Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/Spyware.....ComboFix Log


  • This topic is locked This topic is locked
3 replies to this topic

#1 Behzadk

Behzadk

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 01 July 2013 - 11:46 PM

Hello,

my computer is been acting wierd recently and after some searching I thought it got infected by malware or spyware since everytime I click on a link, some advertisement link (or it redirects me to some random sites) opens up instead of what i actually clicked to open!

Anyways I finally risked it all and ran the combofix and here is the log it gave me at the end, I have no idea what to do with it and i was wonderying if some could please help me since this is kinda annoying to deal with and I feel scared that whatever infected my computer might crash it. I would truly appreciate your help!

 

 

 

ComboFix 13-06-30.01 - owner 07/01/2013  17:45:09.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4058.2688 [GMT -7:00]
Running from: c:\users\owner\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Premium Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Premium Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Premium Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ReadOnlyInstaller.msi
c:\programdata\uninstaller.exe
c:\users\owner\AppData\Local\assembly\tmp
c:\users\owner\AppData\Local\HippoGeekSA
c:\users\owner\AppData\Local\HippoGeekSA\bin\1.0.4.0\copyright.txt
c:\users\owner\AppData\Local\HippoGeekSA\data\hippogeekSA.dat
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-02 to 2013-07-02  )))))))))))))))))))))))))))))))
.
.
2013-07-02 00:57 . 2013-07-02 00:57    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-02 00:57 . 2013-07-02 00:57    --------    d-----w-    c:\users\owner\AppData\Local\temp
2013-07-01 21:26 . 2013-07-01 21:27    --------    d-----w-    c:\programdata\Max Secure
2013-07-01 21:23 . 2013-07-01 21:23    --------    d-----w-    c:\users\owner\AppData\Local\Max Secure Software
2013-07-01 20:37 . 2013-07-01 20:37    --------    d-----w-    C:\$AVG
2013-07-01 20:37 . 2013-07-01 20:37    --------    d-----w-    c:\program files (x86)\AVG
2013-07-01 20:37 . 2013-07-01 21:24    --------    d-----w-    c:\users\owner\AppData\Roaming\GetRightToGo
2013-07-01 20:35 . 2013-07-02 00:41    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-07-01 20:35 . 2009-01-25 20:14    17272    ----a-w-    c:\windows\system32\sdnclean64.exe
2013-07-01 20:35 . 2013-07-01 20:38    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2013-07-01 02:01 . 2013-07-01 02:13    --------    d-----w-    c:\program files (x86)\EasyLife
2013-07-01 02:00 . 2013-07-01 16:15    --------    d-----w-    c:\programdata\InstallMate
2013-06-29 17:38 . 2013-06-29 17:37    312232    ----a-w-    c:\windows\system32\javaws.exe
2013-06-29 17:38 . 2013-06-29 17:37    108968    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-29 17:38 . 2013-06-29 17:37    189352    ----a-w-    c:\windows\system32\javaw.exe
2013-06-29 17:38 . 2013-06-29 17:37    188840    ----a-w-    c:\windows\system32\java.exe
2013-06-29 17:37 . 2013-06-29 17:37    --------    d-----w-    c:\program files\Java
2013-06-29 17:32 . 2013-06-29 17:32    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-06-29 17:32 . 2013-06-29 17:31    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-29 17:19 . 2013-07-01 04:12    76232    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{3ED66796-7D24-477D-8DAB-974DC2D20121}\offreg.dll
2013-06-28 14:06 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{3ED66796-7D24-477D-8DAB-974DC2D20121}\mpengine.dll
2013-06-22 23:48 . 2013-06-22 23:49    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-20 20:34 . 2013-05-20 21:08    2020352    ----a-w-    c:\windows\SysWow64\AppLicx86.ocx
2013-06-20 20:34 . 2013-06-21 22:17    --------    d-----w-    c:\program files (x86)\TopScoreProForDAT
2013-06-19 23:33 . 2013-06-19 23:33    --------    d-----w-    c:\programdata\Yahoo! Companion
2013-06-19 23:09 . 2013-06-19 23:09    --------    d-----w-    c:\programdata\McAfee
2013-06-19 23:08 . 2013-06-29 17:37    972712    ----a-w-    c:\windows\system32\deployJava1.dll
2013-06-19 23:08 . 2013-06-29 17:37    1093032    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-06-19 22:36 . 2013-06-27 23:15    378944    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-06-19 22:36 . 2013-05-09 08:59    33400    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-06-19 22:36 . 2013-05-09 08:59    72016    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-06-19 22:36 . 2013-06-27 23:15    1030952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-06-19 22:36 . 2013-05-09 08:59    64288    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-06-19 22:36 . 2013-06-27 23:15    189936    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-06-19 22:36 . 2013-05-09 08:59    65336    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-06-19 22:36 . 2013-05-09 08:59    80816    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-06-19 22:36 . 2013-05-09 08:58    287840    ----a-w-    c:\windows\system32\aswBoot.exe
2013-06-19 22:35 . 2013-05-09 08:58    41664    ----a-w-    c:\windows\avastSS.scr
2013-06-19 22:35 . 2013-06-19 22:35    --------    d-----w-    c:\program files\AVAST Software
2013-06-19 22:34 . 2013-06-19 22:35    --------    d-----w-    c:\programdata\AVAST Software
2013-06-17 06:41 . 2013-06-27 01:54    263576    ----a-w-    c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-17 02:09 . 2013-07-01 16:18    --------    d-----w-    c:\program files (x86)\Emsisoft Anti-Malware
2013-06-17 01:42 . 2013-06-17 01:42    --------    d-----w-    c:\program files (x86)\Common Files\Symantec Shared
2013-06-17 01:37 . 2013-06-17 01:37    --------    d-----w-    c:\programdata\Symantec
2013-06-17 01:37 . 2013-06-17 01:37    --------    d-----w-    c:\programdata\Norton
2013-06-17 01:25 . 2013-06-17 01:25    --------    d-----w-    c:\users\owner\AppData\Roaming\DealPly
2013-06-17 01:17 . 2013-06-17 01:17    --------    d-----w-    c:\users\owner\AppData\Roaming\Simply Super Software
2013-06-13 06:15 . 2013-06-08 14:08    279040    ----a-w-    c:\program files\Internet Explorer\sqmapi.dll
2013-06-13 04:27 . 2013-06-13 04:27    --------    d-----w-    c:\program files\iPod
2013-06-13 04:27 . 2013-06-13 04:28    --------    d-----w-    c:\program files\iTunes
2013-06-13 04:27 . 2013-06-13 04:28    --------    d-----w-    c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-29 17:31 . 2012-10-20 03:02    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-06-29 17:31 . 2012-04-19 00:06    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-06-19 23:09 . 2012-04-08 05:25    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-19 23:09 . 2012-02-24 01:49    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-17 02:33 . 2012-02-24 02:15    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-05-31 04:01 . 2013-05-31 04:01    40208    ----a-w-    c:\windows\system32\Partizan.exe
2013-05-31 03:58 . 2013-05-31 03:58    2    --shatr-    c:\windows\winstart.bat
2013-05-02 09:06 . 2012-02-23 23:52    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-05-01 10:59 . 2013-05-01 10:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59 . 2013-05-01 10:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2013-04-19 18:18 . 2013-05-31 03:58    12800    ----a-w-    c:\windows\SysWow64\drivers\UnHackMeDrv.sys
2013-04-13 05:49 . 2013-05-15 03:35    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 03:35    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 03:35    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 03:35    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 03:35    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 03:35    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 18:19    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 03:35    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 03:35    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 03:35    3153920    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [x]
R4 BNPagent;Bradford Persistent Agent Service;c:\program files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe;c:\program files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 23:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58    133840    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-06 384296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://searchy.easylifeapp.com/?pid=388&src=ie1&r=2013/07/01&hid=714662394&lg=EN&cc=US
mStart Page = hxxp://searchy.easylifeapp.com/?pid=388&src=ie1&r=2013/07/01&hid=714662394&lg=EN&cc=US
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\sed7568x.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-19 15:36; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-06-19 16:33; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\sed7568x.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: browser.search.defaulturl -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-49769711.sys
SafeBoot-56653867.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-{AA3B5A69-7FAA-61B0-BB44-822DE39A48AA} - c:\progra~3\INSTAL~1\{2B223~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-01  21:02:52
ComboFix-quarantined-files.txt  2013-07-02 04:02
.
Pre-Run: 202,108,751,872 bytes free
Post-Run: 201,569,644,544 bytes free
.
- - End Of File - - F504E330D15363523C8D5EB09D47EA65
D41D8CD98F00B204E9800998ECF8427E
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:36 AM

Posted 06 July 2013 - 08:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 Behzadk

Behzadk
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 06 July 2013 - 01:13 PM

Hi,

thanks for your respond but I'm already working on the issue with someone else.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:36 AM

Posted 07 July 2013 - 06:56 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users