 | |
| |
| 08 May 2011 | |
| Windows 7 Ultimate 64x 34 posts | Big virus infection going on here i have a huge virus infection going on in my PC and i just reinstalled the windows  i got the following ones: hotstopshield trojan.win32.Generic!BT backdoor.win32.hupigon everytime i scan i find them in here , but cant remove them , anyone? for the backdoor user i tried to play him some music but didnt work , any help is greattly appreaciated Last edited by Emforcer46; 08 May 2011 at 02:38 AM.. Reason: edit |
My System Specs | |
| 08 May 2011 | |
| Windows 7 Ultimate 64-bit 1,008 posts Puyallup, WA, USA | Easiest method: Reinstall windows and get anti-virus/firewall software installed on your machine ASAP. Not easiest method: ComboFix (A guide and tutorial on using ComboFix). It's the single strongest tool. It's like penicillin for the PC, but if done improperly, will kill kittens. Second, Malwarebytes (Malwarebytes : Free anti-malware, anti-virus and spyware removal download) ALSO, if you choose door number two, once you can get offline, do so. It'll slow the progression of the attack. Personally, I would just wipe and start again since you just installed. |
| My System Specs |
| 08 May 2011 | |
| Windows 7 Ultimate 64x 34 posts | i guess i should post this Code: ComboFix 11-05-07.02 - Enforcer46 05/08/2011 13:00:53.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2592 [GMT -7:00]
Running from: d:\chrome downloads\ComboFix.exe
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Enforcer46\AppData\Roaming\data.dat
D:\install.exe
d:\steam\Steam.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-08 19:55 . 2011-05-08 19:59 -------- d-----w- C:\32788R22FWJFW
2011-05-08 16:49 . 2011-05-08 16:49 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-05-08 16:30 . 2011-05-08 16:30 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-05-08 16:30 . 2011-05-08 17:21 -------- d-----w- c:\program files (x86)\Real
2011-05-08 16:18 . 2011-05-08 16:18 -------- d-----w- C:\Hotspot Shield
2011-05-08 10:40 . 2011-05-08 10:40 -------- d-----w- c:\windows\SysWow64\Wat
2011-05-08 10:40 . 2011-05-08 10:40 -------- d-----w- c:\windows\system32\Wat
2011-05-08 10:16 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-08 10:16 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-05-08 10:07 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-05-08 10:07 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-05-08 10:07 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-08 10:07 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-05-08 10:07 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-05-08 10:07 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-05-08 10:07 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-08 10:07 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-05-08 10:07 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-08 10:07 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-05-08 10:06 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-05-08 03:35 . 2011-05-08 03:35 -------- d-----w- c:\program files (x86)\Gyazo
2011-05-08 02:30 . 2011-05-08 02:30 -------- d-----w- c:\program files\Ventrilo
2011-05-08 02:29 . 2011-05-08 02:29 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-05-08 00:14 . 2011-05-08 00:14 -------- d-----w- c:\programdata\Sunbelt
2011-05-08 00:12 . 2010-07-27 11:48 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys
2011-05-08 00:12 . 2010-07-27 11:48 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys
2011-05-08 00:11 . 2010-07-27 11:48 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys
2011-05-08 00:11 . 2010-04-16 01:35 84056 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2011-05-08 00:11 . 2010-08-20 16:18 27472 ----a-w- c:\windows\system32\sbbd.exe
2011-05-08 00:11 . 2010-03-22 19:11 49752 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2011-05-08 00:11 . 2011-05-08 00:11 -------- d-----w- c:\program files (x86)\Sunbelt Software
2011-05-08 00:10 . 2011-05-08 00:10 -------- d-----w- c:\program files (x86)\Webteh
2011-05-07 20:58 . 2011-05-07 20:58 -------- d-----w- c:\programdata\Yahoo! Companion
2011-05-07 20:58 . 2011-05-07 20:58 -------- d-----w- c:\programdata\Yahoo!
2011-05-07 20:57 . 2011-05-07 20:58 -------- d-----w- c:\program files (x86)\Yahoo!
2011-05-07 18:30 . 2011-05-08 19:48 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-05-07 17:47 . 2011-05-08 19:48 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-05-07 17:47 . 2011-05-08 19:46 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-05-07 17:47 . 2011-05-07 18:36 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-05-07 17:47 . 2011-05-07 17:47 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-05-07 10:12 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll
2011-05-07 10:12 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-05-07 10:12 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll
2011-05-07 10:12 . 2010-03-05 07:42 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2011-05-07 10:12 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-05-07 10:12 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-05-07 10:10 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-05-07 10:09 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-05-07 10:04 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-05-07 10:04 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-05-07 06:10 . 2011-05-07 06:10 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2011-05-07 01:23 . 2011-05-07 01:23 -------- d-----w- c:\program files (x86)\TeamViewer
2011-05-07 00:47 . 2011-05-07 04:14 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-05-07 00:25 . 2011-05-07 00:25 -------- d-----w- C:\totalcmd
2011-05-07 00:25 . 2010-12-17 14:56 545 ----a-w- c:\windows\UC.PIF
2011-05-07 00:25 . 2010-12-17 14:56 545 ----a-w- c:\windows\RAR.PIF
2011-05-07 00:25 . 2010-12-17 14:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-05-07 00:25 . 2010-12-17 14:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-05-07 00:25 . 2010-12-17 14:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-05-07 00:25 . 2010-12-17 14:56 545 ----a-w- c:\windows\LHA.PIF
2011-05-07 00:25 . 2010-12-17 14:56 545 ----a-w- c:\windows\ARJ.PIF
2011-05-07 00:11 . 2011-05-07 00:11 -------- d-----w- c:\program files (x86)\Conduit
2011-05-07 00:10 . 2011-05-07 00:10 -------- d-----w- C:\extensions
2011-05-07 00:10 . 2011-05-07 00:10 -------- d-----w- c:\program files (x86)\uTorrent
2011-05-06 23:56 . 2011-05-07 15:14 -------- d-----w- c:\users\UpdatusUser
2011-05-06 23:56 . 2011-05-06 23:57 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-05-06 23:56 . 2011-05-08 20:10 -------- d-----w- c:\programdata\NVIDIA
2011-05-06 23:55 . 2011-05-06 23:55 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-05-06 23:53 . 2011-05-06 23:58 -------- d-----w- c:\program files\NVIDIA Corporation
2011-05-06 23:52 . 2011-05-06 23:52 -------- d-----w- C:\NVIDIA
2011-05-06 22:57 . 2007-09-27 20:47 56320 ----a-w- c:\windows\SysWow64\SFFXComm.dll
2011-05-06 22:57 . 2011-05-06 22:57 -------- d-----w- c:\programdata\SonicFocus
2011-05-06 22:57 . 2011-05-06 22:57 -------- d-----w- c:\program files (x86)\Analog Devices
2011-05-06 22:23 . 2011-05-06 21:31 -------- d-----w- c:\windows\Panther
2011-05-06 22:22 . 2011-05-06 22:22 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-06 22:22 . 2011-05-06 22:22 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-05-06 22:22 . 2011-05-06 22:22 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-06 22:22 . 2011-05-06 22:22 -------- d-----w- c:\program files (x86)\Creative
2011-05-06 22:22 . 2011-05-06 22:22 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-05-06 22:22 . 2008-09-17 22:11 1828352 ------w- c:\windows\system32\adi_oal.dll
2011-05-06 22:22 . 2008-09-17 22:07 1503232 ------w- c:\windows\SysWow64\adi_oal.dll
2011-05-06 22:22 . 2011-05-06 22:22 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2011-05-06 22:21 . 2011-05-06 23:58 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-05-06 22:07 . 2011-05-06 22:07 -------- d-----w- c:\program files\7-Zip
2011-05-06 22:06 . 2011-05-08 17:21 -------- d-sh--w- c:\windows\Installer
2011-05-06 21:57 . 2011-05-06 21:59 -------- d-----w- c:\programdata\Xfire
2011-05-06 21:57 . 2011-05-06 21:57 -------- d-----w- c:\program files (x86)\Xfire
2011-05-06 21:51 . 2011-04-18 16:15 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EF55E9E-14F6-4D32-AACD-08606D965BF6}\mpengine.dll
2011-05-06 21:51 . 2011-02-03 01:11 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-06 21:40 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-05-06 21:40 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-05-06 21:40 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-05-06 21:40 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-05-06 21:39 . 2011-05-06 21:39 -------- d-----w- c:\windows\SysWow64\Macromed
2011-05-06 21:33 . 2011-05-07 00:47 -------- d-----w- c:\users\Enforcer46
2011-05-06 21:30 . 2011-05-06 21:30 -------- d-----w- C:\Recovery
2011-04-17 19:57 . 2011-04-17 19:57 41872 ----a-w- c:\windows\SysWow64\xfcodec.dll
2011-04-17 19:57 . 2011-04-17 19:57 27536 ----a-w- c:\windows\system32\xfcodec64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-06 22:20 . 2009-06-06 00:42 56320 ----a-w- c:\windows\system32\AEADIAPR.dll
2011-04-08 06:19 . 2011-04-08 06:19 61032 ----a-w- c:\windows\system32\nvshext.dll
2011-04-08 06:19 . 2011-04-08 06:19 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-08 06:19 . 2011-04-08 06:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-08 06:19 . 2011-04-08 06:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-08 06:19 . 2011-04-08 06:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-08 06:19 . 2011-04-08 06:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-08 06:18 . 2011-04-08 06:18 3041384 ----a-w- c:\windows\system32\nvsvc64.dll
2011-04-08 05:14 . 2009-07-13 21:59 8411752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-03-07 02:08 . 2011-03-07 02:08 93552 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
2011-03-07 00:52 . 2011-03-07 00:52 134512 ----a-w- c:\windows\SysWow64\ElbyVCD.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 20:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 20:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-05-07 399736]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-10-25 1302528]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-08-20 1348944]
.
c:\users\Enforcer46\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2011-4-17 3510160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2010-08-20 2763080]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-03-22 49752]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2010-08-20 181584]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2211465620-2245048784-1094711837-1001Core.job
- c:\users\Enforcer46\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-06 21:39]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2211465620-2245048784-1094711837-1001UA.job
- c:\users\Enforcer46\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-06 21:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Steam - d:\steam\Steam.exe
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-Steam App 56400 - d:\steam\steam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2211465620-2245048784-1094711837-1001\Software\SecuROM\License information*]
"datasecu"=hex:d2,1b,7b,c7,30,f9,7f,4d,6e,be,8c,03,a1,da,5f,99,a9,08,a8,46,85,
35,63,2c,ac,50,83,76,5c,02,b9,d0,65,6e,09,5e,ef,6a,6e,fb,47,22,82,29,b6,9a,\
"rkeysecu"=hex:3f,50,74,30,f7,61,d3,9c,51,b2,02,e7,2a,3b,6b,e0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\totalcmd\TOTALCMD.EXE
.
**************************************************************************
.
Completion time: 2011-05-08 13:13:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-08 20:13
.
Pre-Run: 9,842,225,152 bytes free
Post-Run: 9,921,277,952 bytes free
.
- - End Of File - - 26B39A63261C36CE2CDE992E577C7268 Last edited by Airbot; 09 May 2011 at 01:34 AM.. |
| My System Specs |
| . |
| |
| 08 May 2011 | |
| Windows 7 Ultimate 64-bit 1,008 posts Puyallup, WA, USA | Be advised that ComboFix nuked Steam if you have that on your machine. You'll need to re-install it.  How are things now? |
| My System Specs |
| 08 May 2011 | |
| Windows 7 Ultimate X64 SP1 13,823 posts Mt. Crumpit/Whoville | What type of reinstall did you do? IF you did a repair install, the infection will probably remain in the C\:windows.old folder. This remains to get one back quickly after upgrading. If however you did a clean reinstall, that should have fixed the infection...usually at any rate. And yes, get a good AV/firewall suite and keep it current. Here is one fairly good free firewall. Zonealarm Free Anti-virus. AVG Anti-Virus Free Malwarebytes Free Super Anti Spyware Good luck. Let us know how you fare.  |
| My System Specs |
| 08 May 2011 | |
| Windows 7 Ultimate 64x 34 posts | I've got Vipre Antivirus Premium , seems like they are gone , but i cant really because my PC is kind of freezing for 5-6 seconds , from time to time , could be my PSU failing or my weak CPU , but anyway , just to be sure i should wait a few days to see if anything really changed , thanks |
| My System Specs |
| 08 May 2011 | |
| Windows 7 Ultimate 32 Bit, Windows Developer Preview, Linux Mint 9 Gnome 32 Bit 460 posts Philippines | Maybe those malware has some left over keys on the Registry that are still causing problems. |
| My System Specs |
| 08 May 2011 | |
| Windows 7 Ultimate X64 SP1 13,823 posts Mt. Crumpit/Whoville | Ok please let us know how it goes for you. What is Vipre? Is that a non-US product, new to me. |
| My System Specs |
| 08 May 2011 | |
| Win 7 Pro 64-bit 6,693 posts South Central Texas | 
Quote: Originally Posted by Britton30  Ok please let us know how it goes for you. What is Vipre? Is that a non-US product, new to me. |
| My System Specs |
| 09 May 2011 | |
| Windows 7 6 posts | Get the kaspersky boot disc. This will boot off itself and scan and clean your HDD. Then you can reinstall OS. Looks like all partitions are infected by the virus. If the other method isn't possible, you can install ESET Smart security, update it and do a full scan |
| My System Specs |
 |
Big virus infection going on here problems?
| Thread Tools | |
| Similar help and support threads for: Big virus infection going on here | ||||
| Thread | Forum | |||
| How to restore network and LAN configuration after virus infection? | Network & Sharing | |||
| [WTA] Virus Infection from another Notebook | System Security | |||
 Infection by fake AV virus | System Security | |||
| BSOD after virus infection and removal | BSOD Help and Support | |||
| Constant BSODs after virus infection | BSOD Help and Support | |||
All times are GMT -5. The time now is 01:43 AM.
