441 Forumite
in Techie Stuff
I need help determining the severity of this malware.
I was asked to repair a noisy fan on a laptop, and also clear some of its clutter, to try to speed it up.
Laptop is an Advent 6411 running Vista Home Premium.
While waiting for the fan to be delivered, I connected up the laptop hard drive to a desktop and ran a Malwarebyte's scan, which found Trojan.Simda.
While the scan was running my Avira antivirus kept detecting infections. I then ran an Avira scan on the laptop drive.
Results,
[70] Archive type: ZIP
[DETECTION] Is the TR/Expl.Java.CVE.AK.1 Trojan
[WARNING] Infected files in archives cannot be repaired
--> Lopok.class
[DETECTION] Is the TR/Dldr.Toniper.6 Trojan
[WARNING] Infected files in archives cannot be repaired
--> Mimio.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Pesur.JE Java virus
[WARNING] Infected files in archives cannot be repaired
--> Strs.class
[DETECTION] Is the TR/Expl.Java.CVE.AK.3 Trojan
[WARNING] Infected files in archives cannot be repaired
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\4bd68813-4211afab
[DETECTION] Is the TR/Expl.Java.CVE.AK.3 Trojan
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\19e4c9d4-575aba14
[70] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0842 exploit
[WARNING] Infected files in archives cannot be repaired
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\19e4c9d4-575aba14
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0842 exploi
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\56bf0f5a-2862b4e9
70] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
[WARNING] Infected files in archives cannot be repaired
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\56bf0f5a-2862b4e9
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\77ca675a-20e03cf5
[70] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/CVE.2009.3869.R exploit
[WARNING] Infected files in archives cannot be repaired
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\77ca675a-20e03cf5
[DETECTION] Contains recognition pattern of the EXP/CVE.2009.3869.R exploit
Beginning disinfection:
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\77ca675a-20e03cf5
[DETECTION] Contains recognition pattern of the EXP/CVE.2009.3869.R exploit
[NOTE] The file was moved to the quarantine directory under the name '51776a58.qua'!
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\56bf0f5a-2862b4e9
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
[NOTE] The file was moved to the quarantine directory under the name '49e145fe.qua'!
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\19e4c9d4-575aba14
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0842 exploit
[NOTE] The file was moved to the quarantine directory under the name '1bb91f11.qua'!
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\4bd68813-4211afab
[DETECTION] Is the TR/Expl.Java.CVE.AK.3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '7d8f50a8.qua'!
tdsskiller came back clean.
The owner is away, but it seems that the laptop did have Nortons, but she was told to put on AVG to speed it up, this did not happen, so she has been relying on Defender and Trusteer Rapport. :eek:
I also noticed that GoToMypc had been downloaded, this is a favoutite of the scammers who phone to tell you your pc is infected.
I need some advice, I'm thinking a complete reinstall.
(Laptop should be up and running tomorrow evening.)
I was asked to repair a noisy fan on a laptop, and also clear some of its clutter, to try to speed it up.
Laptop is an Advent 6411 running Vista Home Premium.
While waiting for the fan to be delivered, I connected up the laptop hard drive to a desktop and ran a Malwarebyte's scan, which found Trojan.Simda.
While the scan was running my Avira antivirus kept detecting infections. I then ran an Avira scan on the laptop drive.
Results,
[70] Archive type: ZIP
[DETECTION] Is the TR/Expl.Java.CVE.AK.1 Trojan
[WARNING] Infected files in archives cannot be repaired
--> Lopok.class
[DETECTION] Is the TR/Dldr.Toniper.6 Trojan
[WARNING] Infected files in archives cannot be repaired
--> Mimio.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Pesur.JE Java virus
[WARNING] Infected files in archives cannot be repaired
--> Strs.class
[DETECTION] Is the TR/Expl.Java.CVE.AK.3 Trojan
[WARNING] Infected files in archives cannot be repaired
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\4bd68813-4211afab
[DETECTION] Is the TR/Expl.Java.CVE.AK.3 Trojan
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\19e4c9d4-575aba14
[70] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0842 exploit
[WARNING] Infected files in archives cannot be repaired
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\19e4c9d4-575aba14
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0842 exploi
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\56bf0f5a-2862b4e9
70] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
[WARNING] Infected files in archives cannot be repaired
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\56bf0f5a-2862b4e9
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\77ca675a-20e03cf5
[70] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/CVE.2009.3869.R exploit
[WARNING] Infected files in archives cannot be repaired
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\77ca675a-20e03cf5
[DETECTION] Contains recognition pattern of the EXP/CVE.2009.3869.R exploit
Beginning disinfection:
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\77ca675a-20e03cf5
[DETECTION] Contains recognition pattern of the EXP/CVE.2009.3869.R exploit
[NOTE] The file was moved to the quarantine directory under the name '51776a58.qua'!
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\56bf0f5a-2862b4e9
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
[NOTE] The file was moved to the quarantine directory under the name '49e145fe.qua'!
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\19e4c9d4-575aba14
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0842 exploit
[NOTE] The file was moved to the quarantine directory under the name '1bb91f11.qua'!
L:\Users\veronica\Documents\Veronica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\4bd68813-4211afab
[DETECTION] Is the TR/Expl.Java.CVE.AK.3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '7d8f50a8.qua'!
tdsskiller came back clean.
The owner is away, but it seems that the laptop did have Nortons, but she was told to put on AVG to speed it up, this did not happen, so she has been relying on Defender and Trusteer Rapport. :eek:
I also noticed that GoToMypc had been downloaded, this is a favoutite of the scammers who phone to tell you your pc is infected.
I need some advice, I'm thinking a complete reinstall.
(Laptop should be up and running tomorrow evening.)
Move along, nothing to see.
0
Comments
-
dr web bootdisk mate... it'll take around 10 hrs to run, but well worth it
http://www.freedrweb.com/cureit/?lng=en
or combofix first, then mbam......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
Thanks GJ.
Fan will be fitted tomorrow evening, I'll install and run Malwarebytes.
As said before, already run mbam with drive as a slave on my pc.
Then I can run dr web overnight.
The archive files are old infections in quarantine?
Worrying bit is the GoToMypc download, don't think it's been installed, but they do bank online, and now with no av and relying on Defender and Crapport.
I don't think I'd be trusting this laptop.Move along, nothing to see.0 -
thinking about it spud, I'd be more inclined to wipe and re-install rather than mess around...even if for no other reason, files quarantined by one av may not be able to be deleted by another, so a risk....hth......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
Got the replacement fan fitted, and everything up and running.
@GJ
I'd already run Combofix before logging on here.
ComboFix 14-12-10.03 - veronica 12/12/2014 20:21:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1093 [GMT 0:00]
Running from: c:\users\veronica\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\veronica\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-11-12 to 2014-12-12 )))))))))))))))))))))))))))))))
.
.
2014-12-12 20:28 . 2014-12-12 20:29
d
w- c:\users\veronica\AppData\Local\temp
2014-12-12 20:28 . 2014-12-12 20:28
d
w- c:\users\Default\AppData\Local\temp
2014-12-12 18:58 . 2014-12-12 19:01
d
w- c:\program files\Malwarebytes Anti-Malware
2014-12-12 18:58 . 2014-11-21 06:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-12 18:58 . 2014-11-21 06:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-12 18:04 . 2014-12-12 18:58
d
w- c:\programdata\Malwarebytes
2014-12-12 18:04 . 2014-12-12 19:05 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-12 18:04 . 2014-12-12 18:57
d
w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-12-12 17:37 . 2014-11-21 06:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-12 17:27 . 2014-12-12 19:55
d
w- c:\program files\NirSoft
2014-12-06 10:05 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D49E6E7-1343-4EAB-B010-A95F16E06FFB}\mpengine.dll
2014-11-20 01:11 . 2014-10-24 01:03 499200 ----a-w- c:\windows\system32\kerberos.dll
2014-11-14 01:06 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-14 01:06 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-14 01:06 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-14 01:06 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-14 01:06 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-14 01:06 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-14 01:05 . 2014-09-19 00:50 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-14 01:05 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-14 01:04 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-14 01:02 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-14 01:02 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-14 01:02 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-14 01:02 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-14 01:02 . 2014-10-18 01:08 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 18:25 . 2014-10-12 23:34 2054656 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-04 14:30 . 2012-11-08 10:30 229000
w- c:\windows\system32\MpSigStub.exe
2014-10-02 13:23 . 2014-10-02 13:23 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-10-02 13:23 . 2014-10-02 13:23 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-10-30 4826904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-11 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2014-07-25 1562264]
"EPLTarget\P0000000000000002"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIILE.EXE" [2012-02-29 249440]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIILE.EXE" [2012-02-29 249440]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-10-31 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 857648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-04 133912]
"SpareMessaging"="c:\program files\Spare Messaging\MessagingApp.exe" [2007-11-28 42824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"Skytel"="Skytel.exe" [2007-05-07 1826816]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2014-07-25 311616]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\users\veronica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\veronica\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2013-01-19 15:53 14232 ----a-w- c:\program files\Citrix\GoToAssist\896\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\veronica\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"KiesAirMessage"=c:\program files\Samsung\Kies\KiesAirMessage.exe -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"BrowserSafeguard"="c:\program files\Browsersafeguard\BrowserSafeguard.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-11 19:10]
.
2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-11 19:10]
.
2014-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647723428-3405931334-1706248941-1000Core.job
- c:\users\veronica\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-30 18:06]
.
2014-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647723428-3405931334-1706248941-1000UA.job
- c:\users\veronica\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-30 18:06]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <-loopback>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{80513702-A050-4018-899E-824ACDE90CA2}: NameServer = 8.8.8.8,8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-12 20:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
LOCKED REGISTRY KEYS
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-12-12 20:31:13
ComboFix-quarantined-files.txt 2014-12-12 20:31
.
Pre-Run: 96,911,286,272 bytes free
Post-Run: 96,808,280,064 bytes free
.
- - End Of File - - 80D7EED551CBC6BF7C8B9803CE69A3D3
5C616939100B85E558DA92B899A0FC36
I'm not an expert, but it doesn't look bad.
I'm going to give it a few quick scans with the usual Mbam etc.
I'm giving it back on Monday, she can then double check she has everything backed up.
I want to find out why certain programs are installed, have a chat and then suggest she reinstalls.Move along, nothing to see.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.4K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.4K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.3K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards