I have a serious infection

waddler_8 · 28 September 2011 at 1:04AM

samdd wrote: »

Deleted LimeRunner folder.

What about the file. Did avast run a scan when you installed it? Find anything?

Give MBAM another run with a quick scan.

I'm off to bed too.

samdd · 28 September 2011 at 3:06PM

waddler_8 wrote: »

What about the file. Did avast run a scan when you installed it? Find anything?

Give MBAM another run with a quick scan.

I'm off to bed too.

Yes, i think avast found this one.

The system is running very sweet atm with no redirects within the last 7 hours of constant use. The only thing i would say is that the start-up welcome screen hangs a little more than usual but i can live with that.

As planned. Ares has gone and my son has been read the riot act:rotfl:
I thought it a good idea to do a few scans this morning so that the techs are able to cast an eye as to what's what and maybe let me know if there is anything that i should be concerned about.

Here is the Mbam report

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7814

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

28/09/2011 13:39:45
mbam-log-2011-09-28 (13-39-45).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 496816
Time elapsed: 3 hour(s), 7 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is the DDS log.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Kev B at 13:47:19 on 2011-09-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2038.787 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
svchost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
svchost.exe
svchost.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
svchost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVS4YOU\AVSScreenCapture\AVSScreenCapture.exe
svchost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{528E4786-4344-46FB-BE69-14D5B7F10E6C} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6756A43C-7C73-4AE5-BFBB-0A7324897F63} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kev b\appdata\roaming\mozilla\firefox\profiles\ic1tlj6a.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-28 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-28 320856]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-28 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-28 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-28 44768]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2011-9-3 1740696]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-26 366152]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-9-3 73216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-14 22216]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-14 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-9-3 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-9-3 11136]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2011-9-3 353280]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-14 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-10-14 9216]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-24 52224]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2011-5-10 252032]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2011-5-10 398720]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-17 1343400]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-10-14 114688]
.
=============== Created Last 30 ================
.
2011-09-28 10:45:59
d
w- c:\windows\pss
2011-09-28 09:28:06 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{298e49a8-35fb-4712-ad05-d47aae93359c}\offreg.dll
2011-09-27 23:23:34 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-27 23:23:29 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-27 23:22:19 41184 ----a-w- c:\windows\avastSS.scr
2011-09-27 23:22:08
d
w- c:\programdata\AVAST Software
2011-09-27 23:22:08
d
w- c:\program files\AVAST Software
2011-09-27 22:03:12 388096 ----a-r- c:\users\kev b\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-27 22:03:12
d
w- c:\program files\Trend Micro
2011-09-27 21:02:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-09-27 20:54:49
d-sh--w- C:\$RECYCLE.BIN
2011-09-27 19:25:40 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-09-27 19:22:55 98816 ----a-w- c:\windows\sed.exe
2011-09-27 19:22:55 518144 ----a-w- c:\windows\SWREG.exe
2011-09-27 19:22:55 256000 ----a-w- c:\windows\PEV.exe
2011-09-27 19:22:55 208896 ----a-w- c:\windows\MBR.exe
2011-09-27 15:53:46 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{298e49a8-35fb-4712-ad05-d47aae93359c}\mpengine.dll
2011-09-26 22:11:31 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-26 22:11:31
d
w- c:\program files\Hitman Pro 3.5
2011-09-26 22:11:06
d
w- c:\programdata\Hitman Pro
2011-09-26 17:11:06 159744 --sh--r- C:\siauh.exe
2011-09-24 11:01:48
d
w- c:\users\kev b\appdata\local\WinZip
2011-09-24 10:41:23 781272 ----a-w- c:\program files\mozilla firefox\sqlite3.dll
2011-09-24 10:41:05
d
w- c:\programdata\Premium
2011-09-24 10:41:04
d
w- c:\programdata\InstallMate
2011-09-23 17:38:11
d
w- c:\users\kev b\appdata\roaming\Thinstall
2011-09-23 09:15:36
d
w- c:\windows\Downloaded Installations
2011-09-09 01:10:26 57344
w- c:\windows\system32\mfc70enu.dll
2011-09-09 01:10:20
d
w- c:\program files\common files\Macromedia Shared
2011-09-09 01:10:18
d
w- c:\program files\common files\Macromedia
2011-09-09 01:09:56
d
w- c:\program files\Macromedia
2011-09-05 17:04:56 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-09-03 14:31:31
d
w- c:\users\kev b\appdata\roaming\Birdstep Technology
2011-09-03 14:31:26
d
w- c:\programdata\Birdstep Technology
2011-09-03 14:29:16
d
w- c:\program files\3 Mobile Broadband
.
==================== Find3M ====================
.
2011-09-27 10:24:05 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-09-24 09:54:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-03 14:30:19 67156 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-23 15:44:16 681 ---ha-w- C:\os848618.bin
2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 04:29:46 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
============= FINISH: 13:50:12.70 ===============

Combofix log below....

samdd · 28 September 2011 at 3:10PM

To big to post in one post... more to follow.....

ComboFix 11-09-27.01 - Kev B 28/09/2011 13:56:38.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2038.1006 [GMT 1:00]
Running from: c:\users\Kev B\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-28 )))))))))))))))))))))))))))))))
.
.
2011-09-28 13:08 . 2011-09-28 13:08
d
w- c:\users\Default\AppData\Local\temp
2011-09-28 09:28 . 2011-09-28 09:28 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{298E49A8-35FB-4712-AD05-D47AAE93359C}\offreg.dll
2011-09-27 23:23 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-27 23:23 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-27 23:23 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-27 23:23 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-27 23:23 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-27 23:23 . 2011-09-06 20:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-27 23:22 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-27 23:22 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-27 23:22 . 2011-09-27 23:22
d
w- c:\programdata\AVAST Software
2011-09-27 23:22 . 2011-09-27 23:22
d
w- c:\program files\AVAST Software
2011-09-27 22:03 . 2011-09-27 22:03 388096 ----a-r- c:\users\Kev B\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-27 22:03 . 2011-09-27 22:03
d
w- c:\program files\Trend Micro
2011-09-27 21:02 . 2011-09-23 04:44 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-09-27 19:25 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-09-27 15:53 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{298E49A8-35FB-4712-AD05-D47AAE93359C}\mpengine.dll
2011-09-26 22:11 . 2011-09-27 21:09 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-26 22:11 . 2011-09-26 22:11
d
w- c:\program files\Hitman Pro 3.5
2011-09-26 22:11 . 2011-09-26 22:11
d
w- c:\programdata\Hitman Pro
2011-09-26 17:11 . 2011-09-26 17:11 159744 --sh--r- C:\siauh.exe
2011-09-26 12:52 . 2011-09-26 12:52
d
w- c:\windows\Sun
2011-09-24 11:01 . 2011-09-24 11:01
d
w- c:\users\Kev B\AppData\Local\WinZip
2011-09-24 10:41 . 2011-07-08 07:31 781272 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-09-24 10:41 . 2011-09-24 10:41
d
w- c:\programdata\Premium
2011-09-24 10:41 . 2011-09-24 10:41
d
w- c:\programdata\InstallMate
2011-09-24 10:14 . 2011-09-24 10:14
d
w- c:\program files\Adobe Media Player
2011-09-24 10:12 . 2011-09-24 10:12
d
w- c:\program files\Common Files\Adobe AIR
2011-09-23 17:38 . 2011-09-23 17:38
d
w- c:\users\Kev B\AppData\Roaming\Thinstall
2011-09-23 09:15 . 2011-09-27 12:26
d
w- c:\windows\Downloaded Installations
2011-09-14 00:51 . 2011-09-14 00:51
d
w- c:\users\Kev B\AppData\Roaming\Media Player Classic
2011-09-09 01:10 . 2011-09-09 01:10
d
w- c:\programdata\Macrovision
2011-09-09 01:10 . 2002-01-05 06:10 57344
w- c:\windows\system32\mfc70enu.dll
2011-09-09 01:10 . 2011-09-09 01:10
d
w- c:\program files\Common Files\Macromedia Shared
2011-09-09 01:10 . 2011-09-09 01:10
d
w- c:\program files\Common Files\Macromedia
2011-09-09 01:09 . 2011-09-09 01:09
d
w- c:\program files\Macromedia
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-03 14:31 . 2011-09-03 14:31
d
w- c:\users\Kev B\AppData\Roaming\Birdstep Technology
2011-09-03 14:31 . 2011-09-03 14:31
d
w- c:\programdata\Birdstep Technology
2011-09-03 14:29 . 2011-09-03 14:29
d
w- c:\program files\3 Mobile Broadband
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-27 10:24 . 2011-02-24 17:16 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-09-24 09:54 . 2011-06-04 23:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 16:00 . 2010-10-14 12:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 04:54 . 2011-08-10 09:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27 . 2011-08-10 09:55 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 09:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 09:55 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 09:55 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 09:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 04:29 . 2011-08-24 15:35 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:30 . 2011-08-10 09:55 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-09-23 04:44 . 2011-09-27 21:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-27_20.48.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-27 23:23 . 2011-09-27 23:23 51008 c:\windows\winsxs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a\vcomp90.dll
+ 2011-09-27 23:23 . 2011-09-27 23:23 59728 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90RUS.DLL
+ 2011-09-27 23:23 . 2011-09-27 23:23 42832 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90KOR.DLL
+ 2011-09-27 23:23 . 2011-09-27 23:23 43344 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90JPN.DLL
+ 2011-09-27 23:23 . 2011-09-27 23:23 61264 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ITA.DLL
+ 2011-09-27 23:23 . 2011-09-27 23:23 62800 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90FRA.DLL
+ 2011-09-27 23:23 . 2011-09-27 23:23 61760 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ESP.DLL
+ 2011-09-27 23:23 . 2011-09-27 23:23 61776 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ESN.DLL
+ 2011-09-27 23:23 . 2011-09-27 23:23 53568 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ENU.DLL
+ 2011-09-27 23:23 . 2011-09-27 23:23 63296 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90DEU.DLL
+ 2011-09-27 23:23 . 2011-09-27 23:23 36688 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90CHT.DLL
+ 2011-09-27 23:23 . 2011-09-27 23:23 35648 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90CHS.DLL
+ 2011-09-27 23:23 . 2011-09-27 23:23 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfcm90u.dll
+ 2011-09-27 23:23 . 2011-09-27 23:23 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfcm90.dll
+ 2010-10-14 11:48 . 2011-09-28 09:27 40352 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-09-28 09:27 43750 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-14 10:48 . 2011-09-28 09:27 11414 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1653054434-1350618669-3324376920-1000_UserData.bin
+ 2009-07-14 04:34 . 2011-09-28 09:28 91408 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-10-14 10:45 . 2011-09-28 13:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-14 10:45 . 2011-09-27 20:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-14 10:45 . 2011-09-28 13:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-14 10:45 . 2011-09-27 20:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-14 10:31 . 2011-09-27 19:26 2634 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-10-14 10:31 . 2011-09-28 09:23 2634 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-09-27 19:27 . 2011-09-27 20:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-28 09:25 . 2011-09-28 09:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-28 09:25 . 2011-09-28 09:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-27 19:27 . 2011-09-27 20:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-27 23:23 . 2011-09-27 23:23 653120 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
+ 2011-09-27 23:23 . 2011-09-27 23:23 569664 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
+ 2011-09-27 23:23 . 2011-09-27 23:23 225280 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcm90.dll
+ 2011-09-27 23:22 . 2011-09-27 23:22 159032 c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll
+ 2010-10-14 10:37 . 2011-09-28 12:40 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-10-14 10:37 . 2011-09-27 20:38 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-10-14 10:33 . 2011-09-28 12:40 311296 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-14 10:33 . 2011-09-27 20:38 311296 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:47 . 2011-09-27 19:26 515412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-09-28 09:23 515412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-12 11:16 . 2009-07-12 11:16 223232 c:\windows\Installer\1b8127.msi
+ 2011-09-27 23:23 . 2011-09-27 23:23 3780424 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll
+ 2011-09-27 23:23 . 2011-09-27 23:23 3765048 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90.dll
+ 2010-10-14 10:33 . 2011-09-28 12:40 3145728 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-14 10:33 . 2011-09-27 20:38 3145728 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2011-09-28 12:40 1540096 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2011-09-27 20:38 1540096 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:34 . 2011-09-28 09:28 7150542 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:34 . 2011-09-16 14:01 7150542 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-05-13 23:38 . 2011-09-28 09:23 2894508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1653054434-1350618669-3324376920-1000-8192.dat
- 2011-05-13 23:38 . 2011-09-27 19:26 2894508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1653054434-1350618669-3324376920-1000-8192.dat
+ 2011-09-27 22:02 . 2011-09-27 22:02 1402880 c:\windows\Installer\338b9f.msi
+ 2011-05-13 09:41 . 2011-09-27 23:23 29519922 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin
+ 2010-10-17 13:50 . 2011-09-27 21:04 47369160 c:\windows\System32\MRT.exe
.
-- Snapshot reset to current date --

samdd · 28 September 2011 at 3:11PM

Combofix log Pt2

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-09 1176064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2009-03-10 262144]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-7-23 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Kev B^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Kev B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [x]
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-14 135664]
R3 AntiZeroAccess;PrevX AntiZeroAccess Driver;c:\windows\system32\drivers\ZeroAccess.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-03-23 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-03-23 11136]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2011-03-23 353280]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-14 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-27 9216]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-03-11 252032]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-17 1343400]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-07-21 114688]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-03-23 1740696]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-03-23 73216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-14 12:16]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-14 12:16]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com/
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Kev B\AppData\Roaming\Mozilla\Firefox\Profiles\ic1tlj6a.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - https://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
.
.
.
LOCKED REGISTRY KEYS
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-28 14:18:11
ComboFix-quarantined-files.txt 2011-09-28 13:17
ComboFix2.txt 2011-09-27 20:56
.
Pre-Run: 108,187,426,816 bytes free
Post-Run: 108,131,598,336 bytes free
.
- - End Of File - - 4FA144BEF2D5990B14411C5B19374F31

TakeThis · 28 September 2011 at 3:39PM

Have you got those discs yet...or are you going to wait until it happens again?

Have a Recovery disc at hand.

Run a System File Check

samdd · 28 September 2011 at 4:15PM

TakeThis wrote: »

Have you got those discs yet...or are you going to wait until it happens again? Have a Recovery disc at hand.

Run a System File Check

Yes, i got the discs ready to burn.. I will be doing it over the weekend. :T

GunJack · 28 September 2011 at 5:30PM

nice one :beer: those logs look good now, well done on chastising son too

waddler_8 · 28 September 2011 at 5:34PM

That file is still there. Run this combofix script. You ran combofix with Avast enabled, you should temporarily disable it whilst combofix runs.

Open Notepad
Copy and paste the text present inside the code box below (Don't include Code:)
```
File:: 
C:\siauh.exe
```
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Temporarily disable your anti-virus (Avast), before following the steps below.
To disable your Avast, see here.
Drag CFScript.txt into ComboFix.exe as the screenshot above shows.
ComboFix will scan & may reboot when it finishes. Combofix.txt will open.
Copy and paste the contents of the log here.

samdd · 28 September 2011 at 5:55PM

To resolve the slow start up issue i downloaded the DeviceDoctor Bundle and ran a scan. It returned 15 drivers for update that took a cpl of hours to get through.

Start-up now boots in within half the time it used to and, windows is running much faster than it did before the infestation.

Once again guys.. thanks very much for your willingness to help. If i have any issues burning the rescue disc at the weekend i'll post here..

Result of the sfc scan.

samdd · 28 September 2011 at 5:57PM

waddler_8 wrote: »
That file is still there. Run this combofix script. You ran combofix with Avast enabled, you should temporarily disable it whilst combofix runs.
Open Notepad
Copy and paste the text present inside the code box below (Don't include Code:)
File:: 
C:\siauh.exe
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Temporarily disable your anti-virus (Avast), before following the steps below.

To disable your Avast, see here.

Drag CFScript.txt into ComboFix.exe as the screenshot above shows.

ComboFix will scan & may reboot when it finishes. Combofix.txt will open.

Copy and paste the contents of the log here.
　
　
　
　

OK ill have a go now at it.. Thanks for spotting the lagers:T..

I have a serious infection

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free