Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Avast keeps giving windows.malware-gen and win32.downloader.PKU 9tj) a


  • This topic is locked This topic is locked

#76
betsym

betsym

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
I can't find a previous combofix report because it didn't get saved before the computer restarted. While I was running the TDSSKiller, my Avast popped up with the message that it had blocked a rootkit so apparently I've still got some issues! I can run the TDSSKiller several times in a row and still come up with threats found. I haven't slept in 2 days but I'm going to stay awake until I hear back from you about what to do next.
  • 0

Advertisements


#77
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Avast alert was as TDSSKiller was moving the files, the threats found if they are the same as below are not a problem, they are just unsigned files

09:20:20.0256 4764 cbVSCService11 ( UnsignedFile.Multi.Generic ) - skipped by user
09:20:20.0256 4764 cbVSCService11 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:20:20.0257 4764 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:20:20.0257 4764 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:20:20.0258 4764 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:20:20.0258 4764 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:20:20.0259 4764 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:20:20.0259 4764 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip


If you could re-run Combofix it will show what it fixed last time around... How is the computer behaving now ?
  • 0

#78
betsym

betsym

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
The computer is still infected! I hope you are still on here. I will run another combofix session and post it back asap. when i booted my computer on, Avast ran a bootscan and came up with the TDSSKiller and MBR Pihar
  • 0

#79
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What was the avast locatiion.. Was it TDSSKiller quarantine perchance.. If so then it is harmless
  • 0

#80
betsym

betsym

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
ComboFix 12-10-31.03 - Betsy 10/31/2012 17:21:11.5.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.3311 [GMT -4:00]
Running from: c:\users\Betsy\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-31 )))))))))))))))))))))))))))))))
.
.
2012-10-31 21:27 . 2012-10-31 21:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-10-31 21:27 . 2012-10-31 21:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-31 21:27 . 2012-10-31 21:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-31 21:27 . 2012-10-31 21:27 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-10-31 21:27 . 2012-10-31 21:27 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-10-31 21:27 . 2012-10-31 21:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-31 21:27 . 2012-10-31 21:27 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-30 08:08 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5548A6B5-8C31-41C1-A015-955CAC2445E5}\mpengine.dll
2012-10-29 14:42 . 2012-10-29 14:42 -------- d-----w- c:\program files (x86)\BrowserProtect
2012-10-29 03:34 . 2012-10-29 03:34 -------- d-----w- c:\program files (x86)\AddLyrics
2012-10-27 23:53 . 2012-10-27 23:53 -------- d-----w- c:\program files (x86)\ERUNT
2012-10-27 15:33 . 2012-10-02 19:51 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-27 15:27 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-27 15:27 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-27 15:27 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-27 15:27 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-27 15:27 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-10-27 15:27 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-27 15:27 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-27 15:27 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-27 15:27 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-27 15:27 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-10-27 15:27 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-27 13:20 . 2012-10-29 17:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-27 11:41 . 2012-10-27 11:41 -------- d-----w- C:\_OTL
2012-10-22 18:09 . 2012-10-22 18:09 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-22 03:10 . 2012-10-25 05:07 -------- d-----w- c:\users\Betsy\AppData\Local\DIRECTV Player
2012-10-19 02:47 . 2012-10-19 02:47 -------- d-----w- c:\users\Betsy\AppData\Local\Adobe_Systems_Incorporate
2012-10-11 01:22 . 2012-10-11 01:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 01:22 . 2012-10-11 01:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 01:22 . 2012-10-11 01:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 01:22 . 2012-10-11 01:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 01:22 . 2012-10-11 01:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 01:22 . 2012-10-11 01:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 01:22 . 2012-10-11 01:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 01:22 . 2012-10-11 01:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-10 08:00 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 08:00 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 08:00 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 08:00 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-09 15:03 . 2012-10-09 15:03 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-02 17:15 . 2012-10-02 17:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-31 14:07 . 2012-02-24 21:46 196608 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-10-23 10:18 . 2012-07-20 06:58 364096 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-23 10:18 . 2012-07-20 06:58 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-23 10:18 . 2012-07-20 06:58 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-23 10:18 . 2012-07-20 06:58 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-23 10:18 . 2012-07-20 06:58 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-23 10:17 . 2012-07-20 06:58 41224 ----a-w- c:\windows\avastSS.scr
2012-10-23 10:17 . 2012-07-20 06:58 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-23 10:17 . 2012-01-31 21:04 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-07-20 06:58 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-11 01:23 . 2011-05-21 11:01 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 01:23 . 2012-01-31 19:56 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 01:23 . 2011-05-21 11:01 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 13:08 . 2012-01-31 20:22 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 15:03 . 2012-08-17 02:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 15:03 . 2012-08-17 02:07 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-02 19:51 . 2011-03-01 02:46 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-03-01 02:46 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-03-01 02:47 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-03-01 02:47 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2011-03-01 02:47 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-03-01 02:47 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-09-29 23:54 . 2012-01-31 21:00 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 00:50 . 2012-09-28 00:50 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2012-09-12 11:47 . 2012-09-12 08:05 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-09-12 11:47 . 2012-09-12 08:05 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-09-12 11:47 . 2012-09-12 08:05 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-09-12 11:47 . 2012-09-12 08:05 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-09-08 13:49 . 2012-09-08 13:50 90824 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2012-09-08 13:49 . 2012-09-08 13:50 109256 ----a-w- c:\windows\SysWow64\EasyHook64.dll
2012-09-08 13:49 . 2012-09-08 13:49 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
2012-08-24 11:15 . 2012-09-22 07:00 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 07:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 07:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 07:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 07:00 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 07:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 07:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 07:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 07:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 07:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 07:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 07:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 07:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 04:25 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 04:25 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 04:25 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 04:25 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-28 00:47 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 17:01 . 2012-09-22 13:19 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-01-31 21:00 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-01-31 21:00 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 07:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 14:53 . 2012-08-20 14:08 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-08-17 01:58 . 2012-07-27 18:46 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-17 01:58 . 2012-07-27 18:46 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"= "c:\program files (x86)\IObit Toolbar\IE\6.3\iobitToolbarIE.dll" [2012-09-19 1215368]
.
[HKEY_CLASSES_ROOT\clsid\{0bda0769-fd72-49f4-9266-e1fb004f4d8f}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-27 13:25 220632 ----a-w- c:\users\Betsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-27 13:25 220632 ----a-w- c:\users\Betsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-27 13:25 220632 ----a-w- c:\users\Betsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-27 5628800]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"GoogleChromeAutoLaunch_0A5F8865FCC28F04CD315B29B2948A97"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-10-10 1239064]
"SkyDrive"="c:\users\Betsy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-10-27 238552]
"Spotify Web Helper"="c:\users\Betsy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-19 1192664]
"BrowserProtect"="c:\program files (x86)\BrowserProtect\BpAuto.lnk" [2012-10-29 2235]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-07-09 1240848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"addlyrics@addlyrics.net"="c:\program files (x86)\AddLyrics\YTLUpdater.exe" [2012-10-09 99328]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-07-02 4473728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-23 71600]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R2 BpSvc;BrowserProtect Anti-Hijack Service;c:\program files (x86)\BrowserProtect\BpSvc.exe [2011-11-11 1867776]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-06-29 67584]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
R2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-28 115168]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-11 1258856]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~2\VideoAcceleratorService.exe [2012-09-08 277744]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
R3 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-01-25 172648]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]
R3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_amd64.sys [2012-06-21 549704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-31 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-05-25 57976]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-22 140672]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-14 c:\windows\Tasks\1 Copernic Intra-Daily ~Betsy-PC Betsy.job
- c:\program files (x86)\Copernic Agent\CopernicAgent.exe [2012-02-14 00:16]
.
2012-02-14 c:\windows\Tasks\2 Copernic Daily ~Betsy-PC Betsy.job
- c:\program files (x86)\Copernic Agent\CopernicAgent.exe [2012-02-14 00:16]
.
2012-02-14 c:\windows\Tasks\3 Copernic Weekly ~Betsy-PC Betsy.job
- c:\program files (x86)\Copernic Agent\CopernicAgent.exe [2012-02-14 00:16]
.
2012-02-14 c:\windows\Tasks\4 Copernic Monthly ~Betsy-PC Betsy.job
- c:\program files (x86)\Copernic Agent\CopernicAgent.exe [2012-02-14 00:16]
.
2012-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 15:03]
.
2012-10-25 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-20 10:17]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 21:10]
.
2012-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 21:10]
.
2012-07-20 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-07-20 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-07-20 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-27 13:25 244696 ----a-w- c:\users\Betsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-27 13:25 244696 ----a-w- c:\users\Betsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-27 13:25 244696 ----a-w- c:\users\Betsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-23 10:17 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
Trusted Zone: netflix.com
Trusted Zone: secondlife.com\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5E9B35FA-AE15-4EA9-9A05-2769738C5599}: NameServer = 8.8.8.8,4.2.2.1
DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - hxxp://www.activeworlds.com/products/ActiveWorldsDownload.cab
FF - ProfilePath - c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fp-tyc9
FF - ExtSQL: 2012-10-28 23:22; {f69e22c7-bc50-414a-9269-0f5c344cd94c}; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
FF - ExtSQL: 2012-10-28 23:22; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF - ExtSQL: 2012-10-28 23:22; {cd617372-6743-4ee4-bac4-fbf60f35719e}; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi
FF - ExtSQL: 2012-10-28 23:22; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2012-10-28 23:22; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2012-10-28 23:22; {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
FF - ExtSQL: 2012-10-28 23:22; {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
FF - ExtSQL: 2012-10-28 23:22; {54BB9F3F-07E5-486c-9B39-C7398B99391C}; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
FF - ExtSQL: 2012-10-28 23:22; {5384767E-00D9-40E9-B72F-9CC39D655D6F}; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF - ExtSQL: 2012-10-28 23:22; {4cc4a13b-94a6-7568-370d-5f9de54a9c7f}; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi
FF - ExtSQL: 2012-10-28 23:22; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2012-10-28 23:22; {3e0c7f3a-3f50-4730-beb5-4a9a10e2831c}; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\{3e0c7f3a-3f50-4730-beb5-4a9a10e2831c}
FF - ExtSQL: 2012-10-28 23:22; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2012-10-28 23:22; {15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}.xpi
FF - ExtSQL: 2012-10-28 23:22; nosquint@urandom.ca; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\nosquint@urandom.ca.xpi
FF - ExtSQL: 2012-10-28 23:22; mintrayr@tn123.ath.cx; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\mintrayr@tn123.ath.cx
FF - ExtSQL: 2012-10-28 23:22; linkalert.conlan@addons.mozilla.com; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\linkalert.conlan@addons.mozilla.com.xpi
FF - ExtSQL: 2012-10-28 23:22; guiconfig@slosd.net; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\guiconfig@slosd.net.xpi
FF - ExtSQL: 2012-10-28 23:22; firefox@ghostery.com; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\firefox@ghostery.com
FF - ExtSQL: 2012-10-28 23:22; feedly@devhd; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\feedly@devhd.xpi
FF - ExtSQL: 2012-10-28 23:22; fabtab@captaincaveman.nl; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\fabtab@captaincaveman.nl.xpi
FF - ExtSQL: 2012-10-28 23:22; donottrackplus@abine.com; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\donottrackplus@abine.com
FF - ExtSQL: 2012-10-28 23:22; cybersearch@cybernetnews.com; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\cybersearch@cybernetnews.com
FF - ExtSQL: 2012-10-28 23:22; custombuttons@xsms.org; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\custombuttons@xsms.org
FF - ExtSQL: 2012-10-28 23:22; copy-urls-expert@kashiif-gmail.com; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\copy-urls-expert@kashiif-gmail.com.xpi
FF - ExtSQL: 2012-10-28 23:22; client@anonymox.net; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\client@anonymox.net.xpi
FF - ExtSQL: 2012-10-28 23:22; btpersonas@brandthunder.com; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\btpersonas@brandthunder.com
FF - ExtSQL: 2012-10-28 23:22; browserprotect@browserprotect.com; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\browserprotect@browserprotect.com.xpi
FF - ExtSQL: 2012-10-28 23:22; abhere2@moztw.org; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\abhere2@moztw.org.xpi
FF - ExtSQL: 2012-10-28 23:22; CompactMenuCE@Merci.chao; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\CompactMenuCE@Merci.chao.xpi
FF - ExtSQL: 2012-10-28 23:34; addlyrics@addlyrics.net; c:\program files (x86)\AddLyrics\FF
FF - ExtSQL: 2012-10-29 00:12; personas@christopher.beard; c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\qj012uu8.default\extensions\personas@christopher.beard.xpi
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-31 17:29:09
ComboFix-quarantined-files.txt 2012-10-31 21:29
ComboFix2.txt 2012-10-29 16:08
ComboFix3.txt 2012-10-27 14:17
.
Pre-Run: 755,578,032,128 bytes free
Post-Run: 755,265,638,400 bytes free
.
- - End Of File - - FBDE43A0BB5F1CC88EBA85EED66849E5
  • 0

#81
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What was the location of the files that Avast found ?
  • 0

#82
betsym

betsym

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
File C:/TDSSKiller+_Quarantine/22.10.2012+_09.15.28/Mbr0000/mbr/0000/tsk0000.dta at least that's what I wrote down afterwards. I need to run the scan again
  • 0

#83
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope that file is quite safe in quarantine... How is the computer behaving now
  • 0

#84
betsym

betsym

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
seems to be okay. did the combofix say it was clean? Is there anything else I need to do?

Edited by betsym, 31 October 2012 - 05:26 PM.

  • 0

#85
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
From my end it looks OK

Do you wish me to remove my tools now ?
  • 0

Advertisements


#86
betsym

betsym

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
Yeah, if you need to. I downloaded the ERUNDT program to backup my computer but it doesn't seem to be working right. It's having a problem saving some files. Should I just delete the program?
  • 0

#87
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes uninstall Erunt

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#88
betsym

betsym

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
Do I really need to uninstall combofix?
  • 0

#89
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes as the programme is updated regularly and after it is 7 days old it will cease to work
  • 0

#90
betsym

betsym

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
ok
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP