Des

Members

View Profile See their activity

Posts
1
Joined
March 21, 2011
Last visited
March 21, 2011

Reputation

0 Neutral

ComboFix log

Des posted a topic in Resolved Malware Removal Logs

Hi there, I'm reaching out for some expert help. My PC started having some strange issues (not allowing me to do System Restore, Not allowing to run Process Monitor, some weird redirects when browsing...etc) I run ComboFix and it found some stuff that deleted it. I would greatly appreciate somebody to analyze it see if there is anything that need to be addressed. Here is the log: ComboFix 11-03-19.04 - Des 03/20/2011 21:56:30.1.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6142.4645 [GMT -4:00] Running from: c:\users\Des\Downloads\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\data\cmdline.cfg c:\users\Des\Documents\regbu.reg c:\windows\SysWow64\local.txt . . ((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 ))))))))))))))))))))))))))))))) . . 2011-03-20 14:28 . 2011-03-20 14:28 -------- d-----w- c:\windows\CheckSur 2011-03-20 12:36 . 2009-07-14 00:06 5632 ----a-w- c:\windows\system32\drivers\drmkaud.sys 2011-03-20 12:36 . 2009-07-13 23:38 29184 ----a-w- c:\windows\system32\drivers\vgapnp.sys 2011-03-20 11:57 . 2011-03-20 11:57 -------- d-----w- c:\windows\system32\EventProviders 2011-03-18 11:41 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47CD8B24-49E9-46E8-A364-3943015A2C01}\mpengine.dll 2011-03-16 16:26 . 2011-02-23 14:04 238968 ----a-w- c:\windows\system32\aswBoot.exe 2011-03-16 16:26 . 2011-02-23 13:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-03-15 13:14 . 2011-03-15 14:34 -------- d-----w- c:\users\Des\.idlerc 2011-03-13 16:43 . 2011-03-14 03:50 -------- d-----w- C:\VritualRoot 2011-03-13 15:25 . 2011-03-13 16:26 -------- d-----w- c:\programdata\Comodo 2011-03-08 22:39 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll 2011-03-08 22:39 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll 2011-03-08 22:39 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll 2011-03-08 22:39 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll 2011-03-08 22:39 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll 2011-03-08 22:39 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-03-08 22:39 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax 2011-03-08 22:39 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll 2011-03-08 22:39 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe 2011-03-08 22:39 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll 2011-03-08 22:39 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe 2011-03-08 17:18 . 2011-03-08 17:18 -------- d-----w- c:\programdata\IMSIDesign 2011-03-08 17:17 . 2011-03-08 17:19 -------- d-----w- c:\users\Des\AppData\Roaming\IMSIDesign 2011-02-28 19:53 . 2011-02-28 19:53 -------- d-----w- c:\windows\SysWow64\BestPractices 2011-02-28 19:53 . 2011-02-28 19:53 -------- d-----w- c:\windows\system32\BestPractices 2011-02-28 19:53 . 2011-02-28 20:03 -------- d-----w- C:\inetpub 2011-02-28 19:12 . 2011-02-28 19:12 -------- d-----w- c:\users\Des\AppData\Roaming\Process Hacker 2 2011-02-28 19:03 . 2011-02-28 19:03 -------- d-----w- c:\program files\Process Hacker 2 2011-02-28 17:56 . 2011-02-28 18:47 96 ----a-w- c:\users\Des\advanced_ip_scanner_MAC.bin 2011-02-28 17:41 . 2011-02-28 17:41 -------- d-----w- c:\program files (x86)\Advanced IP Scanner v2 2011-02-27 21:31 . 2011-02-27 21:31 -------- d-----w- c:\users\Des\AppData\Local\www.ispyconnect.com . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-20 12:36 . 2009-07-13 23:33 67072 ----a-w- c:\windows\SysWow64\CertEnrollCtrl.exe 2011-03-20 12:36 . 2009-07-14 00:01 152064 ----a-w- c:\windows\system32\iscsicli.exe 2011-03-20 12:36 . 2009-07-14 00:01 89088 ----a-w- c:\windows\system32\iscsiwmi.dll 2011-03-20 12:36 . 2009-07-13 23:42 980992 ----a-w- c:\windows\system32\d2d1.dll 2011-03-20 12:36 . 2009-07-14 00:01 78848 ----a-w- c:\windows\system32\hbaapi.dll 2011-03-20 12:36 . 2009-07-13 23:57 705536 ----a-w- c:\windows\system32\imagesp1.dll 2011-03-20 12:36 . 2009-07-13 23:26 313856 ----a-w- c:\windows\system32\newdev.dll 2011-03-20 12:36 . 2009-07-13 23:29 537600 ----a-w- c:\windows\SysWow64\objsel.dll 2011-03-20 12:36 . 2009-07-14 00:18 58368 ----a-w- c:\windows\SysWow64\findnetprinters.dll 2011-03-20 12:36 . 2009-07-13 23:36 296960 ----a-w- c:\windows\system32\rstrui.exe 2011-03-20 12:36 . 2009-07-14 00:10 99328 ----a-w- c:\windows\system32\rasauto.dll 2011-03-17 00:36 . 2010-05-19 21:17 234576 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2011-03-17 00:36 . 2010-05-19 21:16 234576 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-02-23 14:04 . 2010-06-29 10:31 40648 ----a-w- c:\windows\avastSS.scr 2011-02-23 14:04 . 2010-05-19 18:47 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-02-23 13:57 . 2010-05-19 18:48 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-02-23 13:55 . 2010-05-19 18:48 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-02-23 13:55 . 2010-05-19 18:48 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-02-23 13:55 . 2010-05-19 18:48 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-02-23 13:54 . 2010-05-19 18:48 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-02-02 22:11 . 2010-05-19 18:19 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-01-07 08:06 . 2011-02-09 21:13 46080 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 07:27 . 2011-02-09 21:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-01-07 05:49 . 2011-02-09 21:13 366080 ----a-w- c:\windows\system32\atmfd.dll 2011-01-07 05:33 . 2011-02-09 21:13 294400 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-01-06 21:37 . 2011-01-06 21:37 89840 ----a-w- c:\windows\system32\drivers\inspect.sys 2011-01-06 21:37 . 2011-01-06 21:37 39888 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-01-06 21:36 . 2011-01-06 21:36 250008 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2011-01-06 21:36 . 2011-01-06 21:36 14184 ----a-w- c:\windows\system32\drivers\cmderd.sys 2011-01-05 06:20 . 2011-02-09 21:13 612352 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 05:37 . 2011-02-09 21:13 428032 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-01-05 04:00 . 2011-02-09 21:13 3127808 ----a-w- c:\windows\system32\win32k.sys 2010-12-29 05:42 . 2010-12-29 05:42 285480 ----a-w- c:\windows\SysWow64\guard32.dll 2010-12-29 05:42 . 2010-12-29 05:42 362784 ----a-w- c:\windows\system32\guard64.dll 2010-12-26 21:00 . 2010-09-08 17:16 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2010-12-26 21:00 . 2010-09-08 17:16 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2010-12-26 21:00 . 2010-09-08 17:16 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2010-12-26 21:00 . 2010-09-08 17:16 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll . . ------- Sigcheck ------- . [-] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [-] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe . [-] 2009-07-14 . 0C12A2B863FEA45598134E3B6E379F88 . 51200 . . [7.3.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\wuauclt.exe [-] 2009-07-14 . 0C12A2B863FEA45598134E3B6E379F88 . 51200 . . [7.3.7600.16385] .. c:\windows\system32\wuauclt.exe . [-] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe [-] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe . [-] 2009-07-14 . 6F8F1376A13114CC10C0E69274F5A4DE . 30208 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [-] 2009-07-14 . 6F8F1376A13114CC10C0E69274F5A4DE . 30208 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe . [-] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [-] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe . [-] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe [-] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe . [-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe [-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe . [-] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\userinit.exe [-] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe . [-] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\SysWOW64\wininit.exe [-] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe . [-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ctfmon.exe [-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe . [-] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] .. c:\windows\SysWOW64\appmgmts.dll [-] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_e818845daa1b69db\appmgmts.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NZXT Gaming Mouse"="c:\users\Des\AppData\Roaming\NZXT Avatar Gaming Mouse\hid.exe" [2009-02-19 229376] "cdloader"="c:\users\Des\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-12-03 50592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-01-20 9900672] "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-01-25 5297072] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-04 98304] "ASUS Update Checker"="c:\program files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2009-10-08 114688] . c:\users\Habibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "JMB36X IDE Setup"=c:\windows\RaidTool\xInsIDE.exe "SSDMonitor"=c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe . R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 133104] R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2010-09-30 341296] R3 aswArKrn;aswArKrn;f:\temp\aswArKrn.sys [x] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-09-09 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-09-08 79360] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\33B.tmp [x] R3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys [x] R3 SaiH0461;SaiH0461;c:\windows\system32\DRIVERS\SaiH0461.sys [x] R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-12-07 632792] S0 ahcix64;ahcix64;c:\windows\system32\DRIVERS\ahcix64.sys [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x] S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 nzxtFltr;NZXT Avatar Gaming Mouse;c:\windows\system32\drivers\nzxtFltr.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 18:48] . 2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 18:48] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 14:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2010-03-29 19:25 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2010-03-29 19:25 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-03-29 84744] "COMODO Internet Security"="g:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 8866120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm mWindow Title = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 FF - ProfilePath - c:\users\Des\AppData\Roaming\Mozilla\Firefox\Profiles\qe6exagg.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox 4.0 Beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: PasswordBank: passwordbank@upek.com - %profile%\extensions\passwordbank@upek.com FF - Ext: Wishpot: {DE2EB073-84DF-46aa-9A76-7B54C75366FA} - %profile%\extensions\{DE2EB073-84DF-46aa-9A76-7B54C75366FA} FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com . - - - - ORPHANS REMOVED - - - - . AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\33B.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2921665104-77496823-751803648-1000\Software\G*e*n*i*e*"!\FM Genie Scout 10] "GameDir"="c:\\Users\\Des\\Documents\\Sports Interactive\\Football Manager 2010\\games" "ShortlistDir"="c:\\Users\\Des\\Documents\\Sports Interactive\\Football Manager 2010\\shortlists" "ScreenshotsDir"="c:\\Users\\Des\\Documents\\Sports Interactive\\Football Manager 2010" "SaveDir"="c:\\Users\\Des\\Documents\\Sports Interactive\\Football Manager 2010\\" "LangDB"="" "LastSaveGame"="c:\\Users\\Des\\Documents\\Sports Interactive\\Football Manager 2010\\games\\Uruguay.fm" "Language"="English" "LoadLangDB"=dword:00000000 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "GraphStep"=dword:00000000 "SkinName"="Steklo Black" "LastUpdateCheck"=dword:00009dd0 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000074 "UniqueID"="D4-F655-20C3" "Currency"=dword:00000056 "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-03-20 22:02:12 ComboFix-quarantined-files.txt 2011-03-21 02:02 . Pre-Run: 24,790,511,616 bytes free Post-Run: 24,674,521,088 bytes free . - - End Of File - - 3E1160CAFA553CF2F80218670D54A652 Thanks in advance!! Cheers Des
- March 21, 2011
- 2 replies

Sign In

Des

Posts

Joined

Last visited

Reputation

ComboFix log

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information