Help! need help to remove some malware called colexity777 espeak911 and 37.220.36.34

Alext114 · September 2, 2012

I used combofix already and malware is still there and idk what to do please help

here is my combofix log:

ComboFix 12-08-31.08 - pETER 09/02/2012 0:23.3.8 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.2820 [GMT -4:00]

Running from: c:\users\pETER\Downloads\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\svchost.exe

.

((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))

.

2012-09-02 04:27 . 2012-09-02 04:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-01 18:43 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-09-01 18:43 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-09-01 18:43 . 2012-08-21 09:13 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys

2012-09-01 18:42 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-09-01 18:42 . 2012-08-21 09:13 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2012-09-01 18:42 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-09-01 18:42 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-09-01 18:42 . 2012-08-21 09:13 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2012-09-01 18:42 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-09-01 18:42 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-09-01 18:41 . 2012-07-13 10:47 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2012-09-01 18:41 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr

2012-09-01 18:41 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-09-01 18:40 . 2012-09-01 18:40 -------- d-----w- c:\programdata\AVAST Software

2012-09-01 18:40 . 2012-09-01 18:40 -------- d-----w- c:\program files\AVAST Software

2012-08-31 17:42 . 2012-09-02 01:54 -------- d-----w- c:\windows\system32\appmgmt

2012-08-31 13:35 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61305CDC-DC25-4510-9DA8-663ED4ECBBC2}\mpengine.dll

2012-08-29 13:06 . 2012-08-29 13:06 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-08-29 13:05 . 2012-08-29 13:06 -------- d-----w- c:\program files\NVIDIA Corporation

2012-08-29 13:04 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll

2012-08-29 02:23 . 2012-08-29 02:25 -------- d-----w- c:\program files (x86)\7-Zip

2012-08-27 21:31 . 2012-08-27 23:09 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-08-27 21:03 . 2012-08-27 21:03 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-08-25 18:18 . 2012-08-25 18:18 -------- d-----w- c:\windows\SysWow64\Wat

2012-08-25 18:18 . 2012-08-25 18:18 -------- d-----w- c:\windows\system32\Wat

2012-08-25 16:07 . 2012-08-29 15:58 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-25 16:07 . 2012-08-29 15:58 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-25 16:07 . 2012-08-25 16:07 -------- d-----w- c:\windows\SysWow64\Macromed

2012-08-25 16:07 . 2012-08-25 16:07 -------- d-----w- c:\windows\system32\Macromed

2012-08-25 16:07 . 2012-08-25 16:07 -------- d--h--w- c:\windows\AxInstSV

2012-08-25 14:10 . 2012-08-25 11:39 -------- d-----w- c:\windows\Panther

2012-08-25 14:01 . 2012-09-02 03:26 -------- d-----w- C:\Windows.old.001

2012-08-25 12:35 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2012-08-25 12:35 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2012-08-25 12:27 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll

2012-08-25 12:27 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll

2012-08-25 12:22 . 2012-08-25 12:22 -------- d-----w- c:\program files (x86)\Common Files\logishrd

2012-08-25 12:19 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2012-08-25 12:19 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2012-08-25 12:19 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2012-08-25 12:19 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2012-08-25 12:19 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2012-08-25 12:19 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2012-08-25 12:19 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-08-25 12:19 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2012-08-25 12:19 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2012-08-25 12:19 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2012-08-25 12:14 . 2012-08-25 12:22 -------- d-----w- c:\program files\Common Files\logishrd

2012-08-25 12:12 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-08-25 12:12 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-08-25 12:12 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-08-25 12:12 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll

2012-08-25 12:12 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-25 12:12 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-08-25 12:12 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-08-25 12:08 . 2012-08-03 08:27 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-08-25 12:08 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2012-08-25 12:08 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys

2012-08-25 12:06 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-25 12:05 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2012-08-25 12:04 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll

2012-08-25 11:56 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll

2012-08-25 11:56 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-08-25 11:55 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll

2012-08-25 11:55 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll

2012-08-25 11:55 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2012-08-25 11:55 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-08-25 11:44 . 2012-08-25 11:44 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-08-25 11:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-08-25 11:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-08-25 11:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-08-25 11:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-08-25 11:40 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-08-25 11:40 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-08-25 11:40 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-08-25 11:40 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-25 11:40 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-08-25 11:39 . 2012-09-02 02:08 -------- d-----w- c:\users\pETER

2012-08-25 10:39 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((( SnapShot@2012-09-02_03.53.03 )))))))))))))))))))))))))))))))))))))))))

.

- 2012-08-25 13:24 . 2012-09-02 03:42 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2012-08-25 13:24 . 2012-09-02 04:09 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2012-08-25 16:06 . 2012-09-02 04:17 15780 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-09-02 04:17 32142 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-08-25 16:06 . 2012-09-02 04:17 4998 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3990207539-2313557210-1559523351-1001_UserData.bin

- 2012-09-02 03:51 . 2012-09-02 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-09-02 04:28 . 2012-09-02 04:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-09-02 04:28 . 2012-09-02 04:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-09-02 03:51 . 2012-09-02 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-25 10:26 . 2012-09-02 04:09 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2012-08-25 10:26 . 2012-09-02 03:42 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 04:54 . 2012-09-02 04:31 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-09-02 03:52 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 02:36 . 2012-09-02 00:57 623940 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-09-02 04:20 623940 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-09-02 00:57 106316 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-09-02 04:20 106316 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-09-02 04:27 230004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-09-02 03:50 230004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-08-25 18:18 . 2012-09-02 04:14 2119392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3990207539-2313557210-1559523351-1001-8192.dat

+ 2012-08-25 16:00 . 2012-09-02 04:27 4020324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

- 2012-08-25 16:00 . 2012-09-02 03:50 4020324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

+ 2009-07-14 04:54 . 2012-09-02 04:31 10862592 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-09-02 03:52 10862592 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-09-02 04:31 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-09-02 03:52 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 02:34 . 2012-09-02 02:56 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2012-09-02 04:06 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 250568]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-25 1255736]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-07-13 12368]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-08-21 133912]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

S3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 15:58]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 167.206.245.129 167.206.245.130

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:71,f7,d2,a4,df,82,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\\.\globalroot\systemroot\svchost.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

.

**************************************************************************

.

Completion time: 2012-09-02 00:34:58 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-02 04:34

ComboFix2.txt 2012-09-02 04:20

ComboFix3.txt 2012-09-02 03:56

.

Pre-Run: 947,568,750,592 bytes free

Post-Run: 947,242,090,496 bytes free

.

- - End Of File - - 25DECCCE755CE1517A7268610D4DAFF4

aliB · September 2, 2012

hi :welcome:

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN[/b[

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
%systemdrive%\$Recycle.Bin|@;true;true;true
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs

AdvancedSetup · September 3, 2012

Topic closed, user already being helped here:

http://forums.malwarebytes.org/index.php?showtopic=115197

Sign In

Help! need help to remove some malware called colexity777 espeak911 and 37.220.36.34

Recommended Posts

Alext114

Link to post

Share on other sites

aliB

Link to post

Share on other sites

AdvancedSetup

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information