Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Police Ransom Virus
Message
<blockquote data-quote="edward1" data-source="post: 96548" data-attributes="member: 4314"><p>Success, I hope. Here are the logs:-</p><p>Rkill 2.4.5 by Lawrence Abrams (Grinler)</p><p>http://www.bleepingcomputer.com/</p><p>Copyright 2008-2013 BleepingComputer.com</p><p>More Information about Rkill can be found at this link:</p><p> http://www.bleepingcomputer.com/forums/topic308364.html</p><p></p><p>Program started at: 01/14/2013 07:39:46 PM in x86 mode.</p><p>Windows Version: Microsoft Windows XP Service Pack 3</p><p></p><p>Checking for Windows services to stop:</p><p></p><p> * No malware services found to stop.</p><p></p><p>Checking for processes to terminate:</p><p></p><p> * No malware processes found to kill.</p><p></p><p>Checking Registry for malware related settings:</p><p></p><p> * No issues found in the Registry.</p><p></p><p>Resetting .EXE, .COM, & .BAT associations in the Windows Registry.</p><p></p><p>Performing miscellaneous checks:</p><p></p><p> * No issues found.</p><p></p><p>Checking Windows Service Integrity: </p><p></p><p> * AFD (AFD) is not Running.</p><p> Startup Type set to: System</p><p></p><p> * DHCP Client (Dhcp) is not Running.</p><p> Startup Type set to: Automatic</p><p></p><p> * DNS Client (Dnscache) is not Running.</p><p> Startup Type set to: Automatic</p><p></p><p> * COM+ Event System (EventSystem) is not Running.</p><p> Startup Type set to: Manual</p><p></p><p> * Network Connections (Netman) is not Running.</p><p> Startup Type set to: Manual</p><p></p><p> * Security Center (wscsvc) is not Running.</p><p> Startup Type set to: Automatic</p><p></p><p> * Automatic Updates (wuauserv) is not Running.</p><p> Startup Type set to: Automatic</p><p></p><p> * AFD (AFD) is not Running.</p><p> Startup Type set to: System</p><p></p><p> * IPSEC driver (IPSec) is not Running.</p><p> Startup Type set to: System</p><p></p><p> * NetBios over Tcpip (NetBT) is not Running.</p><p> Startup Type set to: System</p><p></p><p> * TCP/IP Protocol Driver (Tcpip) is not Running.</p><p> Startup Type set to: System</p><p></p><p> * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]</p><p></p><p>Searching for Missing Digital Signatures: </p><p></p><p> * No issues found.</p><p></p><p>Checking HOSTS File: </p><p></p><p> * HOSTS file entries found: </p><p></p><p> ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t </p><p> </p><p> : : 1 l o c a l h o s t </p><p> </p><p> </p><p></p><p>Program finished at: 01/14/2013 07:40:54 PM</p><p>Execution time: 0 hours(s), 1 minute(s), and 8 seconds(s)</p><p></p><p>ComboFix 13-01-14.01 - Administrator 14/01/2013 19:51:53.3.2 - x86 MINIMAL</p><p>Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.819 [GMT 0:00]</p><p>Running from: D:\ComboFix.exe</p><p>AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}</p><p>FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2013-01-14 17:03 . 2013-01-14 17:03 -------- d-----w- C:\_OTL</p><p>2013-01-14 16:32 . 2013-01-14 16:32 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys</p><p>2013-01-13 19:35 . 2013-01-13 19:35 -------- d-----w- C:\eeepcfr</p><p>2013-01-12 09:21 . 2013-01-12 09:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla</p><p>2013-01-09 10:57 . 2013-01-09 10:57 -------- d-----w- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth</p><p>2013-01-06 15:58 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys</p><p>2013-01-06 15:11 . 2013-01-06 15:11 -------- d-----w- c:\program files\ERUNT</p><p>2013-01-05 09:59 . 2013-01-05 09:59 -------- d-----w- c:\documents and settings\Jane\Application Data\SUPERAntiSpyware.com</p><p>2013-01-05 09:59 . 2013-01-05 09:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com</p><p>2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc</p><p>2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss</p><p>2012-12-31 10:20 . 2012-12-31 10:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes</p><p>2012-12-31 08:52 . 2013-01-05 21:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro</p><p>2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\documents and settings\Jane\Application Data\Malwarebytes</p><p>2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes</p><p>2012-12-29 12:13 . 2013-01-06 16:22 -------- d-----w- c:\program files\GridinSoft Trojan Killer</p><p>2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll</p><p>2012-12-18 11:44 . 2012-12-18 11:44 -------- d-----w- c:\program files\Common Files\xing shared</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2013-01-08 23:09 . 2012-03-31 16:24 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe</p><p>2013-01-08 23:09 . 2012-01-13 09:02 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl</p><p>2012-12-18 11:43 . 2009-05-21 19:21 499712 ----a-w- c:\windows\system32\msvcp71.dll</p><p>2012-12-18 11:43 . 2009-05-21 17:57 348160 ----a-w- c:\windows\system32\msvcr71.dll</p><p>2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll</p><p>2012-12-03 15:40 . 2012-12-04 16:46 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll</p><p>2012-12-03 15:40 . 2012-10-19 14:19 5955584 ----a-w- c:\windows\system32\nvopencl.dll</p><p>2012-12-03 15:40 . 2012-10-19 14:19 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll</p><p>2012-12-03 15:40 . 2012-02-09 21:40 7606272 ----a-w- c:\windows\system32\nvcuda.dll</p><p>2012-12-03 15:40 . 2012-02-09 21:40 2611560 ----a-w- c:\windows\system32\nvcuvid.dll</p><p>2012-12-03 15:40 . 2012-02-09 21:40 2441728 ----a-w- c:\windows\system32\nvapi.dll</p><p>2012-12-03 15:40 . 2012-02-09 21:40 19460096 ----a-w- c:\windows\system32\nvoglnt.dll</p><p>2012-12-03 15:40 . 2012-02-09 21:40 17551360 ----a-w- c:\windows\system32\nvcompiler.dll</p><p>2012-12-03 15:40 . 2012-02-09 21:40 1011048 ----a-w- c:\windows\system32\nvdispco32.dll</p><p>2012-12-03 15:40 . 2011-04-11 09:51 11053992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys</p><p>2012-12-03 15:40 . 2008-04-14 00:12 4153600 ----a-w- c:\windows\system32\nv4_disp.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrscs.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 286720 ----a-w- c:\windows\system32\nvrsfr.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsnl.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrstr.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssl.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 278528 ----a-w- c:\windows\system32\nvrsde.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsda.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsit.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsth.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrssv.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrsfi.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 229376 ----a-w- c:\windows\system32\nvrszhc.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrsar.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsru.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsptb.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssk.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrspl.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsel.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrshe.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrspt.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 266240 ----a-w- c:\windows\system32\nvrsko.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 262144 ----a-w- c:\windows\system32\nvrshu.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsno.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrses.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrseng.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsja.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 126976 ----a-w- c:\windows\system32\nvrszht.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsesm.dll</p><p>2012-12-01 04:53 . 2012-10-19 14:22 15524712 ----a-w- c:\windows\system32\nvcpl.dll</p><p>2012-12-01 04:53 . 2012-10-19 14:22 164712 ----a-w- c:\windows\system32\nvsvc32.exe</p><p>2012-12-01 04:53 . 2012-10-19 14:22 143720 ----a-w- c:\windows\system32\nvcolor.exe</p><p>2012-12-01 04:53 . 2012-10-19 14:22 108392 ----a-w- c:\windows\system32\nvmctray.dll</p><p>2012-12-01 04:52 . 2012-10-19 14:22 54272 ----a-w- c:\windows\system32\nvwddi.dll</p><p>2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys</p><p>2012-11-06 02:01 . 2008-04-14 00:12 1371648 ----a-w- c:\windows\system32\msxml6.dll</p><p>2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll</p><p>2012-11-01 12:17 . 2004-09-29 18:47 916992 ----a-w- c:\windows\system32\wininet.dll</p><p>2012-11-01 12:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll</p><p>2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl</p><p>2012-11-01 00:35 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec</p><p>2012-10-30 22:51 . 2012-07-11 13:47 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys</p><p>2012-10-30 22:51 . 2012-07-11 13:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys</p><p>2012-10-30 22:51 . 2012-07-11 13:47 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys</p><p>2012-10-30 22:51 . 2012-07-11 13:47 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys</p><p>2012-10-30 22:51 . 2012-07-11 13:47 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys</p><p>2012-10-30 22:51 . 2012-07-11 13:47 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys</p><p>2012-10-30 22:51 . 2012-07-11 13:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys</p><p>2012-10-30 22:51 . 2012-07-11 13:47 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys</p><p>2012-10-30 22:51 . 2012-07-11 13:46 41224 ----a-w- c:\windows\avastSS.scr</p><p>2012-10-30 22:50 . 2012-07-11 13:46 227648 ----a-w- c:\windows\system32\aswBoot.exe</p><p>2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx</p><p>2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\system32\QuickTime.qts</p><p>2013-01-12 09:52 . 2013-01-12 09:50 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]</p><p>@="{472083B0-C522-11CF-8763-00608CC02F24}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]</p><p>2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]</p><p>"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]</p><p>"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]</p><p>"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]</p><p>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]</p><p>"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]</p><p>"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]</p><p>"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]</p><p>"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]</p><p>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]</p><p>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]</p><p>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-01 15524712]</p><p>"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-12-01 108392]</p><p>"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-03 1982312]</p><p>"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]</p><p>"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-12-18 295072]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]</p><p>"Z1"="c:\documents and settings\Jane\Desktop\MAK\mbar\mbar.exe" [2013-01-09 1356360]</p><p>.</p><p>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]</p><p>@="Service"</p><p>.</p><p>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]</p><p>"%windir%\\system32\\sessmgr.exe"=</p><p>"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=</p><p>"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=</p><p>"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=</p><p>"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=</p><p>"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=</p><p>"%windir%\\Network Diagnostic\\xpnetdiag.exe"=</p><p>"c:\\Program Files\\Deluge\\deluge.exe"=</p><p>"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=</p><p>"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=</p><p>"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=</p><p>"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=</p><p>"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=</p><p>.</p><p>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]</p><p>"AllowInboundRouterRequest"= 1 (0x1)</p><p>"AllowOutboundDestinationUnreachable"= 1 (0x1)</p><p>.</p><p>S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [21/11/2012 00:53 17904]</p><p>S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/07/2012 13:47 738504]</p><p>S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/07/2012 13:47 361032]</p><p>S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]</p><p>S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]</p><p>S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]</p><p>S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [21/11/2012 00:53 3069752]</p><p>S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/07/2012 13:47 21256]</p><p>S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [06/01/2013 15:58 398184]</p><p>S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28/04/2010 20:24 682344]</p><p>S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [09/08/2012 12:02 38608]</p><p>S2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]</p><p>S2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]</p><p>S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23/01/2012 04:43 92592]</p><p>S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [21/11/2012 00:53 54072]</p><p>S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [14/01/2013 16:32 35144]</p><p>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/01/2013 15:58 21104]</p><p>S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/04/2012 18:48 137600]</p><p>S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17/04/2012 18:48 8576]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</p><p>hpdevmgmt REG_MULTI_SZ hpqcxs08</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]</p><p>2013-01-12 20:13 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:09]</p><p>.</p><p>2012-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job</p><p>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]</p><p>.</p><p>2013-01-14 c:\windows\Tasks\avast! Emergency Update.job</p><p>- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-11 22:50]</p><p>.</p><p>2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47]</p><p>.</p><p>2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47]</p><p>.</p><p>2012-12-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job</p><p>- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 15:52]</p><p>.</p><p>2013-01-08 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-08-09 12:04]</p><p>.</p><p>2013-01-14 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02]</p><p>.</p><p>2013-01-14 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02]</p><p>.</p><p>2013-01-14 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]</p><p>.</p><p>2013-01-12 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]</p><p>.</p><p>2013-01-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]</p><p>.</p><p>2012-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]</p><p>.</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>mStart Page = hxxp://www.google.com</p><p>TCP: DhcpNameServer = 192.168.1.1</p><p>FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vaynlbab.default\</p><p>.</p><p>.</p><p>**************************************************************************</p><p>.</p><p>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</p><p>Rootkit scan 2013-01-14 20:01</p><p>Windows 5.1.2600 Service Pack 3 NTFS</p><p>.</p><p>scanning hidden processes ... </p><p>.</p><p>scanning hidden autostart entries ... </p><p>.</p><p>scanning hidden files ... </p><p>.</p><p>scan completed successfully</p><p>hidden files: 0</p><p>.</p><p>**************************************************************************</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</p><p>@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*]</p><p>"jabjhlfinlaeedbeehda"=hex:6a,61,70,61,6f,6f,62,63,62,66,63,6f,70,6b,62,63,68,</p><p> 69,67,68,00,fa</p><p>"iabjnjpdmjongamdek"=hex:6a,61,70,61,6e,6c,6f,62,70,62,64,6d,6c,64,6e,66,6d,61,</p><p> 61,69,00,f8</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker5"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]</p><p>@="?????????????????? v1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]</p><p>@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]</p><p>@="?????????????????? v2"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]</p><p>@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"</p><p>.</p><p>--------------------- DLLs Loaded Under Running Processes ---------------------</p><p>.</p><p>- - - - - - - > 'explorer.exe'(856)</p><p>c:\windows\system32\WININET.dll</p><p>c:\windows\system32\ieframe.dll</p><p>.</p><p>Completion time: 2013-01-14 20:03:33</p><p>ComboFix-quarantined-files.txt 2013-01-14 20:03</p><p>ComboFix2.txt 2013-01-07 20:53</p><p>ComboFix3.txt 2013-01-05 12:42</p><p>.</p><p>Pre-Run: 172,258,463,744 bytes free</p><p>Post-Run: 176,002,314,240 bytes free</p><p>.</p><p>- - End Of File - - 032081EC98AF9CE97CF5B56DABEEACF5</p></blockquote><p></p>
[QUOTE="edward1, post: 96548, member: 4314"] Success, I hope. Here are the logs:- Rkill 2.4.5 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 01/14/2013 07:39:46 PM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 3 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * AFD (AFD) is not Running. Startup Type set to: System * DHCP Client (Dhcp) is not Running. Startup Type set to: Automatic * DNS Client (Dnscache) is not Running. Startup Type set to: Automatic * COM+ Event System (EventSystem) is not Running. Startup Type set to: Manual * Network Connections (Netman) is not Running. Startup Type set to: Manual * Security Center (wscsvc) is not Running. Startup Type set to: Automatic * Automatic Updates (wuauserv) is not Running. Startup Type set to: Automatic * AFD (AFD) is not Running. Startup Type set to: System * IPSEC driver (IPSec) is not Running. Startup Type set to: System * NetBios over Tcpip (NetBT) is not Running. Startup Type set to: System * TCP/IP Protocol Driver (Tcpip) is not Running. Startup Type set to: System * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t : : 1 l o c a l h o s t Program finished at: 01/14/2013 07:40:54 PM Execution time: 0 hours(s), 1 minute(s), and 8 seconds(s) ComboFix 13-01-14.01 - Administrator 14/01/2013 19:51:53.3.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.819 [GMT 0:00] Running from: D:\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 ))))))))))))))))))))))))))))))) . . 2013-01-14 17:03 . 2013-01-14 17:03 -------- d-----w- C:\_OTL 2013-01-14 16:32 . 2013-01-14 16:32 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-01-13 19:35 . 2013-01-13 19:35 -------- d-----w- C:\eeepcfr 2013-01-12 09:21 . 2013-01-12 09:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2013-01-09 10:57 . 2013-01-09 10:57 -------- d-----w- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth 2013-01-06 15:58 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-06 15:11 . 2013-01-06 15:11 -------- d-----w- c:\program files\ERUNT 2013-01-05 09:59 . 2013-01-05 09:59 -------- d-----w- c:\documents and settings\Jane\Application Data\SUPERAntiSpyware.com 2013-01-05 09:59 . 2013-01-05 09:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com 2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc 2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss 2012-12-31 10:20 . 2012-12-31 10:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2012-12-31 08:52 . 2013-01-05 21:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro 2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\documents and settings\Jane\Application Data\Malwarebytes 2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2012-12-29 12:13 . 2013-01-06 16:22 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2012-12-18 11:44 . 2012-12-18 11:44 -------- d-----w- c:\program files\Common Files\xing shared . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-08 23:09 . 2012-03-31 16:24 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-08 23:09 . 2012-01-13 09:02 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-18 11:43 . 2009-05-21 19:21 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-12-18 11:43 . 2009-05-21 17:57 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-03 15:40 . 2012-12-04 16:46 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-12-03 15:40 . 2012-10-19 14:19 5955584 ----a-w- c:\windows\system32\nvopencl.dll 2012-12-03 15:40 . 2012-10-19 14:19 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll 2012-12-03 15:40 . 2012-02-09 21:40 7606272 ----a-w- c:\windows\system32\nvcuda.dll 2012-12-03 15:40 . 2012-02-09 21:40 2611560 ----a-w- c:\windows\system32\nvcuvid.dll 2012-12-03 15:40 . 2012-02-09 21:40 2441728 ----a-w- c:\windows\system32\nvapi.dll 2012-12-03 15:40 . 2012-02-09 21:40 19460096 ----a-w- c:\windows\system32\nvoglnt.dll 2012-12-03 15:40 . 2012-02-09 21:40 17551360 ----a-w- c:\windows\system32\nvcompiler.dll 2012-12-03 15:40 . 2012-02-09 21:40 1011048 ----a-w- c:\windows\system32\nvdispco32.dll 2012-12-03 15:40 . 2011-04-11 09:51 11053992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-12-03 15:40 . 2008-04-14 00:12 4153600 ----a-w- c:\windows\system32\nv4_disp.dll 2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrscs.dll 2012-12-01 04:56 . 2012-12-04 16:52 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrstr.dll 2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssl.dll 2012-12-01 04:56 . 2012-12-04 16:52 278528 ----a-w- c:\windows\system32\nvrsde.dll 2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsda.dll 2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsit.dll 2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsth.dll 2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrssv.dll 2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2012-12-01 04:56 . 2012-12-04 16:52 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrsar.dll 2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsru.dll 2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssk.dll 2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrspl.dll 2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsel.dll 2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrshe.dll 2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrspt.dll 2012-12-01 04:56 . 2012-12-04 16:52 266240 ----a-w- c:\windows\system32\nvrsko.dll 2012-12-01 04:56 . 2012-12-04 16:52 262144 ----a-w- c:\windows\system32\nvrshu.dll 2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsno.dll 2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrses.dll 2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrseng.dll 2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsja.dll 2012-12-01 04:56 . 2012-12-04 16:52 126976 ----a-w- c:\windows\system32\nvrszht.dll 2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2012-12-01 04:53 . 2012-10-19 14:22 15524712 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-01 04:53 . 2012-10-19 14:22 164712 ----a-w- c:\windows\system32\nvsvc32.exe 2012-12-01 04:53 . 2012-10-19 14:22 143720 ----a-w- c:\windows\system32\nvcolor.exe 2012-12-01 04:53 . 2012-10-19 14:22 108392 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-01 04:52 . 2012-10-19 14:22 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:01 . 2008-04-14 00:12 1371648 ----a-w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-09-29 18:47 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2012-10-30 22:51 . 2012-07-11 13:47 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2012-07-11 13:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2012-07-11 13:47 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-10-30 22:51 . 2012-07-11 13:47 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2012-07-11 13:47 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-10-30 22:51 . 2012-07-11 13:47 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-10-30 22:51 . 2012-07-11 13:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2012-07-11 13:47 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-10-30 22:51 . 2012-07-11 13:46 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2012-07-11 13:46 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-01-12 09:52 . 2013-01-12 09:50 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-01 15524712] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-12-01 108392] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-03 1982312] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-12-18 295072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Z1"="c:\documents and settings\Jane\Desktop\MAK\mbar\mbar.exe" [2013-01-09 1356360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"= "c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"= "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"= "c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Deluge\\deluge.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) . S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [21/11/2012 00:53 17904] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/07/2012 13:47 738504] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/07/2012 13:47 361032] S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656] S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [21/11/2012 00:53 3069752] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/07/2012 13:47 21256] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [06/01/2013 15:58 398184] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28/04/2010 20:24 682344] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [09/08/2012 12:02 38608] S2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016] S2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23/01/2012 04:43 92592] S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [21/11/2012 00:53 54072] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [14/01/2013 16:32 35144] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/01/2013 15:58 21104] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/04/2012 18:48 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17/04/2012 18:48 8576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-12 20:13 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:09] . 2012-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2013-01-14 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-11 22:50] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47] . 2012-12-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 15:52] . 2013-01-08 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-08-09 12:04] . 2013-01-14 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02] . 2013-01-14 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02] . 2013-01-14 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30] . 2013-01-12 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30] . 2013-01-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30] . 2012-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30] . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.google.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vaynlbab.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-14 20:01 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*] "jabjhlfinlaeedbeehda"=hex:6a,61,70,61,6f,6f,62,63,62,66,63,6f,70,6b,62,63,68, 69,67,68,00,fa "iabjnjpdmjongamdek"=hex:6a,61,70,61,6e,6c,6f,62,70,62,64,6d,6c,64,6e,66,6d,61, 61,69,00,f8 . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(856) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . Completion time: 2013-01-14 20:03:33 ComboFix-quarantined-files.txt 2013-01-14 20:03 ComboFix2.txt 2013-01-07 20:53 ComboFix3.txt 2013-01-05 12:42 . Pre-Run: 172,258,463,744 bytes free Post-Run: 176,002,314,240 bytes free . - - End Of File - - 032081EC98AF9CE97CF5B56DABEEACF5 [/QUOTE]
Insert quotes…
Verification
Post reply
Top
