Ran combofix, here's logs

View previous topic View next topic Go down

Ran combofix, here's logs

Post by woodvalley on Sat 27 Oct 2012, 10:53 am

ComboFix 12-10-26.05 - shaw 26/10/2012 19:06:21.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3839.1822 [GMT -4:00]
Running from: c:\users\shaw\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll
c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll
c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll
c:\program files (x86)\Olympus\ib\olycamdetect.exe
c:\programdata\AMNESdGbAcWy.exe
c:\programdata\G1VEpCrotDneuI
c:\programdata\G1VEpCrotDneuI.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-26 to 2012-10-26 )))))))))))))))))))))))))))))))
.
.
2012-10-26 23:17 . 2012-10-26 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 12:04 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 12:04 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 12:04 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 12:04 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 12:04 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 12:04 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 12:03 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 12:03 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 12:03 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 12:03 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 12:03 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 12:03 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 15:09 . 2010-09-19 20:52 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-08-24 18:05 . 2012-09-21 19:26 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-21 19:26 1494528 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-09-21 19:25 134144 ----a-w- c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-09-21 19:26 9056256 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 18:03 . 2012-09-21 19:26 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 18:03 . 2012-09-21 19:26 735744 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 18:03 . 2012-09-21 19:26 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 18:02 . 2012-09-21 19:26 247808 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 18:02 . 2012-09-21 19:26 12295680 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 18:02 . 2012-09-21 19:26 2453504 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 16:57 . 2012-09-21 19:26 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 15:59 . 2012-09-21 19:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 15:20 . 2012-09-21 19:25 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 16:26 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 16:26 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 16:26 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 16:26 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 14:00 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 12:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 16:26 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 16:26 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}]
2010-07-15 13:52 751000 ----a-w- c:\program files (x86)\GamesBar\2.0.1.59\oberontb.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 01:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6F282B65-56BF-4BD1-A8B2-A4449A05863D}"= "c:\program files (x86)\GamesBar\2.0.1.59\oberontb.dll" [2010-07-15 751000]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{6f282b65-56bf-4bd1-a8b2-a4449a05863d}]
[HKEY_CLASSES_ROOT\Oberontb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}]
[HKEY_CLASSES_ROOT\Oberontb.Band]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03 120176 ---ha-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-31 39408]
"SearchEngineProtection"="c:\program files (x86)\Gamesbar\SearchEngineProtection.exe" [2010-07-15 546200]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-05-06 609312]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-02-05 124136]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-18 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-06-22 69672]
R3 DCamUSBET;ET USB 2760 Camera;c:\windows\system32\DRIVERS\etDevice64.sys [2007-07-24 527744]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter64.sys [2007-06-14 281088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-18 135664]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-22 106112]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
R3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\DRIVERS\OlyCamComm.sys [2009-09-09 24208]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan64.sys [2007-07-24 9216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-19 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-06-15 103472]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-06-22 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-06-22 513456]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-11-12 84584]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-18 20:42]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-18 20:42]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4196916907-1620050822-1915132982-1000Core.job
- c:\users\shaw\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-15 15:38]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4196916907-1620050822-1915132982-1000UA.job
- c:\users\shaw\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-15 15:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06 137584 ---ha-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files (x86)\GamesBar\2.0.1.59\oberontb.dll
TCP: DhcpNameServer = 64.71.255.198 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Olympus ib - c:\program files (x86)\Olympus\ib\olycamdetect.exe
Wow6432Node-HKCU-Run-GameXN GO - c:\programdata\GameXN\GameXNGO.exe
Wow6432Node-HKCU-Run-AMNESdGbAcWy.exe - c:\programdata\AMNESdGbAcWy.exe
Wow6432Node-HKCU-Run-G1VEpCrotDneuI - c:\programdata\G1VEpCrotDneuI.exe
Wow6432Node-HKLM-Run-Olympus ib - c:\program files (x86)\Olympus\ib\olycamdetect.exe
Wow6432Node-HKLM-Run- - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-etMonitor - c:\windows\etMon.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4196916907-1620050822-1915132982-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4196916907-1620050822-1915132982-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-10-26 19:37:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-26 23:37
.
Pre-Run: 570,396,434,432 bytes free
Post-Run: 570,709,340,160 bytes free
.
- - End Of File - - 59BC1BA69536375F07B3BD2E5A90DEC4

woodvalley

Unborn
Unborn

Posts : 1
Joined : 2012-10-27
Operating System : windows7

View user profile

Back to top Go down

Re: Ran combofix, here's logs

Post by DragonMaster Jay on Sun 28 Oct 2012, 5:42 am

Hi there. Read the following on ComboFix for future reference...

The way that ComboFix works is to aggressively remove malware from the system. It automatically fixes Windows Drivers and services, which most antivirus programs will not do.

There is a moderate risk that the fix for the drivers/services will go wrong. Occasionally malware has traps that it will set, which once the malware is removed, the traps will be activated. Without expert supervision, these traps cannot be avoided, thus leaving the user with a huge chance to brick their computer.

See this link to get more info on why it is dangerous.

Our team of experts spend almost three constant weeks of training on ComboFix, and go through a final exam and evaluation on how to use our malware removal tools correctly and safely.

It is a serious undertaking. For those not trained in malware removal, the use of these aggressive tools can cause serious, unexpected damage to the operating system. For best results, only use it as instructed by a certified malware remover.

ComboFix Script


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::
  • Save this as CFScript.txt, in the same location as ComboFix.exe

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum