Big virus infection going on here

Page 1 of 3 123 LastLast

  1. Posts : 34
    Windows 7 Ultimate 64x
       #1

    Big virus infection going on here


    i have a huge virus infection going on in my PC and i just reinstalled the windows

    i got the following ones:

    hotstopshield
    trojan.win32.Generic!BT
    backdoor.win32.hupigon

    everytime i scan i find them in here , but cant remove them , anyone?

    for the backdoor user i tried to play him some music but didnt work , any help is greattly appreaciated
    Last edited by Emforcer46; 08 May 2011 at 02:38. Reason: edit
      My Computer


  2. Posts : 966
    Windows 7 Ultimate 64-bit
       #2

    Easiest method: Reinstall windows and get anti-virus/firewall software installed on your machine ASAP.

    Not easiest method: ComboFix (A guide and tutorial on using ComboFix). It's the single strongest tool. It's like penicillin for the PC, but if done improperly, will kill kittens. Second, Malwarebytes (Malwarebytes : Free anti-malware, anti-virus and spyware removal download)

    ALSO, if you choose door number two, once you can get offline, do so. It'll slow the progression of the attack. Personally, I would just wipe and start again since you just installed.
      My Computer


  3. Posts : 34
    Windows 7 Ultimate 64x
    Thread Starter
       #3

    i guess i should post this

    Code:
    ComboFix 11-05-07.02 - Enforcer46 05/08/2011  13:00:53.1.2 - x64
    Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.4095.2592 [GMT -7:00]
    Running from: d:\chrome downloads\ComboFix.exe
    AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
    FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
    SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Enforcer46\AppData\Roaming\data.dat
    D:\install.exe
    d:\steam\Steam.exe
    .
    .
    (((((((((((((((((((((((((   Files Created from 2011-04-08 to 2011-05-08  )))))))))))))))))))))))))))))))
    .
    .
    2011-05-08 19:55 . 2011-05-08 19:59    --------    d-----w-    C:\32788R22FWJFW
    2011-05-08 16:49 . 2011-05-08 16:49    --------    d-----w-    c:\program files (x86)\Microsoft.NET
    2011-05-08 16:30 . 2011-05-08 16:30    348160    ----a-w-    c:\windows\SysWow64\msvcr71.dll
    2011-05-08 16:30 . 2011-05-08 17:21    --------    d-----w-    c:\program files (x86)\Real
    2011-05-08 16:18 . 2011-05-08 16:18    --------    d-----w-    C:\Hotspot Shield
    2011-05-08 10:40 . 2011-05-08 10:40    --------    d-----w-    c:\windows\SysWow64\Wat
    2011-05-08 10:40 . 2011-05-08 10:40    --------    d-----w-    c:\windows\system32\Wat
    2011-05-08 10:16 . 2009-09-10 06:28    311808    ----a-w-    c:\windows\system32\msv1_0.dll
    2011-05-08 10:16 . 2009-09-10 05:52    257024    ----a-w-    c:\windows\SysWow64\msv1_0.dll
    2011-05-08 10:07 . 2009-11-25 19:47    99176    ----a-w-    c:\windows\SysWow64\PresentationHostProxy.dll
    2011-05-08 10:07 . 2009-11-25 19:47    49472    ----a-w-    c:\windows\SysWow64\netfxperf.dll
    2011-05-08 10:07 . 2009-11-25 19:47    48960    ----a-w-    c:\windows\system32\netfxperf.dll
    2011-05-08 10:07 . 2009-11-25 19:47    297808    ----a-w-    c:\windows\SysWow64\mscoree.dll
    2011-05-08 10:07 . 2009-11-25 19:47    295264    ----a-w-    c:\windows\SysWow64\PresentationHost.exe
    2011-05-08 10:07 . 2009-11-25 19:47    1130824    ----a-w-    c:\windows\SysWow64\dfshim.dll
    2011-05-08 10:07 . 2009-11-25 19:47    109912    ----a-w-    c:\windows\system32\PresentationHostProxy.dll
    2011-05-08 10:07 . 2009-11-25 19:47    444752    ----a-w-    c:\windows\system32\mscoree.dll
    2011-05-08 10:07 . 2009-11-25 19:47    320352    ----a-w-    c:\windows\system32\PresentationHost.exe
    2011-05-08 10:07 . 2009-11-25 19:47    1942856    ----a-w-    c:\windows\system32\dfshim.dll
    2011-05-08 10:06 . 2010-02-23 08:16    294912    ----a-w-    c:\windows\system32\browserchoice.exe
    2011-05-08 03:35 . 2011-05-08 03:35    --------    d-----w-    c:\program files (x86)\Gyazo
    2011-05-08 02:30 . 2011-05-08 02:30    --------    d-----w-    c:\program files\Ventrilo
    2011-05-08 02:29 . 2011-05-08 02:29    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
    2011-05-08 00:14 . 2011-05-08 00:14    --------    d-----w-    c:\programdata\Sunbelt
    2011-05-08 00:12 . 2010-07-27 11:48    60504    ----a-w-    c:\windows\system32\drivers\sbhips.sys
    2011-05-08 00:12 . 2010-07-27 11:48    94296    ----a-w-    c:\windows\system32\drivers\sbtis.sys
    2011-05-08 00:11 . 2010-07-27 11:48    253528    ----a-w-    c:\windows\system32\drivers\SbFw.sys
    2011-05-08 00:11 . 2010-04-16 01:35    84056    ----a-w-    c:\windows\system32\drivers\SbFwIm.sys
    2011-05-08 00:11 . 2010-08-20 16:18    27472    ----a-w-    c:\windows\system32\sbbd.exe
    2011-05-08 00:11 . 2010-03-22 19:11    49752    ----a-w-    c:\windows\system32\drivers\sbredrv.sys
    2011-05-08 00:11 . 2011-05-08 00:11    --------    d-----w-    c:\program files (x86)\Sunbelt Software
    2011-05-08 00:10 . 2011-05-08 00:10    --------    d-----w-    c:\program files (x86)\Webteh
    2011-05-07 20:58 . 2011-05-07 20:58    --------    d-----w-    c:\programdata\Yahoo! Companion
    2011-05-07 20:58 . 2011-05-07 20:58    --------    d-----w-    c:\programdata\Yahoo!
    2011-05-07 20:57 . 2011-05-07 20:58    --------    d-----w-    c:\program files (x86)\Yahoo!
    2011-05-07 18:30 . 2011-05-08 19:48    280768    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
    2011-05-07 17:47 . 2011-05-08 19:48    280768    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
    2011-05-07 17:47 . 2011-05-08 19:46    215128    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
    2011-05-07 17:47 . 2011-05-07 18:36    75136    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
    2011-05-07 17:47 . 2011-05-07 17:47    2434856    ----a-w-    c:\windows\SysWow64\pbsvc_bc2.exe
    2011-05-07 10:12 . 2010-10-27 05:06    2048    ----a-w-    c:\windows\system32\tzres.dll
    2011-05-07 10:12 . 2010-10-27 04:32    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
    2011-05-07 10:12 . 2010-03-05 07:52    84992    ----a-w-    c:\windows\system32\asycfilt.dll
    2011-05-07 10:12 . 2010-03-05 07:42    67584    ----a-w-    c:\windows\SysWow64\asycfilt.dll
    2011-05-07 10:12 . 2010-12-18 06:11    714752    ----a-w-    c:\windows\system32\kerberos.dll
    2011-05-07 10:12 . 2010-12-18 05:29    541184    ----a-w-    c:\windows\SysWow64\kerberos.dll
    2011-05-07 10:10 . 2011-03-11 06:19    1395712    ----a-w-    c:\windows\system32\mfc42.dll
    2011-05-07 10:09 . 2011-03-03 05:27    28672    ----a-w-    c:\windows\SysWow64\dnscacheugc.exe
    2011-05-07 10:04 . 2010-08-27 06:14    236032    ----a-w-    c:\windows\system32\srvsvc.dll
    2011-05-07 10:04 . 2010-08-27 05:46    9728    ----a-w-    c:\windows\SysWow64\sscore.dll
    2011-05-07 06:10 . 2011-05-07 06:10    --------    d-----w-    c:\program files (x86)\Elaborate Bytes
    2011-05-07 01:23 . 2011-05-07 01:23    --------    d-----w-    c:\program files (x86)\TeamViewer
    2011-05-07 00:47 . 2011-05-07 04:14    --------    d-----w-    c:\program files (x86)\Common Files\Steam
    2011-05-07 00:25 . 2011-05-07 00:25    --------    d-----w-    C:\totalcmd
    2011-05-07 00:25 . 2010-12-17 14:56    545    ----a-w-    c:\windows\UC.PIF
    2011-05-07 00:25 . 2010-12-17 14:56    545    ----a-w-    c:\windows\RAR.PIF
    2011-05-07 00:25 . 2010-12-17 14:56    545    ----a-w-    c:\windows\PKZIP.PIF
    2011-05-07 00:25 . 2010-12-17 14:56    545    ----a-w-    c:\windows\PKUNZIP.PIF
    2011-05-07 00:25 . 2010-12-17 14:56    545    ----a-w-    c:\windows\NOCLOSE.PIF
    2011-05-07 00:25 . 2010-12-17 14:56    545    ----a-w-    c:\windows\LHA.PIF
    2011-05-07 00:25 . 2010-12-17 14:56    545    ----a-w-    c:\windows\ARJ.PIF
    2011-05-07 00:11 . 2011-05-07 00:11    --------    d-----w-    c:\program files (x86)\Conduit
    2011-05-07 00:10 . 2011-05-07 00:10    --------    d-----w-    C:\extensions
    2011-05-07 00:10 . 2011-05-07 00:10    --------    d-----w-    c:\program files (x86)\uTorrent
    2011-05-06 23:56 . 2011-05-07 15:14    --------    d-----w-    c:\users\UpdatusUser
    2011-05-06 23:56 . 2011-05-06 23:57    --------    d-----w-    c:\program files (x86)\NVIDIA Corporation
    2011-05-06 23:56 . 2011-05-08 20:10    --------    d-----w-    c:\programdata\NVIDIA
    2011-05-06 23:55 . 2011-05-06 23:55    --------    d-----w-    c:\programdata\NVIDIA Corporation
    2011-05-06 23:53 . 2011-05-06 23:58    --------    d-----w-    c:\program files\NVIDIA Corporation
    2011-05-06 23:52 . 2011-05-06 23:52    --------    d-----w-    C:\NVIDIA
    2011-05-06 22:57 . 2007-09-27 20:47    56320    ----a-w-    c:\windows\SysWow64\SFFXComm.dll
    2011-05-06 22:57 . 2011-05-06 22:57    --------    d-----w-    c:\programdata\SonicFocus
    2011-05-06 22:57 . 2011-05-06 22:57    --------    d-----w-    c:\program files (x86)\Analog Devices
    2011-05-06 22:23 . 2011-05-06 21:31    --------    d-----w-    c:\windows\Panther
    2011-05-06 22:22 . 2011-05-06 22:22    419840    ----a-w-    c:\windows\system32\wrap_oal.dll
    2011-05-06 22:22 . 2011-05-06 22:22    413696    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
    2011-05-06 22:22 . 2011-05-06 22:22    133632    ----a-w-    c:\windows\system32\OpenAL32.dll
    2011-05-06 22:22 . 2011-05-06 22:22    --------    d-----w-    c:\program files (x86)\Creative
    2011-05-06 22:22 . 2011-05-06 22:22    110592    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
    2011-05-06 22:22 . 2008-09-17 22:11    1828352    ------w-    c:\windows\system32\adi_oal.dll
    2011-05-06 22:22 . 2008-09-17 22:07    1503232    ------w-    c:\windows\SysWow64\adi_oal.dll
    2011-05-06 22:22 . 2011-05-06 22:22    --------    d-----w-    c:\program files (x86)\Common Files\InstallShield
    2011-05-06 22:21 . 2011-05-06 23:58    --------    d--h--w-    c:\program files (x86)\InstallShield Installation Information
    2011-05-06 22:07 . 2011-05-06 22:07    --------    d-----w-    c:\program files\7-Zip
    2011-05-06 22:06 . 2011-05-08 17:21    --------    d-sh--w-    c:\windows\Installer
    2011-05-06 21:57 . 2011-05-06 21:59    --------    d-----w-    c:\programdata\Xfire
    2011-05-06 21:57 . 2011-05-06 21:57    --------    d-----w-    c:\program files (x86)\Xfire
    2011-05-06 21:51 . 2011-04-18 16:15    8802128    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EF55E9E-14F6-4D32-AACD-08606D965BF6}\mpengine.dll
    2011-05-06 21:51 . 2011-02-03 01:11    270720    ------w-    c:\windows\system32\MpSigStub.exe
    2011-05-06 21:40 . 2009-12-29 08:03    220672    ----a-w-    c:\windows\system32\wintrust.dll
    2011-05-06 21:40 . 2009-12-29 06:55    172032    ----a-w-    c:\windows\SysWow64\wintrust.dll
    2011-05-06 21:40 . 2010-01-09 07:19    139264    ----a-w-    c:\windows\system32\cabview.dll
    2011-05-06 21:40 . 2010-01-09 06:52    132608    ----a-w-    c:\windows\SysWow64\cabview.dll
    2011-05-06 21:39 . 2011-05-06 21:39    --------    d-----w-    c:\windows\SysWow64\Macromed
    2011-05-06 21:33 . 2011-05-07 00:47    --------    d-----w-    c:\users\Enforcer46
    2011-05-06 21:30 . 2011-05-06 21:30    --------    d-----w-    C:\Recovery
    2011-04-17 19:57 . 2011-04-17 19:57    41872    ----a-w-    c:\windows\SysWow64\xfcodec.dll
    2011-04-17 19:57 . 2011-04-17 19:57    27536    ----a-w-    c:\windows\system32\xfcodec64.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-06 22:20 . 2009-06-06 00:42    56320    ----a-w-    c:\windows\system32\AEADIAPR.dll
    2011-04-08 06:19 . 2011-04-08 06:19    61032    ----a-w-    c:\windows\system32\nvshext.dll
    2011-04-08 06:19 . 2011-04-08 06:19    2582120    ----a-w-    c:\windows\system32\nvsvcr.dll
    2011-04-08 06:19 . 2011-04-08 06:19    117864    ----a-w-    c:\windows\system32\nvmctray.dll
    2011-04-08 06:19 . 2011-04-08 06:19    1012328    ----a-w-    c:\windows\system32\nvvsvc.exe
    2011-04-08 06:19 . 2011-04-08 06:19    797288    ----a-w-    c:\windows\system32\easyUpdatusAPIU64.dll
    2011-04-08 06:19 . 2011-04-08 06:19    6338152    ----a-w-    c:\windows\system32\nvcpl.dll
    2011-04-08 06:18 . 2011-04-08 06:18    3041384    ----a-w-    c:\windows\system32\nvsvc64.dll
    2011-04-08 05:14 . 2009-07-13 21:59    8411752    ----a-w-    c:\windows\system32\nvwgf2umx.dll
    2011-03-07 02:08 . 2011-03-07 02:08    93552    ----a-w-    c:\windows\SysWow64\ElbyCDIO.dll
    2011-03-07 00:52 . 2011-03-07 00:52    134512    ----a-w-    c:\windows\SysWow64\ElbyVCD.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 20:51    3911776    ----a-w-    c:\program files (x86)\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-12-09 20:51    3911776    ----a-w-    c:\program files (x86)\uTorrentBar\tbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-05-07 399736]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-10-25 1302528]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-08-20 1348944]
    .
    c:\users\Enforcer46\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2011-4-17 3510160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
    R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2010-08-20 2763080]
    R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-03-22 49752]
    S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
    S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2010-08-20 181584]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
    S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
    S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2211465620-2245048784-1094711837-1001Core.job
    - c:\users\Enforcer46\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-06 21:39]
    .
    2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2211465620-2245048784-1094711837-1001UA.job
    - c:\users\Enforcer46\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-06 21:39]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-Steam - d:\steam\Steam.exe
    BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
    AddRemove-Steam App 56400 - d:\steam\steam.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2211465620-2245048784-1094711837-1001\Software\SecuROM\License information*]
    "datasecu"=hex:d2,1b,7b,c7,30,f9,7f,4d,6e,be,8c,03,a1,da,5f,99,a9,08,a8,46,85,
       35,63,2c,ac,50,83,76,5c,02,b9,d0,65,6e,09,5e,ef,6a,6e,fb,47,22,82,29,b6,9a,\
    "rkeysecu"=hex:3f,50,74,30,f7,61,d3,9c,51,b2,02,e7,2a,3b,6b,e0
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\totalcmd\TOTALCMD.EXE
    .
    **************************************************************************
    .
    Completion time: 2011-05-08  13:13:19 - machine was rebooted
    ComboFix-quarantined-files.txt  2011-05-08 20:13
    .
    Pre-Run: 9,842,225,152 bytes free
    Post-Run: 9,921,277,952 bytes free
    .
    - - End Of File - - 26B39A63261C36CE2CDE992E577C7268
    Last edited by Airbot; 09 May 2011 at 01:34.
      My Computer


  4. Posts : 966
    Windows 7 Ultimate 64-bit
       #4

    Be advised that ComboFix nuked Steam if you have that on your machine. You'll need to re-install it.

    How are things now?
      My Computer


  5. Posts : 24,479
    Windows 7 Ultimate X64 SP1
       #5

    What type of reinstall did you do? IF you did a repair install, the infection will probably remain in the C\:windows.old folder. This remains to get one back quickly after upgrading.
    If however you did a clean reinstall, that should have fixed the infection...usually at any rate. And yes, get a good AV/firewall suite and keep it current.

    Here is one fairly good free firewall. Zonealarm Free
    Anti-virus. AVG Anti-Virus Free
    Malwarebytes Free
    Super Anti Spyware
    Good luck. Let us know how you fare.:)
      My Computer


  6. Posts : 34
    Windows 7 Ultimate 64x
    Thread Starter
       #6

    I've got Vipre Antivirus Premium , seems like they are gone , but i cant really because my PC is kind of freezing for 5-6 seconds , from time to time , could be my PSU failing or my weak CPU , but anyway , just to be sure i should wait a few days to see if anything really changed , thanks
      My Computer


  7. Posts : 477
    Windows 7 Ultimate 32 Bit, Windows Developer Preview, Linux Mint 9 Gnome 32 Bit
       #7

    Maybe those malware has some left over keys on the Registry that are still causing problems.
      My Computer


  8. Posts : 24,479
    Windows 7 Ultimate X64 SP1
       #8

    Ok please let us know how it goes for you.
    What is Vipre? Is that a non-US product, new to me. :)
      My Computer


  9. Posts : 10,994
    Win 7 Pro 64-bit
       #9

    Britton30 said:
    Ok please let us know how it goes for you.
    What is Vipre? Is that a non-US product, new to me. :)
    Antivirus Software - VIPRE Antivirus Download a Free Trial
      My Computer


  10. Posts : 6
    Windows 7
       #10

    Get the kaspersky boot disc. This will boot off itself and scan and clean your HDD. Then you can reinstall OS. Looks like all partitions are infected by the virus. If the other method isn't possible, you can install ESET Smart security, update it and do a full scan
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 21:06.
Find Us