Jump to content

I need help with some malware called espeak911, 37.220.36.44,


Recommended Posts

I used combofix to try and fix this malware but after combofix finished it was still there what do i do?

heres my log from combo fix:

ComboFix 12-08-31.08 - pETER 09/02/2012 0:23.3.8 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.2820 [GMT -4:00]

Running from: c:\users\pETER\Downloads\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))

.

.

2012-09-02 04:27 . 2012-09-02 04:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-01 18:43 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-09-01 18:43 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-09-01 18:43 . 2012-08-21 09:13 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys

2012-09-01 18:42 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-09-01 18:42 . 2012-08-21 09:13 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2012-09-01 18:42 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-09-01 18:42 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-09-01 18:42 . 2012-08-21 09:13 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2012-09-01 18:42 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-09-01 18:42 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-09-01 18:41 . 2012-07-13 10:47 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2012-09-01 18:41 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr

2012-09-01 18:41 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-09-01 18:40 . 2012-09-01 18:40 -------- d-----w- c:\programdata\AVAST Software

2012-09-01 18:40 . 2012-09-01 18:40 -------- d-----w- c:\program files\AVAST Software

2012-08-31 17:42 . 2012-09-02 01:54 -------- d-----w- c:\windows\system32\appmgmt

2012-08-31 13:35 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61305CDC-DC25-4510-9DA8-663ED4ECBBC2}\mpengine.dll

2012-08-29 13:06 . 2012-08-29 13:06 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-08-29 13:05 . 2012-08-29 13:06 -------- d-----w- c:\program files\NVIDIA Corporation

2012-08-29 13:04 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll

2012-08-29 02:23 . 2012-08-29 02:25 -------- d-----w- c:\program files (x86)\7-Zip

2012-08-27 21:31 . 2012-08-27 23:09 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-08-27 21:03 . 2012-08-27 21:03 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-08-25 18:18 . 2012-08-25 18:18 -------- d-----w- c:\windows\SysWow64\Wat

2012-08-25 18:18 . 2012-08-25 18:18 -------- d-----w- c:\windows\system32\Wat

2012-08-25 16:07 . 2012-08-29 15:58 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-25 16:07 . 2012-08-29 15:58 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-25 16:07 . 2012-08-25 16:07 -------- d-----w- c:\windows\SysWow64\Macromed

2012-08-25 16:07 . 2012-08-25 16:07 -------- d-----w- c:\windows\system32\Macromed

2012-08-25 16:07 . 2012-08-25 16:07 -------- d--h--w- c:\windows\AxInstSV

2012-08-25 14:10 . 2012-08-25 11:39 -------- d-----w- c:\windows\Panther

2012-08-25 14:01 . 2012-09-02 03:26 -------- d-----w- C:\Windows.old.001

2012-08-25 12:35 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2012-08-25 12:35 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2012-08-25 12:27 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll

2012-08-25 12:27 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll

2012-08-25 12:22 . 2012-08-25 12:22 -------- d-----w- c:\program files (x86)\Common Files\logishrd

2012-08-25 12:19 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2012-08-25 12:19 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2012-08-25 12:19 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2012-08-25 12:19 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2012-08-25 12:19 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2012-08-25 12:19 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2012-08-25 12:19 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-08-25 12:19 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2012-08-25 12:19 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2012-08-25 12:19 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2012-08-25 12:14 . 2012-08-25 12:22 -------- d-----w- c:\program files\Common Files\logishrd

2012-08-25 12:12 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-08-25 12:12 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-08-25 12:12 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-08-25 12:12 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll

2012-08-25 12:12 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-25 12:12 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-08-25 12:12 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-08-25 12:08 . 2012-08-03 08:27 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-08-25 12:08 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2012-08-25 12:08 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys

2012-08-25 12:06 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-25 12:05 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2012-08-25 12:04 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll

2012-08-25 11:56 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll

2012-08-25 11:56 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-08-25 11:55 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll

2012-08-25 11:55 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll

2012-08-25 11:55 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2012-08-25 11:55 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-08-25 11:44 . 2012-08-25 11:44 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-08-25 11:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-08-25 11:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-08-25 11:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-08-25 11:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-08-25 11:40 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-08-25 11:40 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-08-25 11:40 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-08-25 11:40 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-25 11:40 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-08-25 11:39 . 2012-09-02 02:08 -------- d-----w- c:\users\pETER

2012-08-25 10:39 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((( SnapShot@2012-09-02_03.53.03 )))))))))))))))))))))))))))))))))))))))))

.

- 2012-08-25 13:24 . 2012-09-02 03:42 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2012-08-25 13:24 . 2012-09-02 04:09 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2012-08-25 16:06 . 2012-09-02 04:17 15780 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-09-02 04:17 32142 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-08-25 16:06 . 2012-09-02 04:17 4998 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3990207539-2313557210-1559523351-1001_UserData.bin

- 2012-09-02 03:51 . 2012-09-02 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-09-02 04:28 . 2012-09-02 04:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-09-02 04:28 . 2012-09-02 04:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-09-02 03:51 . 2012-09-02 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-25 10:26 . 2012-09-02 04:09 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2012-08-25 10:26 . 2012-09-02 03:42 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 04:54 . 2012-09-02 04:31 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-09-02 03:52 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 02:36 . 2012-09-02 00:57 623940 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-09-02 04:20 623940 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-09-02 00:57 106316 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-09-02 04:20 106316 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-09-02 04:27 230004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-09-02 03:50 230004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-08-25 18:18 . 2012-09-02 04:14 2119392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3990207539-2313557210-1559523351-1001-8192.dat

+ 2012-08-25 16:00 . 2012-09-02 04:27 4020324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

- 2012-08-25 16:00 . 2012-09-02 03:50 4020324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

+ 2009-07-14 04:54 . 2012-09-02 04:31 10862592 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-09-02 03:52 10862592 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-09-02 04:31 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-09-02 03:52 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 02:34 . 2012-09-02 02:56 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2012-09-02 04:06 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 250568]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-25 1255736]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-07-13 12368]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-08-21 133912]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

S3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 15:58]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 167.206.245.129 167.206.245.130

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:71,f7,d2,a4,df,82,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\\.\globalroot\systemroot\svchost.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

.

**************************************************************************

.

Completion time: 2012-09-02 00:34:58 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-02 04:34

ComboFix2.txt 2012-09-02 04:20

ComboFix3.txt 2012-09-02 03:56

.

Pre-Run: 947,568,750,592 bytes free

Post-Run: 947,242,090,496 bytes free

.

- - End Of File - - 25DECCCE755CE1517A7268610D4DAFF4

Link to post
Share on other sites

Hello Alext114! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

This is a huge mistake. Do not run ComboFix on your own. Without supervision from a trained is a dangerous step. Please read this article:

www.bleepingcomputer.com/forums/topic273628.html

Step 1

Please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Step 2

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log

Link to post
Share on other sites

Step 1

Please re-run TDSSKiller and use Delete option for this entry:

00:07:15.0766 3352 \Device\Harddisk3\DR3 ( TDSS File System ) - skipped by user

00:07:15.0766 3352 \Device\Harddisk3\DR3 ( TDSS File System ) - User select action: Skip

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ok heres my combofix Log and so far i see no malware or viruses anywhere after a full system scan

ComboFix 12-09-03.06 - Home 09/03/2012 9:04.1.8 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.2203 [GMT -4:00]

Running from: c:\users\Home\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))

.

.

2012-09-03 13:09 . 2012-09-03 13:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-03 12:25 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-09-03 12:25 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll

2012-09-03 12:25 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys

2012-09-03 12:25 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2012-09-03 12:25 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2012-09-03 12:25 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2012-09-03 12:25 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2012-09-03 12:25 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2012-09-03 12:25 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe

2012-09-03 12:25 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll

2012-09-03 12:25 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2012-09-03 12:25 . 2011-03-11 04:31 91136 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS

2012-09-03 12:20 . 2012-09-03 12:20 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-09-03 12:18 . 2012-09-03 12:18 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-03 12:18 . 2012-09-03 12:18 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-03 12:18 . 2012-09-03 12:18 -------- d-----w- c:\windows\SysWow64\Macromed

2012-09-03 12:18 . 2012-09-03 12:18 -------- d-----w- c:\windows\system32\Macromed

2012-09-03 04:15 . 2012-09-03 04:15 -------- d-----w- c:\programdata\Malwarebytes

2012-09-03 04:15 . 2012-09-03 04:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-03 04:15 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-03 04:11 . 2012-09-03 04:11 -------- d-----w- C:\New folder

2012-09-03 04:07 . 2012-09-03 12:55 -------- d-----w- C:\TDSSKiller_Quarantine

2012-09-03 03:01 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-09-03 03:01 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-09-03 03:01 . 2012-08-21 09:13 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys

2012-09-03 03:01 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-09-03 03:01 . 2012-08-21 09:13 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2012-09-03 03:01 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-09-03 03:01 . 2012-08-21 09:13 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2012-09-03 03:01 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-09-03 03:01 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-09-03 03:01 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-09-03 03:00 . 2012-09-03 12:51 -------- d-sh--w- c:\windows\Installer

2012-09-03 03:00 . 2012-07-13 10:47 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2012-09-03 03:00 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr

2012-09-03 03:00 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-09-03 03:00 . 2012-09-03 03:00 -------- d-----w- c:\programdata\AVAST Software

2012-09-03 03:00 . 2012-09-03 03:00 -------- d-----w- c:\program files\AVAST Software

2012-09-03 02:54 . 2012-09-03 00:18 -------- d-----w- c:\windows\Panther

2012-09-03 02:53 . 2012-09-03 02:53 -------- d-----w- C:\Boot

2012-09-03 01:37 . 2012-09-03 01:37 -------- d-----w- c:\windows\SysWow64\Wat

2012-09-03 01:37 . 2012-09-03 01:37 -------- d-----w- c:\windows\system32\Wat

2012-09-03 01:19 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2012-09-03 01:19 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2012-09-03 01:07 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll

2012-09-03 01:07 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll

2012-09-03 01:00 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2012-09-03 00:58 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2012-09-03 00:58 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2012-09-03 00:58 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2012-09-03 00:58 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2012-09-03 00:58 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2012-09-03 00:58 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2012-09-03 00:58 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-09-03 00:58 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2012-09-03 00:58 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2012-09-03 00:58 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2012-09-03 00:54 . 2012-09-03 00:54 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-09-03 00:54 . 2012-09-03 00:54 -------- d-----w- c:\program files\NVIDIA Corporation

2012-09-03 00:47 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-09-03 00:47 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-09-03 00:47 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-09-03 00:47 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll

2012-09-03 00:47 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-09-03 00:47 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-09-03 00:47 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-09-03 00:44 . 2012-08-03 08:27 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-09-03 00:44 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2012-09-03 00:44 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys

2012-09-03 00:44 . 2009-09-03 07:36 1975296 ----a-w- c:\windows\system32\CertEnroll.dll

2012-09-03 00:44 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\SysWow64\CertEnroll.dll

2012-09-03 00:44 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-09-03 00:44 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-09-03 00:44 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-03 00:44 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-03 00:42 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll

2012-09-03 00:41 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll

2012-09-03 00:33 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2012-09-03 00:33 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-09-03 00:22 . 2012-09-03 00:22 -------- d-----w- c:\program files\Common Files\logishrd

2012-09-03 00:22 . 2012-09-03 00:22 -------- d-----w- c:\program files (x86)\Common Files\logishrd

2012-09-03 00:22 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-09-03 00:22 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll

2012-09-03 00:22 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll

2012-09-03 00:22 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-09-03 00:22 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-09-03 00:19 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-09-03 00:19 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-09-03 00:19 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-09-03 00:19 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-09-03 00:19 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-09-03 00:19 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-09-03 00:19 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-09-03 00:19 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-09-03 00:19 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-09-03 00:19 . 2012-09-03 00:19 -------- d-----w- c:\users\Home

2012-09-03 00:18 . 2012-09-03 00:18 -------- d-----w- C:\Recovery

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 250568]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-03 1255736]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-07-13 12368]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-08-21 133912]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

S3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 12:19]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MRT"="c:\windows\system32\MRT.exe" [2012-08-03 62134624]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 167.206.245.129 167.206.245.130

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-23444948.sys

SafeBoot-78816686.sys

SafeBoot-86405875.sys

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

.

**************************************************************************

.

Completion time: 2012-09-03 09:13:09 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-03 13:13

.

Pre-Run: 970,407,383,040 bytes free

Post-Run: 971,926,917,120 bytes free

.

- - End Of File - - 6A0F041970DCFC0308B530F69088951F

Link to post
Share on other sites

Looks good. :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.