Posted 29 April 2011 - 11:28 PM
Going to try and type this as fast as possible since I don't know what the hell is going on at the moment, and I don't want to be connected to the internet for very long.
I came back to the pc after lounging and find that comodo's Defense+Events had Access COM Interface entry: LocalAuthority.SystemTime, followed by a Create Process system32\shell32.dll entry, and then another Create Process mshta.exe.
Jumped to the event viewer>security and I see some unsettling audits, examples: account logon \logoff when I didn't, one of the event properties lists and authentication package to authenticate logon attemps under the package name Kerberos (kerberos.dll)
Another package name "scecli", was loaded by the security account manager.
Any of the entries I can't really understand, only that I wasn't at my machine when they took place, and my firewall(comodo) crashed for no apparent reason.
Maybe I'm overrating but I recently had to get a new hd because of a serious rootkit\virus problem. If someone could help me I'd be extremely grateful.