Alext114
-
Posts
6 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Alext114
-
its running like new thank you so much! -
ok heres the log ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK
-
ok heres my combofix Log and so far i see no malware or viruses anywhere after a full system scan ComboFix 12-09-03.06 - Home 09/03/2012 9:04.1.8 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.2203 [GMT -4:00] Running from: c:\users\Home\Desktop\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 ))))))))))))))))))))))))))))))) . . 2012-09-03 13:09 . 2012-09-03 13:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-03 12:25 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-09-03 12:25 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll 2012-09-03 12:25 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys 2012-09-03 12:25 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys 2012-09-03 12:25 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys 2012-09-03 12:25 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys 2012-09-03 12:25 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys 2012-09-03 12:25 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys 2012-09-03 12:25 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe 2012-09-03 12:25 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll 2012-09-03 12:25 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe 2012-09-03 12:25 . 2011-03-11 04:31 91136 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS 2012-09-03 12:20 . 2012-09-03 12:20 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-09-03 12:18 . 2012-09-03 12:18 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-03 12:18 . 2012-09-03 12:18 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-03 12:18 . 2012-09-03 12:18 -------- d-----w- c:\windows\SysWow64\Macromed 2012-09-03 12:18 . 2012-09-03 12:18 -------- d-----w- c:\windows\system32\Macromed 2012-09-03 04:15 . 2012-09-03 04:15 -------- d-----w- c:\programdata\Malwarebytes 2012-09-03 04:15 . 2012-09-03 04:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-03 04:15 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-03 04:11 . 2012-09-03 04:11 -------- d-----w- C:\New folder 2012-09-03 04:07 . 2012-09-03 12:55 -------- d-----w- C:\TDSSKiller_Quarantine 2012-09-03 03:01 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-09-03 03:01 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-09-03 03:01 . 2012-08-21 09:13 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-09-03 03:01 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-09-03 03:01 . 2012-08-21 09:13 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-09-03 03:01 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-09-03 03:01 . 2012-08-21 09:13 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-09-03 03:01 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-09-03 03:01 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-09-03 03:01 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-09-03 03:00 . 2012-09-03 12:51 -------- d-sh--w- c:\windows\Installer 2012-09-03 03:00 . 2012-07-13 10:47 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2012-09-03 03:00 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr 2012-09-03 03:00 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-09-03 03:00 . 2012-09-03 03:00 -------- d-----w- c:\programdata\AVAST Software 2012-09-03 03:00 . 2012-09-03 03:00 -------- d-----w- c:\program files\AVAST Software 2012-09-03 02:54 . 2012-09-03 00:18 -------- d-----w- c:\windows\Panther 2012-09-03 02:53 . 2012-09-03 02:53 -------- d-----w- C:\Boot 2012-09-03 01:37 . 2012-09-03 01:37 -------- d-----w- c:\windows\SysWow64\Wat 2012-09-03 01:37 . 2012-09-03 01:37 -------- d-----w- c:\windows\system32\Wat 2012-09-03 01:19 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2012-09-03 01:19 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2012-09-03 01:07 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll 2012-09-03 01:07 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll 2012-09-03 01:00 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys 2012-09-03 00:58 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll 2012-09-03 00:58 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll 2012-09-03 00:58 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll 2012-09-03 00:58 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll 2012-09-03 00:58 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe 2012-09-03 00:58 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll 2012-09-03 00:58 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2012-09-03 00:58 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll 2012-09-03 00:58 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe 2012-09-03 00:58 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll 2012-09-03 00:54 . 2012-09-03 00:54 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-09-03 00:54 . 2012-09-03 00:54 -------- d-----w- c:\program files\NVIDIA Corporation 2012-09-03 00:47 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-09-03 00:47 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-09-03 00:47 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll 2012-09-03 00:47 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll 2012-09-03 00:47 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-09-03 00:47 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-09-03 00:47 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-09-03 00:44 . 2012-08-03 08:27 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-09-03 00:44 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys 2012-09-03 00:44 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys 2012-09-03 00:44 . 2009-09-03 07:36 1975296 ----a-w- c:\windows\system32\CertEnroll.dll 2012-09-03 00:44 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\SysWow64\CertEnroll.dll 2012-09-03 00:44 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-09-03 00:44 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-09-03 00:44 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-03 00:44 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-03 00:42 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll 2012-09-03 00:41 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-09-03 00:33 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll 2012-09-03 00:33 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-09-03 00:22 . 2012-09-03 00:22 -------- d-----w- c:\program files\Common Files\logishrd 2012-09-03 00:22 . 2012-09-03 00:22 -------- d-----w- c:\program files (x86)\Common Files\logishrd 2012-09-03 00:22 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-09-03 00:22 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll 2012-09-03 00:22 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll 2012-09-03 00:22 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-09-03 00:22 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-09-03 00:19 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-09-03 00:19 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-09-03 00:19 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-09-03 00:19 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-09-03 00:19 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-09-03 00:19 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-09-03 00:19 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-09-03 00:19 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-09-03 00:19 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-09-03 00:19 . 2012-09-03 00:19 -------- d-----w- c:\users\Home 2012-09-03 00:18 . 2012-09-03 00:18 -------- d-----w- C:\Recovery . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 250568] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-03 1255736] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-07-13 12368] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-08-21 133912] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] S3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 12:19] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MRT"="c:\windows\system32\MRT.exe" [2012-08-03 62134624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 . - - - - ORPHANS REMOVED - - - - . SafeBoot-23444948.sys SafeBoot-78816686.sys SafeBoot-86405875.sys . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe . ************************************************************************** . Completion time: 2012-09-03 09:13:09 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-03 13:13 . Pre-Run: 970,407,383,040 bytes free Post-Run: 971,926,917,120 bytes free . - - End Of File - - 6A0F041970DCFC0308B530F69088951F
-
Here are the two logs i had to put an attachment since it was too long... I hope it worked mbam-log-2012-09-03 (00-16-00).txt TDSSKiller.2.8.8.0_03.09.2012_00.05.14_log.txt
-
I used combofix already and malware is still there and idk what to do please help here is my combofix log: ComboFix 12-08-31.08 - pETER 09/02/2012 0:23.3.8 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.2820 [GMT -4:00] Running from: c:\users\pETER\Downloads\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 ))))))))))))))))))))))))))))))) . . 2012-09-02 04:27 . 2012-09-02 04:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-01 18:43 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-09-01 18:43 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-09-01 18:43 . 2012-08-21 09:13 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-09-01 18:42 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-09-01 18:42 . 2012-08-21 09:13 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-09-01 18:42 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-09-01 18:42 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-09-01 18:42 . 2012-08-21 09:13 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-09-01 18:42 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-09-01 18:42 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-09-01 18:41 . 2012-07-13 10:47 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2012-09-01 18:41 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr 2012-09-01 18:41 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-09-01 18:40 . 2012-09-01 18:40 -------- d-----w- c:\programdata\AVAST Software 2012-09-01 18:40 . 2012-09-01 18:40 -------- d-----w- c:\program files\AVAST Software 2012-08-31 17:42 . 2012-09-02 01:54 -------- d-----w- c:\windows\system32\appmgmt 2012-08-31 13:35 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61305CDC-DC25-4510-9DA8-663ED4ECBBC2}\mpengine.dll 2012-08-29 13:06 . 2012-08-29 13:06 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-08-29 13:05 . 2012-08-29 13:06 -------- d-----w- c:\program files\NVIDIA Corporation 2012-08-29 13:04 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll 2012-08-29 02:23 . 2012-08-29 02:25 -------- d-----w- c:\program files (x86)\7-Zip 2012-08-27 21:31 . 2012-08-27 23:09 -------- d-----w- c:\program files (x86)\Common Files\Steam 2012-08-27 21:03 . 2012-08-27 21:03 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-08-25 18:18 . 2012-08-25 18:18 -------- d-----w- c:\windows\SysWow64\Wat 2012-08-25 18:18 . 2012-08-25 18:18 -------- d-----w- c:\windows\system32\Wat 2012-08-25 16:07 . 2012-08-29 15:58 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-25 16:07 . 2012-08-29 15:58 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-25 16:07 . 2012-08-25 16:07 -------- d-----w- c:\windows\SysWow64\Macromed 2012-08-25 16:07 . 2012-08-25 16:07 -------- d-----w- c:\windows\system32\Macromed 2012-08-25 16:07 . 2012-08-25 16:07 -------- d--h--w- c:\windows\AxInstSV 2012-08-25 14:10 . 2012-08-25 11:39 -------- d-----w- c:\windows\Panther 2012-08-25 14:01 . 2012-09-02 03:26 -------- d-----w- C:\Windows.old.001 2012-08-25 12:35 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2012-08-25 12:35 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2012-08-25 12:27 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll 2012-08-25 12:27 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll 2012-08-25 12:22 . 2012-08-25 12:22 -------- d-----w- c:\program files (x86)\Common Files\logishrd 2012-08-25 12:19 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll 2012-08-25 12:19 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll 2012-08-25 12:19 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll 2012-08-25 12:19 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll 2012-08-25 12:19 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe 2012-08-25 12:19 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll 2012-08-25 12:19 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2012-08-25 12:19 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll 2012-08-25 12:19 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe 2012-08-25 12:19 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll 2012-08-25 12:14 . 2012-08-25 12:22 -------- d-----w- c:\program files\Common Files\logishrd 2012-08-25 12:12 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-08-25 12:12 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-08-25 12:12 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll 2012-08-25 12:12 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll 2012-08-25 12:12 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-25 12:12 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-08-25 12:12 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-08-25 12:08 . 2012-08-03 08:27 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-08-25 12:08 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys 2012-08-25 12:08 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys 2012-08-25 12:06 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-25 12:05 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2012-08-25 12:04 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll 2012-08-25 11:56 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll 2012-08-25 11:56 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-08-25 11:55 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll 2012-08-25 11:55 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll 2012-08-25 11:55 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll 2012-08-25 11:55 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-08-25 11:44 . 2012-08-25 11:44 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-08-25 11:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-08-25 11:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-08-25 11:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-08-25 11:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-08-25 11:40 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-08-25 11:40 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-08-25 11:40 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-08-25 11:40 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-08-25 11:40 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-08-25 11:39 . 2012-09-02 02:08 -------- d-----w- c:\users\pETER 2012-08-25 10:39 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((( SnapShot@2012-09-02_03.53.03 ))))))))))))))))))))))))))))))))))))))))) . - 2012-08-25 13:24 . 2012-09-02 03:42 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2012-08-25 13:24 . 2012-09-02 04:09 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2012-08-25 16:06 . 2012-09-02 04:17 15780 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-09-02 04:17 32142 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-08-25 16:06 . 2012-09-02 04:17 4998 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3990207539-2313557210-1559523351-1001_UserData.bin - 2012-09-02 03:51 . 2012-09-02 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-09-02 04:28 . 2012-09-02 04:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-09-02 04:28 . 2012-09-02 04:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-09-02 03:51 . 2012-09-02 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-25 10:26 . 2012-09-02 04:09 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2012-08-25 10:26 . 2012-09-02 03:42 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 04:54 . 2012-09-02 04:31 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-09-02 03:52 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 02:36 . 2012-09-02 00:57 623940 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-09-02 04:20 623940 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-09-02 00:57 106316 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-09-02 04:20 106316 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-09-02 04:27 230004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-09-02 03:50 230004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-08-25 18:18 . 2012-09-02 04:14 2119392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3990207539-2313557210-1559523351-1001-8192.dat + 2012-08-25 16:00 . 2012-09-02 04:27 4020324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat - 2012-08-25 16:00 . 2012-09-02 03:50 4020324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat + 2009-07-14 04:54 . 2012-09-02 04:31 10862592 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-09-02 03:52 10862592 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-09-02 04:31 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-09-02 03:52 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 02:34 . 2012-09-02 02:56 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2012-09-02 04:06 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 250568] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-25 1255736] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-07-13 12368] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-08-21 133912] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] S3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] . . Contents of the 'Scheduled Tasks' folder . 2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 15:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:71,f7,d2,a4,df,82,cd,01 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\\.\globalroot\systemroot\svchost.exe c:\program files\AVAST Software\Avast\AvastSvc.exe . ************************************************************************** . Completion time: 2012-09-02 00:34:58 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-02 04:34 ComboFix2.txt 2012-09-02 04:20 ComboFix3.txt 2012-09-02 03:56 . Pre-Run: 947,568,750,592 bytes free Post-Run: 947,242,090,496 bytes free . - - End Of File - - 25DECCCE755CE1517A7268610D4DAFF4
-
I used combofix to try and fix this malware but after combofix finished it was still there what do i do? heres my log from combo fix: ComboFix 12-08-31.08 - pETER 09/02/2012 0:23.3.8 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.2820 [GMT -4:00] Running from: c:\users\pETER\Downloads\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 ))))))))))))))))))))))))))))))) . . 2012-09-02 04:27 . 2012-09-02 04:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-01 18:43 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-09-01 18:43 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-09-01 18:43 . 2012-08-21 09:13 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-09-01 18:42 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-09-01 18:42 . 2012-08-21 09:13 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-09-01 18:42 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-09-01 18:42 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-09-01 18:42 . 2012-08-21 09:13 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-09-01 18:42 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-09-01 18:42 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-09-01 18:41 . 2012-07-13 10:47 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2012-09-01 18:41 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr 2012-09-01 18:41 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-09-01 18:40 . 2012-09-01 18:40 -------- d-----w- c:\programdata\AVAST Software 2012-09-01 18:40 . 2012-09-01 18:40 -------- d-----w- c:\program files\AVAST Software 2012-08-31 17:42 . 2012-09-02 01:54 -------- d-----w- c:\windows\system32\appmgmt 2012-08-31 13:35 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61305CDC-DC25-4510-9DA8-663ED4ECBBC2}\mpengine.dll 2012-08-29 13:06 . 2012-08-29 13:06 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-08-29 13:05 . 2012-08-29 13:06 -------- d-----w- c:\program files\NVIDIA Corporation 2012-08-29 13:04 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll 2012-08-29 02:23 . 2012-08-29 02:25 -------- d-----w- c:\program files (x86)\7-Zip 2012-08-27 21:31 . 2012-08-27 23:09 -------- d-----w- c:\program files (x86)\Common Files\Steam 2012-08-27 21:03 . 2012-08-27 21:03 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-08-25 18:18 . 2012-08-25 18:18 -------- d-----w- c:\windows\SysWow64\Wat 2012-08-25 18:18 . 2012-08-25 18:18 -------- d-----w- c:\windows\system32\Wat 2012-08-25 16:07 . 2012-08-29 15:58 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-25 16:07 . 2012-08-29 15:58 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-25 16:07 . 2012-08-25 16:07 -------- d-----w- c:\windows\SysWow64\Macromed 2012-08-25 16:07 . 2012-08-25 16:07 -------- d-----w- c:\windows\system32\Macromed 2012-08-25 16:07 . 2012-08-25 16:07 -------- d--h--w- c:\windows\AxInstSV 2012-08-25 14:10 . 2012-08-25 11:39 -------- d-----w- c:\windows\Panther 2012-08-25 14:01 . 2012-09-02 03:26 -------- d-----w- C:\Windows.old.001 2012-08-25 12:35 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2012-08-25 12:35 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2012-08-25 12:27 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll 2012-08-25 12:27 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll 2012-08-25 12:22 . 2012-08-25 12:22 -------- d-----w- c:\program files (x86)\Common Files\logishrd 2012-08-25 12:19 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll 2012-08-25 12:19 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll 2012-08-25 12:19 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll 2012-08-25 12:19 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll 2012-08-25 12:19 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe 2012-08-25 12:19 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll 2012-08-25 12:19 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2012-08-25 12:19 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll 2012-08-25 12:19 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe 2012-08-25 12:19 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll 2012-08-25 12:14 . 2012-08-25 12:22 -------- d-----w- c:\program files\Common Files\logishrd 2012-08-25 12:12 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-08-25 12:12 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-08-25 12:12 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll 2012-08-25 12:12 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll 2012-08-25 12:12 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-25 12:12 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-08-25 12:12 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-08-25 12:08 . 2012-08-03 08:27 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-08-25 12:08 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys 2012-08-25 12:08 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys 2012-08-25 12:06 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-25 12:05 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2012-08-25 12:04 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll 2012-08-25 11:56 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll 2012-08-25 11:56 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-08-25 11:55 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll 2012-08-25 11:55 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll 2012-08-25 11:55 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll 2012-08-25 11:55 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-08-25 11:44 . 2012-08-25 11:44 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-08-25 11:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-08-25 11:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-08-25 11:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-08-25 11:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-08-25 11:40 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-08-25 11:40 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-08-25 11:40 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-08-25 11:40 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-08-25 11:40 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-08-25 11:39 . 2012-09-02 02:08 -------- d-----w- c:\users\pETER 2012-08-25 10:39 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((( SnapShot@2012-09-02_03.53.03 ))))))))))))))))))))))))))))))))))))))))) . - 2012-08-25 13:24 . 2012-09-02 03:42 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2012-08-25 13:24 . 2012-09-02 04:09 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2012-08-25 16:06 . 2012-09-02 04:17 15780 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-09-02 04:17 32142 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-08-25 16:06 . 2012-09-02 04:17 4998 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3990207539-2313557210-1559523351-1001_UserData.bin - 2012-09-02 03:51 . 2012-09-02 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-09-02 04:28 . 2012-09-02 04:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-09-02 04:28 . 2012-09-02 04:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-09-02 03:51 . 2012-09-02 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-25 10:26 . 2012-09-02 04:09 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2012-08-25 10:26 . 2012-09-02 03:42 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 04:54 . 2012-09-02 04:31 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-09-02 03:52 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 02:36 . 2012-09-02 00:57 623940 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-09-02 04:20 623940 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-09-02 00:57 106316 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-09-02 04:20 106316 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-09-02 04:27 230004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-09-02 03:50 230004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-08-25 18:18 . 2012-09-02 04:14 2119392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3990207539-2313557210-1559523351-1001-8192.dat + 2012-08-25 16:00 . 2012-09-02 04:27 4020324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat - 2012-08-25 16:00 . 2012-09-02 03:50 4020324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat + 2009-07-14 04:54 . 2012-09-02 04:31 10862592 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-09-02 03:52 10862592 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-09-02 04:31 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-09-02 03:52 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 02:34 . 2012-09-02 02:56 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2012-09-02 04:06 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 250568] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-25 1255736] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-07-13 12368] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-08-21 133912] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] S3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] . . Contents of the 'Scheduled Tasks' folder . 2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 15:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:71,f7,d2,a4,df,82,cd,01 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\\.\globalroot\systemroot\svchost.exe c:\program files\AVAST Software\Avast\AvastSvc.exe . ************************************************************************** . Completion time: 2012-09-02 00:34:58 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-02 04:34 ComboFix2.txt 2012-09-02 04:20 ComboFix3.txt 2012-09-02 03:56 . Pre-Run: 947,568,750,592 bytes free Post-Run: 947,242,090,496 bytes free . - - End Of File - - 25DECCCE755CE1517A7268610D4DAFF4