Log file:
ComboFix 10-05-02.01 - cheqmate06 02/05/2010 20:49:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1917.1078 [GMT 1:00]
Running from: c:\users\cheqmate06\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1240818376-169580293-2758165429-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3603406258-1867704887-2673171106-500
.
((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.
2010-05-02 20:01 . 2010-05-02 20:01 -------- d-----w- c:\users\cheqmate06\AppData\Local\temp
2010-05-02 20:01 . 2010-05-02 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-20 02:01 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-18 21:32 . 2010-04-18 21:32 -------- d-----w- c:\users\cheqmate06\AppData\Roaming\Apple Computer
2010-04-16 21:36 . 2010-04-16 21:36 -------- d-----w- c:\program files\Conduit
2010-04-15 20:34 . 2010-04-15 20:34 -------- d-----w- c:\windows\system32\Profiles
2010-04-15 18:38 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 18:30 . 2010-04-15 18:30 -------- d-----w- c:\program files\Trend Micro
2010-04-14 20:37 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-04-14 20:37 . 2009-03-08 11:31 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-04-14 20:37 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2010-04-14 20:37 . 2009-03-08 11:22 156160 ----a-w- c:\windows\system32\msls31.dll
2010-04-14 20:37 . 2009-03-08 11:31 34816 ----a-w- c:\windows\system32\imgutil.dll
2010-04-13 21:18 . 2010-04-13 21:18 -------- d-----w- c:\users\cheqmate06\AppData\Local\Opera
2010-04-13 21:17 . 2010-04-14 20:02 -------- d-----w- c:\program files\Opera
2010-04-13 21:10 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-13 21:10 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-13 21:10 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-13 21:09 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-13 21:09 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-13 21:08 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-13 21:08 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-13 21:08 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-13 21:06 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 21:06 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-13 20:46 . 2010-04-13 20:46 -------- d-----w- c:\progra~2\Apple Computer
2010-04-13 20:44 . 2010-04-13 20:44 -------- d-----w- c:\program files\Common Files\Apple
2010-04-13 20:44 . 2010-04-13 20:44 -------- d-----w- c:\program files\Apple Software Update
2010-04-13 20:44 . 2010-04-13 20:44 -------- d-----w- c:\progra~2\Apple
2010-04-12 22:47 . 2010-04-12 22:52 -------- d-----w- c:\program files\Free Window Registry Repair
2010-04-12 22:05 . 2010-04-12 22:18 -------- d-----w- c:\users\cheqmate06\AppData\Roaming\Smart PC Solutions
2010-04-12 22:04 . 2010-04-12 22:04 -------- d-----w- c:\program files\Smart PC Solutions
2010-04-12 21:28 . 2010-04-12 21:28 -------- d-----w- c:\program files\AML Products
2010-04-12 19:27 . 2010-04-12 19:27 -------- d-----w- c:\windows\system32\QuickTime
2010-04-11 12:15 . 2010-04-11 12:15 -------- d-----w- c:\program files\Common Files\Java(88)
2010-04-11 11:40 . 2010-04-11 11:40 -------- d-----w- c:\program files\Vuze
2010-04-11 11:39 . 2010-04-16 21:36 -------- d-----w- c:\program files\Vuze_Remote
2010-04-11 11:06 . 2010-04-11 11:06 -------- d-----w- c:\users\cheqmate06\AppData\Local\ElevatedDiagnostics
2010-04-11 11:03 . 2010-04-11 11:06 -------- d-----w- c:\program files\Microsoft ATS
2010-04-11 10:11 . 2010-04-12 02:00 1356 ----a-w- c:\users\cheqmate06\AppData\Local\d3d9caps.dat
2010-04-09 22:14 . 2010-04-09 22:14 -------- d-----w- c:\program files\Common Files\Java(0)
2010-04-06 09:56 . 2008-06-06 19:49 302592 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp692.dll
2010-04-06 09:55 . 2008-04-16 04:05 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-04-06 09:55 . 2008-06-06 19:49 118272 ----a-w- c:\windows\system32\hpz3l692.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 19:21 . 2008-03-14 14:10 -------- d-----w- c:\users\cheqmate06\AppData\Roaming\Azureus
2010-05-02 08:07 . 2007-09-13 16:27 -------- d-----w- c:\program files\Java
2010-04-16 21:36 . 2008-03-15 21:35 -------- d-----w- c:\program files\Azureus
2010-04-15 20:46 . 2008-02-14 20:57 -------- d-----w- c:\program files\Kontiki
2010-04-14 20:36 . 2010-04-14 20:36 -------- d-----w- c:\program files\Common Files\Java
2010-04-14 20:35 . 2008-12-11 21:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-14 06:29 . 2007-09-14 11:32 -------- d-----w- c:\progra~2\Microsoft Help
2010-04-14 06:21 . 2009-05-24 20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-13 21:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-13 21:32 . 2008-04-21 21:44 -------- d-----w- c:\program files\Real
2010-04-13 21:05 . 2008-03-28 22:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-13 20:47 . 2008-02-07 22:03 -------- d-----w- c:\program files\QuickTime
2010-04-12 21:36 . 2008-02-07 17:36 87912 ----a-w- c:\users\cheqmate06\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-12 21:01 . 2009-05-24 22:13 -------- d-----w- c:\program files\CCleaner
2010-04-12 19:53 . 2009-04-19 11:07 -------- d-----w- c:\program files\Microsoft
2010-03-29 23:46 . 2009-05-24 20:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2009-05-24 20:00 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-04 12:50 . 2010-03-04 12:50 261152 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2010-03-03 22:18 . 2008-04-30 21:37 -------- d-----w- c:\users\cheqmate06\AppData\Roaming\PC Suite
2010-02-24 09:16 . 2009-10-03 16:03 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-04-14 20:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-14 20:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-14 20:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-14 20:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-14 03:01 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-14 03:01 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-14 03:01 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-03 11:24 . 2010-02-03 11:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-03-17 14:45 2355224 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-13 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2006-11-28 13:12 222720 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 02:37 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e6,7e,88,38,ed,fb,c9,01
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-11-02 9216]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-05 691696]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
S2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [2007-06-07 202280]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-05-02 c:\windows\Tasks\User_Feed_Synchronization-{2B8BC164-1296-4F2A-85D5-F7257458BF09}.job
- c:\windows\system32\msfeedssync.exe [2010-04-14 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk
mStart Page = hxxp://www.google.co.uk
uInternet Settings,ProxyOverride = local
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home
FF - ProfilePath - c:\users\cheqmate06\AppData\Roaming\Mozilla\Firefox\Profiles\cy5cs2ye.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 21:01
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x860638C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82b0cd24
\Driver\ACPI -> acpi.sys @ 0x8220fd68
\Driver\atapi -> atapi.sys @ 0x823219b0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-02 21:06:46
ComboFix-quarantined-files.txt 2010-05-02 20:06
Pre-Run: 16,093,474,816 bytes free
Post-Run: 16,082,919,424 bytes free
- - End Of File - - DB5DF6A51397F33F876EEF743116543D
Much appreciated.
Cheqmate06