Jump to content

mreppert2418

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Reputation

0 Neutral
  1. mreppert2418
    Maniac, I followed your instructions and ran combofix. The log is pasted below. Regarding that other file, combofix deleted it during the process. Btw, my comp seems to be running better at this point. I understand there may still be a security risk, but I figured I'd let you know. ComboFix 12-06-14.01 - MattR 06/14/2012 20:43:36.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5942.4086 [GMT -4:00] Running from: c:\users\MattR\Downloads\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Downloaded Installers c:\program files (x86)\Downloaded Installers\{93E68D8C-DCD4-434E-99EB-15CE067C7B6D}\setup.msi c:\programdata\Roaming c:\users\MattR\AppData\Local\{9130e9fb-2f96-dc46-5f2b-1b817a456ea1} c:\users\MattR\AppData\Local\{9130e9fb-2f96-dc46-5f2b-1b817a456ea1}\@ c:\users\MattR\AppData\Local\{9130e9fb-2f96-dc46-5f2b-1b817a456ea1}\n c:\users\MattR\AppData\Local\{9130e9fb-2f96-dc46-5f2b-1b817a456ea1}\U\00000001.@ c:\users\MattR\AppData\Local\{9130e9fb-2f96-dc46-5f2b-1b817a456ea1}\U\80000000.@ c:\users\MattR\AppData\Local\{9130e9fb-2f96-dc46-5f2b-1b817a456ea1}\U\800000cb.@ c:\users\MattR\Documents\~WRL0003.tmp c:\users\MattR\fm1i9ix0ed.exe c:\users\MattR\g2mdlhlpx.exe c:\users\MattR\videos\GameHouse-Installer_am-jojosfashionshow_gamehouse_.exe c:\windows\SysWow64\drivers\hosts c:\windows\SysWow64\install.exe c:\windows\SysWow64\MailBee.dll c:\windows\SysWow64\SETDD29.tmp D:\install.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 ))))))))))))))))))))))))))))))) . . 2012-06-15 01:12 . 2012-06-15 01:12 -------- d-----w- c:\users\Malorie\AppData\Local\temp 2012-06-15 01:12 . 2012-06-15 01:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-15 00:26 . 2012-06-15 00:26 173616 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-06-15 00:26 . 2012-06-15 00:26 -------- d-----w- c:\program files\Symantec 2012-06-15 00:26 . 2012-06-15 00:26 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-06-12 11:01 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02C3F3BF-8302-42A5-BBCD-0EEA8C3D5827}\mpengine.dll 2012-06-09 19:02 . 2012-06-09 19:02 -------- d-----w- c:\users\MattR\AppData\Roaming\OpenOffice.org 2012-06-09 19:01 . 2012-06-09 19:01 -------- d-----w- c:\program files (x86)\OpenOffice.org 3 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-13 04:10 . 2012-05-13 04:10 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-13 04:10 . 2011-09-14 19:57 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-25 18:02 . 2012-04-25 18:02 43800 ----a-w- c:\windows\system32\drivers\Accelerometer.sys 2012-04-25 18:02 . 2012-04-25 18:02 31000 ----a-w- c:\windows\system32\hpservice.exe 2012-04-25 18:02 . 2012-04-25 18:02 21272 ----a-w- c:\windows\system32\accelerometerdll.DLL 2012-04-25 18:02 . 2012-04-25 18:02 18200 ----a-w- c:\windows\system32\HPMDPCoInst12.dll 2012-04-25 18:02 . 2009-07-08 19:49 30488 ----a-w- c:\windows\system32\drivers\hpdskflt.sys 2012-04-07 01:22 . 2010-11-23 00:29 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-04-07 01:22 . 2010-11-23 00:29 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-04-05 02:24 . 2010-11-26 18:45 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-04-04 19:56 . 2011-01-15 15:58 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-31 06:05 . 2012-05-11 01:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-31 04:39 . 2012-05-11 01:48 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-11 01:48 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-31 03:10 . 2012-05-11 01:48 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 11:35 . 2012-05-11 01:48 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-18 00:50 . 2012-03-18 00:50 348160 ----a-w- c:\windows\MSVCR71.DLL 2012-03-18 00:50 . 2012-03-18 00:50 1060864 ----a-w- c:\windows\MFC71.DLL 2012-03-18 00:50 . 2007-01-17 12:47 40960 ----a-w- c:\windows\SimTestDll.dll 2012-03-17 07:58 . 2012-05-11 01:48 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Valve\Steam\Steam.exe" [2011-08-13 1242448] "AtiTrayTools"="c:\program files (x86)\Ray Adams\ATI Tray Tools\atitray.exe" [2010-04-22 883200] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-20 210208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 atitray;atitray;c:\program files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys [2010-04-22 24224] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ALSysIO;ALSysIO;c:\users\MattR\AppData\Local\Temp\ALSysIO64.sys [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x] R3 cpuz130;cpuz130;c:\users\MattR\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 273168] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1200000.080\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1200000.080\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20100522.001\BHDrvx64.sys [2010-05-19 942640] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20100518.002\IDSVia64.sys [2010-05-18 463408] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1200000.080\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1200000.080\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-11-25 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [2010-05-23 126904] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-01 2533400] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176] S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-02-26 2669840] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x] S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\Netwsw00.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . Contents of the 'Scheduled Tasks' folder . 2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-150274333-4041907821-3193611646-1001Core.job - c:\users\MattR\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 18:32] . 2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-150274333-4041907821-3193611646-1001UA.job - c:\users\MattR\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 18:32] . 2012-06-06 c:\windows\Tasks\HPCeeScheduleForMalorie.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15] . 2012-06-08 c:\windows\Tasks\HPCeeScheduleForMattR.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-11-25 487424] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-19 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-19 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-19 415256] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-fm1i9ix0ed - c:\users\MattR\fm1i9ix0ed.exe Wow6432Node-HKCU-Run-Regedit32 - c:\windows\system32\regedit.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe . ************************************************************************** . Completion time: 2012-06-14 22:00:26 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-15 02:00 . Pre-Run: 21,935,951,872 bytes free Post-Run: 31,916,765,184 bytes free . - - End Of File - - DD2A504BEACFCA44DB9660D41D743431 Many thanks, MR
  2. mreppert2418
    Maniac, Thanks for the timely reply. I followed your instructions and have pasted the contents of the MBAM file below. I got a "post_too_long" message, and had to attach the TDSS file to get it through. I apologize for the inconvenience. Here's the MBAM log: Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.13.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 MattR :: MATTR-HP [administrator] Protection: Enabled 6/13/2012 1:33:08 PM mbam-log-2012-06-13 (13-33-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 272374 Time elapsed: 25 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\Windows\system32\regedit.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Users\MattR\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Users\MattR\Local Settings\emzhr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\MattR\Local Settings\Application Data\emzhr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\System32\regedit.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end) I also encountered a message upon restarting my computer (per MBAM instructions) that I've never seen before. "Do you want to allow the following program from an unknown publisher to make changes to this computer?" Program name: fm1i9ix0ed.exe, Publisher: unknown, File Origin: Hard drive on this computer, Program location:C:\Users\MattR\fm1i9ix0ed.exe. When I click "no", it comes right back up. It also stays in the foreground while I'm typing this. Thanks again for your help, MR TDSSKiller.2.7.36.0_13.06.2012_12.21.25_log.txt
  3. mreppert2418
    Greetings, For quite some time, I've been seeing a notice pop up saying "Malwarebytes Successfully blocked access to a potentially malicious website: 78.41.203.119." Type: Outgoing Port 59189, Process: svchost.exe (I believe the IP and port change from time to time, but the svchost seems to be the main culprit in my case.) I let it go since it was being "blocked". Obvious mistake . Today, received a letter from my ISP saying they've seen "large amounts of spam being sent via IP address". They may shut down my connection in a few days. So, I looked into the problem. I ran malwarebytes before I looked into the forum rules and it found the following: Trojan.FakeAlert - File - myuserfolder\AppData\Local\emzhr.exe Rootkit.0Access - File - myuserfolder\AppData\Local\Temp\msimg.dll Trojan.Agent - Registry Value - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 Trojan.Agent - File - C:\Windows\System32\regedit.exe Per the instructions, I have uploaded DDS.txt and Attach.txt as well. Thanks in advance for your help. MR Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.