Jump to content

Unable To Post Hijackthis Or Dds Logs


pward60889
 Share

Recommended Posts

ok here is the hijack this log and i have put the dds logs as attachments

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:14:34, on 27/09/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe

C:\Windows\vsnp2std.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe

C:\Fraps\fraps.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Alchemy Elixir\Control.exe

C:\Program Files (x86)\Razer\Habu\razerhid.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Razer\Habu\razertra.exe

C:\Program Files (x86)\Razer\Habu\razerofa.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3720&r=1736081093a1dac108xi0h3ei8506q

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/mb59?u=92541422723745141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3720&r=1736081093a1dac108xi0h3ei8506q

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3720&r=1736081093a1dac108xi0h3ei8506q

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {90eee664-34b1-422a-a782-779af65cdf6d} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [K3805] "C:\Program Files (x86)\Alchemy Elixir\control.exe"

O4 - HKLM\..\Run: [Habu] C:\Program Files (x86)\Razer\Habu\razerhid.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\boostspeed.exe

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_Plugin.exe -update plugin

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-799022299-1984632665-1299901934-1005\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-799022299-1984632665-1299901934-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: CurseClientStartup.ccip

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 12763 bytes

DDS.txt

Attach.txt

Link to comment
Share on other sites

also malwarebytes and avast just finishedscanning malwarebytes has come up with 93 threats all refog keylogger

 

avast however seemd to findnothing but said somefilescould not be scanned

but has the logs from the scans before are there win32:cycbot-K[trj]was what seems to have been found just before my whole system went down before i made my original post

dont know if this will be of any help i dont want to remove themjust yet as this is what messed me up before

Link to comment
Share on other sites

Thanks for the info!!

 

You are 6 or 7 hours ahead of Central USA (Illinois), so, have to go to an Dr. appointment, but will take a good look at the reports when I get back.

 

You have the right idea to NOT remove anything! Sometimes it just makes things worse.

 

If you can post the Malwarebytes' log, that will be good.

Edited by Aaflac
Link to comment
Share on other sites

it ok no problem with speed of replys im happy aslong as theres a chance of it getting fixed at all :)

heres the log

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4531

 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

 

27/09/2011 16:14:30

mbam-log-2011-09-27 (16-14-30).txt

 

Scan type: Full scan (C:\|D:\|E:\|F:\|L:\|)

Objects scanned: 326989

Time elapsed: 1 hour(s), 16 minute(s), 48 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 7

Files Infected: 86

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

C:\Windows\System32\MPK (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\Spanish (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Images (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang (Refog.Keylogger) -> No action taken.

 

Files Infected:

C:\Windows\System32\MPK\icon_1.ico (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\lnkmst.exe (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Mpk.dll (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Mpk64.dll (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\MPK64.exe (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\MPKView.exe (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\sqlite3.dll (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\unins000.dat (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\unins000.exe (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\unins000.msg (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\alarms.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\clipboard.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\computer.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\delivery.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\file.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\filters.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\imhelp.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\internet.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\invisible.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\keyboard.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\logging.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\log_size.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\need_update_net.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\password.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\programs.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\screenshot.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\settings_node.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\update.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\English\users_node.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\alarms.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\clipboard.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\computer.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\delivery.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\file.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\filters.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\imhelp.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\internet.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\invisible.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\keyboard.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\logging.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\log_size.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\need_update_net.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\password.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\programs.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\screenshot.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\settings_node.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\German\users_node.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\Spanish\alarms.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\Spanish\clipboard.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\Spanish\computer.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\Spanish\delivery.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\Spanish\filters.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\Spanish\internet.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\Spanish\invisible.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\Spanish\keyboard.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\Spanish\logging.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\Spanish\log_size.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\Spanish\password.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\Spanish\programs.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\Spanish\screenshot.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\Spanish\settings_node.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Help\Spanish\users_node.htm (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Images\vista_hide.bmp (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Images\xp_hide.bmp (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Brazilian.frc (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Brazilian.lng (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\English.frc (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\French.frc (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\French.lng (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\German.frc (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\German.lng (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Italian.frc (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Italian.lng (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Japanese.frc (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Japanese.lng (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Polish.frc (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Polish.lng (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Portuguese.frc (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Portuguese.lng (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Romanian.frc (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Romanian.lng (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Russian.frc (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Spanish.frc (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Spanish.lng (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Turkish.frc (Refog.Keylogger) -> No action taken.

C:\Windows\System32\MPK\Lang\Turkish.lng (Refog.Keylogger) -> No action taken.

Link to comment
Share on other sites

pward60889,

 

In your C:\ drive, can you search for these files:

 

log_recv.txt or log_send.txt

 

Let me know if you find them.

 

They may even be elsewhere.

 

It seems odd that Malwarebytes' is identifying all these files and folders, however, DDS or the HJT log do not show them...

Link to comment
Share on other sites

pward,

 

Actually, that is good. You did take care of removing some rubbish from that system.

 

 

Now, please do the following:

 

 

If you have ComboFix (CF) (if used) already on your Desktop, please remove it. We'll download an updated version.

 

Download ComboFix

 

Save ComboFix.exe to your Desktop!! <<--

 

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the running of CF. (Make sure avast! is disabled, and also Malwarebytes'!)

 

Note: For informationn on how to disable protective programs, refer to this link

 

 

Right-click on ComboFix.exe and select: Run as Administrator

 

 

Click on Yes, to continue scanning for malware.

 

When finished, CF produces a report.

 

Please provide a copy of the C:\ComboFix.txt in your reply.

 

 

Notes:

 

1. Do not mouse-click the ComboFix window while it is running.

This action may cause it to stall.

 

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

 

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

 

Running CF will take a while, o/a 40 minutes or so.

I have to go to work for a few hours, and when I get back it will be around 2-3:00AM at your location.

 

Just post the CF report, then, after restarting the computer, run Malwarebytes', and select: Perform Full Scan.

 

Also post the new MB report.

 

Will take a look at what all the info shows, and will post additional instructions.

Edited by Aaflac
Link to comment
Share on other sites

ComboFix 11-09-27.01 - Burnout 27/09/2011 22:43:29.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3071.1952 [GMT 1:00]

Running from: c:\users\Burnout\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\programdata\FullRemove.exe

c:\programdata\mazuki.dll

c:\users\Burnout\AppData\Local\ApplicationHistory\Comrade.exe.cb24ae8d.ini

c:\users\Burnout\AppData\Local\ApplicationHistory\csc.exe.3e4ac0af.ini

c:\users\Burnout\AppData\Local\ApplicationHistory\ngen.exe.2c05686e.ini

c:\users\Burnout\AppData\Local\ApplicationHistory\TurbineInvoker.exe.61f21a5c.ini

c:\users\Burnout\AppData\Local\ApplicationHistory\TurbineLauncher.exe.ee4cd426.ini

c:\windows\SysWow64\MPK\Help\English\alarms.htm

c:\windows\SysWow64\MPK\Help\English\clipboard.htm

c:\windows\SysWow64\MPK\Help\English\computer.htm

c:\windows\SysWow64\MPK\Help\English\delivery.htm

c:\windows\SysWow64\MPK\Help\English\file.htm

c:\windows\SysWow64\MPK\Help\English\filters.htm

c:\windows\SysWow64\MPK\Help\English\imhelp.htm

c:\windows\SysWow64\MPK\Help\English\internet.htm

c:\windows\SysWow64\MPK\Help\English\invisible.htm

c:\windows\SysWow64\MPK\Help\English\keyboard.htm

c:\windows\SysWow64\MPK\Help\English\log_size.htm

c:\windows\SysWow64\MPK\Help\English\logging.htm

c:\windows\SysWow64\MPK\Help\English\need_update_net.htm

c:\windows\SysWow64\MPK\Help\English\password.htm

c:\windows\SysWow64\MPK\Help\English\programs.htm

c:\windows\SysWow64\MPK\Help\English\screenshot.htm

c:\windows\SysWow64\MPK\Help\English\settings_node.htm

c:\windows\SysWow64\MPK\Help\English\update.htm

c:\windows\SysWow64\MPK\Help\English\users_node.htm

c:\windows\SysWow64\MPK\Help\German\alarms.htm

c:\windows\SysWow64\MPK\Help\German\clipboard.htm

c:\windows\SysWow64\MPK\Help\German\computer.htm

c:\windows\SysWow64\MPK\Help\German\delivery.htm

c:\windows\SysWow64\MPK\Help\German\file.htm

c:\windows\SysWow64\MPK\Help\German\filters.htm

c:\windows\SysWow64\MPK\Help\German\imhelp.htm

c:\windows\SysWow64\MPK\Help\German\internet.htm

c:\windows\SysWow64\MPK\Help\German\invisible.htm

c:\windows\SysWow64\MPK\Help\German\keyboard.htm

c:\windows\SysWow64\MPK\Help\German\log_size.htm

c:\windows\SysWow64\MPK\Help\German\logging.htm

c:\windows\SysWow64\MPK\Help\German\need_update_net.htm

c:\windows\SysWow64\MPK\Help\German\password.htm

c:\windows\SysWow64\MPK\Help\German\programs.htm

c:\windows\SysWow64\MPK\Help\German\screenshot.htm

c:\windows\SysWow64\MPK\Help\German\settings_node.htm

c:\windows\SysWow64\MPK\Help\German\users_node.htm

c:\windows\SysWow64\MPK\Help\Spanish\alarms.htm

c:\windows\SysWow64\MPK\Help\Spanish\clipboard.htm

c:\windows\SysWow64\MPK\Help\Spanish\computer.htm

c:\windows\SysWow64\MPK\Help\Spanish\delivery.htm

c:\windows\SysWow64\MPK\Help\Spanish\filters.htm

c:\windows\SysWow64\MPK\Help\Spanish\internet.htm

c:\windows\SysWow64\MPK\Help\Spanish\invisible.htm

c:\windows\SysWow64\MPK\Help\Spanish\keyboard.htm

c:\windows\SysWow64\MPK\Help\Spanish\log_size.htm

c:\windows\SysWow64\MPK\Help\Spanish\logging.htm

c:\windows\SysWow64\MPK\Help\Spanish\password.htm

c:\windows\SysWow64\MPK\Help\Spanish\programs.htm

c:\windows\SysWow64\MPK\Help\Spanish\screenshot.htm

c:\windows\SysWow64\MPK\Help\Spanish\settings_node.htm

c:\windows\SysWow64\MPK\Help\Spanish\users_node.htm

c:\windows\SysWow64\MPK\icon_1.ico

c:\windows\SysWow64\MPK\Images\vista_hide.bmp

c:\windows\SysWow64\MPK\Images\xp_hide.bmp

c:\windows\SysWow64\MPK\Lang\Brazilian.frc

c:\windows\SysWow64\MPK\Lang\Brazilian.lng

c:\windows\SysWow64\MPK\Lang\English.frc

c:\windows\SysWow64\MPK\Lang\French.frc

c:\windows\SysWow64\MPK\Lang\French.lng

c:\windows\SysWow64\MPK\Lang\German.frc

c:\windows\SysWow64\MPK\Lang\German.lng

c:\windows\SysWow64\MPK\Lang\Italian.frc

c:\windows\SysWow64\MPK\Lang\Italian.lng

c:\windows\SysWow64\MPK\Lang\Japanese.frc

c:\windows\SysWow64\MPK\Lang\Japanese.lng

c:\windows\SysWow64\MPK\Lang\Polish.frc

c:\windows\SysWow64\MPK\Lang\Polish.lng

c:\windows\SysWow64\MPK\Lang\Portuguese.frc

c:\windows\SysWow64\MPK\Lang\Portuguese.lng

c:\windows\SysWow64\MPK\Lang\Romanian.frc

c:\windows\SysWow64\MPK\Lang\Romanian.lng

c:\windows\SysWow64\MPK\Lang\Russian.frc

c:\windows\SysWow64\MPK\Lang\Spanish.frc

c:\windows\SysWow64\MPK\Lang\Spanish.lng

c:\windows\SysWow64\MPK\Lang\Turkish.frc

c:\windows\SysWow64\MPK\Lang\Turkish.lng

c:\windows\SysWow64\MPK\lnkmst.exe

c:\windows\SysWow64\MPK\Mpk.dll

c:\windows\SysWow64\MPK\Mpk64.dll

c:\windows\SysWow64\MPK\MPK64.exe

c:\windows\SysWow64\MPK\MPKView.exe

c:\windows\SysWow64\MPK\sqlite3.dll

c:\windows\SysWow64\MPK\unins000.dat

c:\windows\SysWow64\MPK\unins000.exe

c:\windows\SysWow64\MPK\unins000.msg

D:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))

.

.

2011-09-27 21:49 . 2011-09-27 21:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-09-27 21:49 . 2011-09-27 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-27 15:23 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-27 15:23 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-27 14:13 . 2011-09-27 14:13 388096 ----a-r- c:\users\Burnout\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-27 14:13 . 2011-09-27 14:13 -------- d-----w- c:\program files (x86)\Trend Micro

2011-09-27 14:01 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBF55761-3616-4579-B475-5F20F0E7584F}\mpengine.dll

2011-09-26 04:06 . 2011-09-26 04:06 -------- dc----w- c:\users\Burnout\AppData\Local\MigWiz

2011-08-30 13:21 . 2011-08-30 13:22 -------- d-----w- c:\users\Burnout\AppData\Local\IM

2011-08-30 13:20 . 2011-08-30 13:21 -------- d-----w- c:\programdata\IM

2011-08-30 13:20 . 2011-08-30 13:20 -------- d-----w- c:\programdata\IncrediMail

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-27 17:32 . 2011-05-16 09:56 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-06 20:45 . 2010-08-19 14:51 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:45 . 2010-08-19 14:51 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-09-06 20:38 . 2010-08-19 14:52 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:36 . 2010-08-19 14:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2010-08-19 14:52 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2010-08-19 14:52 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-09-06 20:36 . 2010-08-19 14:52 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-08-03 11:50 . 2011-04-26 03:49 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2011-08-03 11:50 . 2011-04-26 03:49 2758760 ----a-w- c:\windows\system32\nvapi64.dll

2011-08-03 11:50 . 2011-04-26 03:49 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll

2011-08-03 11:50 . 2011-04-26 03:49 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2011-08-03 11:50 . 2011-04-07 22:19 980072 ----a-w- c:\windows\system32\nvvsvc.exe

2011-08-03 11:50 . 2011-04-07 22:19 2560616 ----a-w- c:\windows\system32\nvsvcr.dll

2011-08-03 11:50 . 2011-04-07 22:19 117864 ----a-w- c:\windows\system32\nvmctray.dll

2011-08-03 11:50 . 2011-04-07 22:19 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-08-03 11:50 . 2011-04-07 22:19 6136936 ----a-w- c:\windows\system32\nvcpl.dll

2011-08-03 11:50 . 2011-04-07 22:18 3021416 ----a-w- c:\windows\system32\nvsvc64.dll

2011-08-03 11:50 . 2009-10-28 20:20 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll

2011-08-03 11:50 . 2009-10-28 20:20 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll

2011-08-03 11:50 . 2009-07-14 08:51 61544 ----a-w- c:\windows\system32\nvshext.dll

2011-08-03 02:31 . 2011-08-03 02:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-07-22 05:42 . 2011-08-11 20:02 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 05:36 . 2011-08-11 20:02 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 05:32 . 2011-08-11 20:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-22 02:54 . 2011-08-11 20:02 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-07-22 02:48 . 2011-08-11 20:02 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-07-22 02:44 . 2011-08-11 20:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-07-16 05:41 . 2011-08-11 05:26 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-07-16 05:41 . 2011-08-11 05:26 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-16 05:41 . 2011-08-11 05:26 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2011-07-16 05:39 . 2011-08-11 05:26 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2011-07-16 05:37 . 2011-08-11 05:26 421888 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 05:21 . 2011-08-11 05:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 04:29 . 2011-08-11 05:26 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2011-07-16 04:26 . 2011-08-11 05:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-16 04:25 . 2011-08-11 05:26 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2011-07-16 04:24 . 2011-08-11 05:26 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2011-07-16 04:24 . 2011-08-11 05:26 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll

2011-07-16 04:15 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:21 . 2011-08-11 05:26 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2011-07-16 02:21 . 2011-08-11 05:26 2048 ----a-w- c:\windows\SysWow64\user.exe

2011-07-16 02:17 . 2011-08-11 05:26 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 05:26 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-09 05:26 . 2011-08-24 00:13 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 04:29 . 2011-08-24 00:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-07-09 02:46 . 2011-08-11 05:26 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Auslogics BoostSpeed 4"="c:\program files (x86)\Auslogics\Auslogics BoostSpeed\boostspeed.exe" [2008-10-30 363632]

"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 98304]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-27 5492096]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-31 399736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"K3805"="c:\program files (x86)\Alchemy Elixir\control.exe" [2008-10-23 237568]

"Habu"="c:\program files (x86)\Razer\Habu\razerhid.exe" [2009-08-18 239616]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

c:\users\Burnout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2010-12-8 0]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ rdboot64.exe {16907711-4DF7-479c-939A-8F50F42128C3}

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 135664]

R3 ALSysIO;ALSysIO;c:\users\Burnout\AppData\Local\Temp\ALSysIO64.sys [x]

R3 cpuz130;cpuz130;c:\users\Burnout\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 135664]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Burnout\AppData\Roaming\NVIDIA\HWAccess.sys [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-18 140672]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]

S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]

S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2011-05-03 14440]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 13:58]

.

2011-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 13:58]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mystart.incredimail.com/mb59?u=92541422723745141

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3720&r=1736081093a1dac108xi0h3ei8506q

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

FF - ProfilePath - c:\users\Burnout\AppData\Roaming\Mozilla\Firefox\Profiles\djp32hg9.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://igoogle.com

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{90eee664-34b1-422a-a782-779af65cdf6d} - (no file)

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe

AddRemove-3143617941.elitistjerks.com - c:\program files (x86)\Microsoft Silverlight\4.0.51204.0\Silverlight.Configuration.exe

AddRemove-World of Logs Client - c:\windows\system32\javaws.exe

AddRemove-World of Logs Client (4.2) - c:\windows\system32\javaws.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-799022299-1984632665-1299901934-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-799022299-1984632665-1299901934-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\EVGA Precision\EVGAPrecision.exe

c:\program files (x86)\Razer\Habu\razertra.exe

c:\program files (x86)\Razer\Habu\razerofa.exe

.

**************************************************************************

.

Completion time: 2011-09-27 22:59:50 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-27 21:59

.

Pre-Run: 37,172,109,312 bytes free

Post-Run: 37,013,344,256 bytes free

.

- - End Of File - - 47333F4047F47CC2E4E0828344362291

Link to comment
Share on other sites

teh malwarebytes log showing nothing not sure if thats good or bad ? :S

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4531

 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

 

28/09/2011 00:02:28

mbam-log-2011-09-28 (00-02-28).txt

 

Scan type: Full scan (C:\|D:\|E:\|F:\|L:\|)

Objects scanned: 328302

Time elapsed: 51 minute(s), 23 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Edited by pward60889
Link to comment
Share on other sites

Excellent!!

 

ComboFix shows that this is the second time it has been run. Did you run it previously on your own, or, did it run, reboot, and run again?

 

Tha fact the Malwarebytes' does not show an infection is good.

 

 

Now, let's search for any remnants by doing the scan that follows.

You will need to use Internet Explorer for this scan.

 

Download ESET Online Scanner

 

Press the ESET Online Scanner download button

  • In the prompt that appears, check 'Yes' to Accept Terms of Use, and click the 'Start' button
  • Allow the ActiveX to download, and click: 'Install'
  • Click Start
  • Make sure that the option Remove found threats is unticked.
  • Click Scan
  • Wait for the scan to finish
  • If any threats are found, click the 'List of found threats', then click Export to text file....
  • Save the file to your Desktop as: ESET Scan.

Please provide the contents of ESET Scan in your reply.

 

Thanks.

Link to comment
Share on other sites

pward,

 

That is one file you want to nuke...

 

Let's do the following:

 

1. Please continue to disable (temporarily) all AntiVirus and AntiMalware programs so they do not interfere with the running of ComboFix.

2. Open Notepad (Start 'R', type: notepad Click: OK)

3. Copy/paste the text inside the code box below to it:

 

KILLALL::
File::
C:\Users\Burnout\Downloads\cnet_refog_setup_free_kl_643_exe.exe

 

4. In Notepad:

-Click File > Save as..., and save to the Desktop

-In the File Name box, type: CFScript.txt

-Click: Save

 

5. Close all browser or open windows so that you are at the Desktop.

 

6. Referring to the picture below, using your mouse (left button), drag CFScript.txt and drop over ComboFix.exe

 

 

Posted Image

 

7. When finished, the log produced is located at C:\ComboFix.txt

 

8. When done, please post the Combofix.txt in your reply.

 

 

 

Note: Do not mouse-click the ComboFix window while it is running. It may cause CF to stall.

 

 

 

Also, please download and run the following:

 

Temporary File Cleanup: TFC

Save to the Desktop.

  • Save any work in progress!! TFC closes all open applications and removes unsaved work!
  • Right-click TFC.exe and select: Run as Administrator
  • If prompted, click Yes to reboot.

 

Last, download Security Check

 

Save it to the Desktop.

Right-click SecurityCheck.exe and select: Run as Administrator

Follow the on-screen instructions (on the black screen)

When done, a Notepad document opens automatically: checkup.txt

 

Please post the contents of checkup.txt in your reply.

Edited by Aaflac
Link to comment
Share on other sites

ComboFix 11-09-27.01 - Burnout 28/09/2011 16:28:21.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3071.2114 [GMT 1:00]

Running from: c:\users\Burnout\Desktop\ComboFix.exe

Command switches used :: c:\users\Burnout\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\Burnout\Downloads\cnet_refog_setup_free_kl_643_exe.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Burnout\Downloads\cnet_refog_setup_free_kl_643_exe.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-28 )))))))))))))))))))))))))))))))

.

.

2011-09-28 15:39 . 2011-09-28 15:39 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E439E2C-6D97-4E35-9785-F811B682AA72}\offreg.dll

2011-09-28 15:35 . 2011-09-28 15:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-09-28 15:35 . 2011-09-28 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-28 09:23 . 2011-09-21 08:00 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E439E2C-6D97-4E35-9785-F811B682AA72}\mpengine.dll

2011-09-28 07:39 . 2011-09-28 07:39 -------- d-----w- c:\program files (x86)\ESET

2011-09-27 22:44 . 2011-09-28 14:32 -------- d-----w- C:\World of Warcraft Public Test

2011-09-27 22:40 . 2011-09-27 22:43 -------- d-----w- c:\users\Burnout\PTR Installer 4.0.0.12824 enGB

2011-09-27 15:23 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-27 15:23 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-27 14:13 . 2011-09-27 14:13 388096 ----a-r- c:\users\Burnout\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-27 14:13 . 2011-09-27 14:13 -------- d-----w- c:\program files (x86)\Trend Micro

2011-09-26 04:06 . 2011-09-26 04:06 -------- dc----w- c:\users\Burnout\AppData\Local\MigWiz

2011-08-30 13:21 . 2011-08-30 13:22 -------- d-----w- c:\users\Burnout\AppData\Local\IM

2011-08-30 13:20 . 2011-08-30 13:21 -------- d-----w- c:\programdata\IM

2011-08-30 13:20 . 2011-08-30 13:20 -------- d-----w- c:\programdata\IncrediMail

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-27 17:32 . 2011-05-16 09:56 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-06 20:45 . 2010-08-19 14:51 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:45 . 2010-08-19 14:51 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-09-06 20:38 . 2010-08-19 14:52 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:36 . 2010-08-19 14:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2010-08-19 14:52 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2010-08-19 14:52 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-09-06 20:36 . 2010-08-19 14:52 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-08-03 11:50 . 2011-04-26 03:49 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2011-08-03 11:50 . 2011-04-26 03:49 2758760 ----a-w- c:\windows\system32\nvapi64.dll

2011-08-03 11:50 . 2011-04-26 03:49 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll

2011-08-03 11:50 . 2011-04-26 03:49 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2011-08-03 11:50 . 2011-04-07 22:19 980072 ----a-w- c:\windows\system32\nvvsvc.exe

2011-08-03 11:50 . 2011-04-07 22:19 2560616 ----a-w- c:\windows\system32\nvsvcr.dll

2011-08-03 11:50 . 2011-04-07 22:19 117864 ----a-w- c:\windows\system32\nvmctray.dll

2011-08-03 11:50 . 2011-04-07 22:19 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-08-03 11:50 . 2011-04-07 22:19 6136936 ----a-w- c:\windows\system32\nvcpl.dll

2011-08-03 11:50 . 2011-04-07 22:18 3021416 ----a-w- c:\windows\system32\nvsvc64.dll

2011-08-03 11:50 . 2009-10-28 20:20 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll

2011-08-03 11:50 . 2009-10-28 20:20 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll

2011-08-03 11:50 . 2009-07-14 08:51 61544 ----a-w- c:\windows\system32\nvshext.dll

2011-08-03 02:31 . 2011-08-03 02:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-07-22 05:42 . 2011-08-11 20:02 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 05:36 . 2011-08-11 20:02 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 05:32 . 2011-08-11 20:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-22 02:54 . 2011-08-11 20:02 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-07-22 02:48 . 2011-08-11 20:02 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-07-22 02:44 . 2011-08-11 20:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-07-16 05:41 . 2011-08-11 05:26 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-07-16 05:41 . 2011-08-11 05:26 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-16 05:41 . 2011-08-11 05:26 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2011-07-16 05:39 . 2011-08-11 05:26 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2011-07-16 05:37 . 2011-08-11 05:26 421888 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 05:21 . 2011-08-11 05:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 04:29 . 2011-08-11 05:26 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2011-07-16 04:26 . 2011-08-11 05:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-16 04:25 . 2011-08-11 05:26 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2011-07-16 04:24 . 2011-08-11 05:26 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2011-07-16 04:24 . 2011-08-11 05:26 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll

2011-07-16 04:15 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:21 . 2011-08-11 05:26 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2011-07-16 02:21 . 2011-08-11 05:26 2048 ----a-w- c:\windows\SysWow64\user.exe

2011-07-16 02:17 . 2011-08-11 05:26 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 05:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 05:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 05:26 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-09 05:26 . 2011-08-24 00:13 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 04:29 . 2011-08-24 00:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-07-09 02:46 . 2011-08-11 05:26 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-27_21.51.33 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2011-09-27 21:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-09-28 15:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-09-27 21:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-09-28 15:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-09-27 21:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-09-28 15:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-10-28 19:34 . 2011-09-27 21:52 66924 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-09-27 21:52 36508 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-08-19 13:56 . 2011-09-27 21:52 15662 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-799022299-1984632665-1299901934-1000_UserData.bin

+ 2010-08-19 18:36 . 2011-09-28 15:36 7162 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-09-27 21:50 . 2011-09-27 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-28 15:37 . 2011-09-28 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-09-27 21:50 . 2011-09-27 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-09-28 15:37 . 2011-09-28 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2011-09-27 21:49 325284 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-09-28 15:36 325284 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-08-19 18:41 . 2011-09-28 15:36 57434496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-799022299-1984632665-1299901934-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Auslogics BoostSpeed 4"="c:\program files (x86)\Auslogics\Auslogics BoostSpeed\boostspeed.exe" [2008-10-30 363632]

"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 98304]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-27 5492096]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-31 399736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"K3805"="c:\program files (x86)\Alchemy Elixir\control.exe" [2008-10-23 237568]

"Habu"="c:\program files (x86)\Razer\Habu\razerhid.exe" [2009-08-18 239616]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

c:\users\Burnout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2010-12-8 0]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ rdboot64.exe {16907711-4DF7-479c-939A-8F50F42128C3}

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 135664]

R3 ALSysIO;ALSysIO;c:\users\Burnout\AppData\Local\Temp\ALSysIO64.sys [x]

R3 cpuz130;cpuz130;c:\users\Burnout\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 135664]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Burnout\AppData\Roaming\NVIDIA\HWAccess.sys [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-18 140672]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]

S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]

S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2011-05-03 14440]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 13:58]

.

2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 13:58]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mystart.incredimail.com/mb59?u=92541422723745141

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3720&r=1736081093a1dac108xi0h3ei8506q

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

FF - ProfilePath - c:\users\Burnout\AppData\Roaming\Mozilla\Firefox\Profiles\djp32hg9.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://igoogle.com

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-799022299-1984632665-1299901934-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-799022299-1984632665-1299901934-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\EVGA Precision\EVGAPrecision.exe

c:\fraps\fraps.exe

c:\program files (x86)\Razer\Habu\razertra.exe

c:\program files (x86)\Razer\Habu\razerofa.exe

.

**************************************************************************

.

Completion time: 2011-09-28 16:46:29 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-28 15:46

ComboFix2.txt 2011-09-27 21:59

.

Pre-Run: 14,349,455,360 bytes free

Post-Run: 14,356,959,232 bytes free

.

- - End Of File - - EC3E2D7C571703F1CF2A010DF08B9FDF

Link to comment
Share on other sites

Results of screen317's Security Check version 0.99.7

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Free Antivirus

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Out of date Java installed!

Adobe Flash Player 10.3.183.10

Adobe Reader 9.4.6 MUI

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe

``````````End of Log````````````

Link to comment
Share on other sites

Glad you are not having problems. The way this topic started, was not sure we were going to get anywhere!!

 

I'll be taking another look at the logs, but for now, use the computer like you normally do.

 

It will be tomorrow (for you) before you hear from me again.

Link to comment
Share on other sites

If the computer is runnning well, you are good to go.

 

This next step is important, as it will implement important cleanup procedures, reset your System Restore by flushing out previous restore points (which contain the infections), and create a new restore point.

 

Click Start > Run and copy/paste, the following bolded text into the Run box and click OK:

 

ComboFix /uninstall

 

ComboFix will uninstall itself from your computer and remove its backups and quarantined files.

When it has finished you will see a dialog box stating that ComboFix has been uninstalled.

 

You can now delete the ComboFix program icon from your Desktop, if still there.

 

Also, remove from your Desktop the other programs we have used and any folders or reports created by them, and, do not forget to re-enable your security/protection programs, if you haven't dne so already.

 

 

 

As to the results of Security Check, it shows an area that need attention:

 

Please verify the version of Java you have installed:

http://www.java.com/en/download/installed.jsp

 

If your version of Java is outdated, it needs to be updated to eliminate security vulnerabilities.

When done, uninstall older versions:

http://www.java.com/en/download/uninstall.jsp

 

 

 

 

Consider doing the following to prevent future infections...

 

Malware is normally installed through vulnerabilities found in out-dated and insecure programs on a computer. You can use the Secunia Personal Software Inspector to scan for vulnerable programs on your computer:

http://secunia.com/vulnerability_scanning/personal/

 

A tutorial on how to use the program is found here:

http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/

 

 

Surf safely, pward60889!!

Link to comment
Share on other sites

 Share

×
×
  • Create New...