Hi there having issues with firefox slow booting, (up to 3 minutes), redirect when clicking on a link, and new windows opening on their own.
I have maleware bytes, and microsoft security essentials.
I have run combo fix and will paste result. Microsoft security essentials is turned off now after combofix, can i still use it?
since combofix the firefox seems to be working and i will update any other findings.
Do you see any errors or problems?Thanks
ComboFix 10-12-14.01 - Jeff 12/14/2010 20:34:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.1335 [GMT -4:00]
Running from: c:\users\Jeff\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Jeff\AppData\Roaming\inst.exe
c:\users\Jeff\AppData\Roaming\Local
c:\users\Jeff\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Jeff\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Jeff\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Jeff\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\Jeff\Documents\Readiris.DUS
c:\windows\system32\KBL.LOG
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 )))))))))))))))))))))))))))))))
.
2010-12-15 00:54 . 2010-12-15 00:57 -------- d-----w- c:\users\Jeff\AppData\Local\temp
2010-12-15 00:54 . 2010-12-15 00:54 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-12-15 00:54 . 2010-12-15 00:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-15 00:54 . 2010-12-15 00:54 -------- d-----w- c:\users\SHELL\AppData\Local\temp
2010-12-13 16:05 . 2010-12-13 16:05 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-12-13 16:04 . 2010-12-13 16:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-12-13 16:02 . 2010-12-13 16:06 -------- d-----w- c:\program files\DivX
2010-12-13 16:02 . 2010-12-13 16:06 -------- d-----w- c:\programdata\DivX
2010-12-12 21:31 . 2010-12-12 21:33 -------- d-----w- c:\windows\system32\catroot2
2010-12-12 01:25 . 2010-12-12 01:25 -------- d-----w- c:\users\Jeff\AppData\Local\WBFSManager
2010-12-12 01:23 . 2010-12-12 01:23 -------- d-----w- c:\program files\WBFS
2010-12-11 23:59 . 2010-07-15 12:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-12-11 23:59 . 2010-10-28 16:23 2217088 ----a-w- c:\windows\system32\BootMan.exe
2010-12-11 23:59 . 2010-07-15 12:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-12-11 23:59 . 2010-07-15 12:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-12-11 23:59 . 2010-07-15 12:44 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-12-11 23:59 . 2010-12-11 23:59 -------- d-----w- c:\program files\EASEUS
2010-12-11 16:22 . 2008-12-14 00:01 77824 ----a-w- c:\windows\system32\xvid.ax
2010-12-11 16:22 . 2008-12-05 01:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-11 16:22 . 2008-12-05 01:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-11 16:22 . 2010-12-11 16:22 -------- d-----w- c:\program files\Xvid
2010-12-11 12:09 . 2010-12-11 12:25 -------- d-----w- c:\users\Jeff\AppData\Roaming\Nero
2010-12-11 02:21 . 2010-12-11 02:22 -------- d-----w- c:\program files\Common Files\Nero
2010-12-11 02:20 . 2010-12-11 02:25 -------- d-----w- c:\programdata\Nero
2010-12-11 02:13 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-12-11 02:13 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-12-10 13:13 . 2010-11-16 16:01 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F12A32A5-8DF5-469D-99AC-9CFB9B8D7DB5}\mpengine.dll
2010-12-10 13:08 . 2010-12-10 13:08 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-12-10 11:54 . 2010-12-10 11:54 -------- d-----w- c:\program files\uTorrent
2010-12-10 11:54 . 2010-12-15 00:03 -------- d-----w- c:\users\Jeff\AppData\Roaming\uTorrent
2010-12-08 13:30 . 2010-12-08 13:30 219200 ----a-w- c:\windows\system32\dtsoftbus01.sys
2010-12-08 13:22 . 2010-12-08 13:22 -------- d-----w- c:\programdata\bdch
2010-12-08 13:07 . 2010-12-08 13:07 -------- d-----w- c:\program files\BitDefender
2010-12-08 13:02 . 2010-12-08 13:02 -------- d-----w- c:\users\Jeff\AppData\Roaming\QuickScan
2010-12-08 13:01 . 2010-12-08 13:07 -------- d-----w- c:\program files\Common Files\BitDefender
2010-12-08 13:01 . 2010-12-08 13:19 62450 ----a-w- c:\programdata\bdinstall.bin
2010-12-07 11:25 . 2010-12-07 11:25 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-12-07 03:35 . 2010-11-30 15:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 03:34 . 2010-11-30 15:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 03:24 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBA4B151-505A-4B9D-9EB2-4C21043B6535}\mpengine.dll
2010-12-04 14:40 . 2010-12-04 14:40 -------- d-----w- c:\users\Jeff\AppData\Roaming\Malwarebytes
2010-12-04 14:40 . 2010-12-04 14:40 -------- d-----w- c:\programdata\Malwarebytes
2010-12-04 14:40 . 2010-12-10 11:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-23 19:54 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-17 23:30 . 2010-11-17 23:30 -------- d-----w- c:\program files\Passware
2010-11-17 11:55 . 2010-11-17 11:55 -------- d-----w- c:\program files\Intelore
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-14 23:54 . 2010-08-25 10:50 420920 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-10-19 14:41 . 2009-10-03 10:04 222080 ------w- c:\windows\system32\MpSigStub.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-03 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"Prelaunch OmniPage"="c:\program files\Nuance\OmniPage17\OmniPage17.exe" [2010-01-26 5592352]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
c:\users\SHELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca45ea80e8e190;Google Update Service (gupdate1ca45ea80e8e190);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 133104]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AFS;AFS; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-14 420920]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-12-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-06 04:18]
2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 18:34]
2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: pogo.com\game3
TCP: {9EDE12AD-6E7E-4171-9A86-A055CBE5991D} = 24.222.0.94,24.222.0.95
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\bljpsikf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6b978&v=6.010.006.004&i=26&tp=ab&iy=&ychte=ca&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-OpAgent - OpAgent.exe
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
HKLM-Run-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
AddRemove-Adobe Acrobat 4.0 - c:\program files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu
AddRemove-Adobe AIR - c:\program files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
AddRemove-Adobe_faf656ef605427ee2f42989c3ad31b8 - c:\program files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe
AddRemove-Greeting Card Creator 32 - c:\progra~1\GREETI~1\UNWISE.EXE
AddRemove-InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0} - c:\progra~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe
AddRemove-Mansion Poker - c:\poker\MansionPoker\_MansionPoker.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-14 20:57
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\Jeff\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD1600BEVS-60RST0 rev.04.01G04 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85BAE555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85bb47b0]; MOV EAX, [0x85bb482c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E4B962] -> \Device\Harddisk0\DR0[0x85512358]
3 CLASSPNP[0x87FAC8B3] -> ntkrnlpa!IofCallDriver[0x81E4B962] -> [0x84DCB858]
5 acpi[0x8074A6BC] -> ntkrnlpa!IofCallDriver[0x81E4B962] -> [0x84DC5030]
\Driver\atapi[0x8591E318] -> IRP_MJ_CREATE -> 0x85BAE555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-3 -> \??\IDE#DiskWDC_WD1600BEVS-60RST0___________________04.01G04#5&1f5e53fc&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x843f01f8
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1289332796\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"1\" />"
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-14 21:10:40
ComboFix-quarantined-files.txt 2010-12-15 01:10
Pre-Run: 12,929,273,856 bytes free
Post-Run: 14,584,410,112 bytes free
- - End Of File - - 1364B2C627A7C013DB80C600070ADB69
I have maleware bytes, and microsoft security essentials.
I have run combo fix and will paste result. Microsoft security essentials is turned off now after combofix, can i still use it?
since combofix the firefox seems to be working and i will update any other findings.
Do you see any errors or problems?Thanks
ComboFix 10-12-14.01 - Jeff 12/14/2010 20:34:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.1335 [GMT -4:00]
Running from: c:\users\Jeff\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Jeff\AppData\Roaming\inst.exe
c:\users\Jeff\AppData\Roaming\Local
c:\users\Jeff\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Jeff\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Jeff\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Jeff\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\Jeff\Documents\Readiris.DUS
c:\windows\system32\KBL.LOG
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 )))))))))))))))))))))))))))))))
.
2010-12-15 00:54 . 2010-12-15 00:57 -------- d-----w- c:\users\Jeff\AppData\Local\temp
2010-12-15 00:54 . 2010-12-15 00:54 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-12-15 00:54 . 2010-12-15 00:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-15 00:54 . 2010-12-15 00:54 -------- d-----w- c:\users\SHELL\AppData\Local\temp
2010-12-13 16:05 . 2010-12-13 16:05 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-12-13 16:04 . 2010-12-13 16:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-12-13 16:02 . 2010-12-13 16:06 -------- d-----w- c:\program files\DivX
2010-12-13 16:02 . 2010-12-13 16:06 -------- d-----w- c:\programdata\DivX
2010-12-12 21:31 . 2010-12-12 21:33 -------- d-----w- c:\windows\system32\catroot2
2010-12-12 01:25 . 2010-12-12 01:25 -------- d-----w- c:\users\Jeff\AppData\Local\WBFSManager
2010-12-12 01:23 . 2010-12-12 01:23 -------- d-----w- c:\program files\WBFS
2010-12-11 23:59 . 2010-07-15 12:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-12-11 23:59 . 2010-10-28 16:23 2217088 ----a-w- c:\windows\system32\BootMan.exe
2010-12-11 23:59 . 2010-07-15 12:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-12-11 23:59 . 2010-07-15 12:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-12-11 23:59 . 2010-07-15 12:44 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-12-11 23:59 . 2010-12-11 23:59 -------- d-----w- c:\program files\EASEUS
2010-12-11 16:22 . 2008-12-14 00:01 77824 ----a-w- c:\windows\system32\xvid.ax
2010-12-11 16:22 . 2008-12-05 01:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-11 16:22 . 2008-12-05 01:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-11 16:22 . 2010-12-11 16:22 -------- d-----w- c:\program files\Xvid
2010-12-11 12:09 . 2010-12-11 12:25 -------- d-----w- c:\users\Jeff\AppData\Roaming\Nero
2010-12-11 02:21 . 2010-12-11 02:22 -------- d-----w- c:\program files\Common Files\Nero
2010-12-11 02:20 . 2010-12-11 02:25 -------- d-----w- c:\programdata\Nero
2010-12-11 02:13 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-12-11 02:13 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-12-10 13:13 . 2010-11-16 16:01 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F12A32A5-8DF5-469D-99AC-9CFB9B8D7DB5}\mpengine.dll
2010-12-10 13:08 . 2010-12-10 13:08 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-12-10 11:54 . 2010-12-10 11:54 -------- d-----w- c:\program files\uTorrent
2010-12-10 11:54 . 2010-12-15 00:03 -------- d-----w- c:\users\Jeff\AppData\Roaming\uTorrent
2010-12-08 13:30 . 2010-12-08 13:30 219200 ----a-w- c:\windows\system32\dtsoftbus01.sys
2010-12-08 13:22 . 2010-12-08 13:22 -------- d-----w- c:\programdata\bdch
2010-12-08 13:07 . 2010-12-08 13:07 -------- d-----w- c:\program files\BitDefender
2010-12-08 13:02 . 2010-12-08 13:02 -------- d-----w- c:\users\Jeff\AppData\Roaming\QuickScan
2010-12-08 13:01 . 2010-12-08 13:07 -------- d-----w- c:\program files\Common Files\BitDefender
2010-12-08 13:01 . 2010-12-08 13:19 62450 ----a-w- c:\programdata\bdinstall.bin
2010-12-07 11:25 . 2010-12-07 11:25 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-12-07 03:35 . 2010-11-30 15:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 03:34 . 2010-11-30 15:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 03:24 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBA4B151-505A-4B9D-9EB2-4C21043B6535}\mpengine.dll
2010-12-04 14:40 . 2010-12-04 14:40 -------- d-----w- c:\users\Jeff\AppData\Roaming\Malwarebytes
2010-12-04 14:40 . 2010-12-04 14:40 -------- d-----w- c:\programdata\Malwarebytes
2010-12-04 14:40 . 2010-12-10 11:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-23 19:54 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-17 23:30 . 2010-11-17 23:30 -------- d-----w- c:\program files\Passware
2010-11-17 11:55 . 2010-11-17 11:55 -------- d-----w- c:\program files\Intelore
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-14 23:54 . 2010-08-25 10:50 420920 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-10-19 14:41 . 2009-10-03 10:04 222080 ------w- c:\windows\system32\MpSigStub.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-03 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"Prelaunch OmniPage"="c:\program files\Nuance\OmniPage17\OmniPage17.exe" [2010-01-26 5592352]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
c:\users\SHELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca45ea80e8e190;Google Update Service (gupdate1ca45ea80e8e190);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 133104]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AFS;AFS; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-14 420920]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-12-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-06 04:18]
2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 18:34]
2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: pogo.com\game3
TCP: {9EDE12AD-6E7E-4171-9A86-A055CBE5991D} = 24.222.0.94,24.222.0.95
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\bljpsikf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6b978&v=6.010.006.004&i=26&tp=ab&iy=&ychte=ca&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-OpAgent - OpAgent.exe
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
HKLM-Run-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
AddRemove-Adobe Acrobat 4.0 - c:\program files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu
AddRemove-Adobe AIR - c:\program files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
AddRemove-Adobe_faf656ef605427ee2f42989c3ad31b8 - c:\program files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe
AddRemove-Greeting Card Creator 32 - c:\progra~1\GREETI~1\UNWISE.EXE
AddRemove-InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0} - c:\progra~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe
AddRemove-Mansion Poker - c:\poker\MansionPoker\_MansionPoker.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-14 20:57
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\Jeff\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD1600BEVS-60RST0 rev.04.01G04 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85BAE555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85bb47b0]; MOV EAX, [0x85bb482c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E4B962] -> \Device\Harddisk0\DR0[0x85512358]
3 CLASSPNP[0x87FAC8B3] -> ntkrnlpa!IofCallDriver[0x81E4B962] -> [0x84DCB858]
5 acpi[0x8074A6BC] -> ntkrnlpa!IofCallDriver[0x81E4B962] -> [0x84DC5030]
\Driver\atapi[0x8591E318] -> IRP_MJ_CREATE -> 0x85BAE555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-3 -> \??\IDE#DiskWDC_WD1600BEVS-60RST0___________________04.01G04#5&1f5e53fc&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x843f01f8
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1289332796\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"1\" />"
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-14 21:10:40
ComboFix-quarantined-files.txt 2010-12-15 01:10
Pre-Run: 12,929,273,856 bytes free
Post-Run: 14,584,410,112 bytes free
- - End Of File - - 1364B2C627A7C013DB80C600070ADB69