Hey Dave, thank you for your reply.
Re: Hijack:
Found and deleted four files but couldn't find the following in the list:
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O3 - Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Re: ComboFix:
'Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel'
I was not abe to to click start, as soon as I clicked on the icon the program started up and there was no search displayed, the
scan just started up automatically, see output below.
--- HijackThis ---
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
avast! Free Antivirus
Browser Address Error Redirector
CCleaner
Compatibility Pack for the 2007 Office system
Conduit Engine
Dell Getting Started Guide
Dell Support Center
Dell Support Center
Dell Touchpad
EDocs
Free Mp3 Wma Converter V 1.81
Google Desktop
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HyperTerminal Private Edition v7.0
Java(TM) 6 Update 23
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Miro
Mozilla Firefox (3.6.13)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My O2
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
OGA Notifier 2.0.0048.0
Online Armor 4.0
Opera 10.00
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PC Connectivity Solution
PowerDVD
QuickSet
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.90
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Samsung Universal Print Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype™ 4.0
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Vista Codec Package
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Media Player Firefox Plugin
--- checkup ---
Results of screen317's Security Check version 0.99.8
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 7
Out of date! ``````````````````````````````
Antivirus/Firewall Check: Windows Firewall Disabled!
avast! Free Antivirus
Online Armor 4.0
WMI entry may not exist for antivirus; attempting automatic update. ```````````````````````````````
Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Adobe Flash Player 10.1.102.64
Adobe Reader X
````````````````````````````````
Process Check:
objlist.exe by Laurent ``````````End of Log```````````` --- ComboFix ---
ComboFix 10-12-30.01 - Sam 30/12/2010 20:51:49.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2038.1056 [GMT 0:00]
Running from: c:\users\Sam\Desktop\commy.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: Online Armor Firewall *Disabled* {5841EF60-F43F-AE8D-642F-D79F12883626}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\PCDr\5744\Downloads\5a6257cc-a15e-41eb-b891-52f7e087b40f.dll
c:\programdata\PCDr\5744\Downloads\c229b02b-4e01-43e4-9587-37961f6873bc.dll
c:\programdata\PCDr\5744\Downloads\d242df42-c817-4c92-8e27-a770772ec980.dll
c:\programdata\PCDr\5744\Downloads\ef253e79-80d5-4656-b429-008ec2e1d22e.dll
c:\programdata\PCDr\5744\Downloads\fbaabbe1-30af-47f6-a8e1-dfd8bbc2f468.dll
----- BITS: Possible infected sites -----
hxxp://sync.mobilebroadband.o2.co.uk:8080
.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-30 )))))))))))))))))))))))))))))))
.
2010-12-30 12:58 . 2010-12-30 14:25 -------- d-----w- c:\programdata\OnlineArmor
2010-12-30 12:58 . 2010-12-30 12:58 -------- d-----w- c:\users\Sam\AppData\Roaming\OnlineArmor
2010-12-30 12:57 . 2010-07-07 12:25 22600 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-12-30 12:57 . 2010-07-07 12:25 29256 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-12-30 12:57 . 2010-07-07 12:25 236104 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-12-30 12:57 . 2010-12-30 12:57 -------- d-----w- c:\program files\Emsisoft
2010-12-30 11:38 . 2010-12-30 11:38 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-12-30 11:37 . 2010-12-30 11:37 -------- d-----w- c:\programdata\McAfee
2010-12-30 11:33 . 2010-12-30 11:33 -------- d-----w- c:\programdata\Apple Computer
2010-12-30 10:00 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-30 10:00 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-30 09:59 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-30 09:59 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-30 09:59 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-30 09:59 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-30 09:59 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-30 09:59 . 2010-12-30 09:59 -------- d-----w- c:\programdata\Alwil Software
2010-12-30 09:59 . 2010-12-30 09:59 -------- d-----w- c:\program files\Alwil Software
2010-12-30 09:36 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8332DDE4-7486-4492-AED0-E7BDDBC86BED}\mpengine.dll
2010-12-29 01:08 . 2010-12-29 01:08 388096 ----a-r- c:\users\Sam\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-29 01:08 . 2010-12-29 01:08 -------- d-----w- c:\program files\Trend Micro
2010-12-29 01:02 . 2010-12-29 01:02 -------- d-----w- c:\program files\Common Files\Java
2010-12-29 01:02 . 2010-12-29 01:01 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-29 01:02 . 2010-12-29 01:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-29 00:17 . 2010-12-29 00:17 -------- d-----w- c:\users\Sam\AppData\Roaming\Malwarebytes
2010-12-29 00:17 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 00:17 . 2010-12-29 00:17 -------- d-----w- c:\programdata\Malwarebytes
2010-12-29 00:17 . 2010-12-29 00:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-29 00:17 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-28 22:45 . 2010-12-28 22:45 -------- d-----w- c:\users\Sam\AppData\Roaming\SUPERAntiSpyware.com
2010-12-28 22:45 . 2010-12-28 22:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-28 22:45 . 2010-12-28 22:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-28 19:25 . 2010-12-29 00:22 -------- d-----w- c:\users\Sam\AppData\Roaming\jajjdaydo
2010-12-23 19:56 . 2010-12-23 19:56 -------- d-----w- c:\program files\DIFX
2010-12-18 17:50 . 2010-07-30 14:17 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-12-18 17:46 . 2010-12-23 19:50 -------- d-----w- c:\program files\Nokia
2010-12-15 03:20 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESSamFilter.dat
2010-12-12 22:23 . 2010-12-12 22:23 -------- d-----w- c:\program files\GetMiro Toolbar
2010-12-09 21:23 . 2010-12-28 21:59 -------- d-----w- c:\users\Sam\AppData\Roaming\Azureus
2010-12-09 21:22 . 2010-12-20 15:38 -------- d-----w- c:\program files\Conduit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-10-19 10:41 . 2009-10-02 15:54 222080 ------w- c:\windows\system32\MpSigStub.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 15:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-11 135664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-22 159744]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-22 4907008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-04 548864]
"O2DA"="c:\program files\O2 Assistant\bin\sprtcmd.exe" [2010-04-23 206120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\OAui.exe" [2010-07-07 6854984]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-06-14 13:06 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-11 18:28 135664 ----atw- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-04-16 12:36 24264488 ----a-r- c:\program files\Skype\Phone\Skype.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 136176]
R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [2010-07-07 3364680]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-10-26 21744]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2009-03-24 127656]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-17 691696]
S1 aswSP;aswSP;
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-07-07 236104]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-07-07 22600]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-02-22 77824]
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\OAcat.exe [2010-07-07 1283400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files\O2 Assistant\bin\sprtsvc.exe [2010-04-23 206120]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-11-10 5120]
S2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files\O2 Assistant\bin\tgsrvc.exe [2010-04-23 185640]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-02-22 48472]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-02-22 43480]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2010-07-07 29256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-27 13:47]
2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-27 13:47]
2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1900899137-3597166765-57595471-1000Core.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11 18:28]
2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1900899137-3597166765-57595471-1000UA.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11 18:28]
2010-12-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 09:56]
2010-12-30 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 09:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\hw2p07aw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-12-30 20:58
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-30 21:00:55
ComboFix-quarantined-files.txt 2010-12-30 21:00
Pre-Run: 52,385,853,440 bytes free
Post-Run: 52,326,662,144 bytes free
- - End Of File - - 77CD87D28214D15965FDD627277D3EBD