After noticing massive lag spikes in my networking and the occasional crashing of explorer, I noticed that my MSE was unable to update. After having to manually DL the update I found that I was infected with the following:
Alureon.gen!F
Alureon.gen!AD
Alureon.gen!J
Alureon.FK
I have had strain A, and removed it with TDSS Killer, but this is a different beast. Malwarebytes didn't even find it, MSE found it but could not removed it. The latest version of TDSS Killer could not find it either. I just ran Combofix and it detected some things. Here's the log.
I also ran aswmbr. Here is the log. It asked if I wanted to fix anything but warned my drive partitions could become inaccessible so I did not choose to fix it.
Alureon.gen!F
Alureon.gen!AD
Alureon.gen!J
Alureon.FK
I have had strain A, and removed it with TDSS Killer, but this is a different beast. Malwarebytes didn't even find it, MSE found it but could not removed it. The latest version of TDSS Killer could not find it either. I just ran Combofix and it detected some things. Here's the log.
Quote:
|
ComboFix 12-10-10.02 - Owner 10/10/2012 11:52:55.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.9207.6872 [GMT -4:00] Running from: c:\users\Owner\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\program files (x86)\somototoolbar\vmNTemplatex.dll c:\programdata\msadoex.dll c:\users\Owner\AppData\Roaming\aba6d529.dat c:\users\Owner\AppData\Roaming\Local c:\users\Owner\AppData\Roaming\Local\FalloutNV\Fallout.ini c:\users\Owner\AppData\Roaming\Local\FalloutNV\FalloutPrefs.ini c:\users\Owner\AppData\Roaming\Local\FalloutNV\NVDLCList.txt c:\users\Owner\AppData\Roaming\Local\FalloutNV\plugins.txt c:\users\Owner\AppData\Roaming\Local\FalloutNV\RendererInfo.txt c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rbi2mh26.default\searchplugins\bing-zugo.xml c:\users\Owner\AppData\Roaming\RSBot.db c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 ))))))))))))))))))))))))))))))) . . 2012-10-10 15:58 . 2012-10-10 15:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-10-10 15:58 . 2012-10-10 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-10 00:45 . 2009-08-04 02:28 13440 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys 2012-10-10 00:45 . 2006-01-10 08:50 24576 ----a-r- c:\windows\SysWow64\AsIO.dll 2012-10-10 00:45 . 2012-10-10 00:45 -------- d-----w- c:\program files (x86)\ASUS 2012-10-09 23:38 . 2012-10-09 23:38 -------- d-----w- c:\users\Owner\AppData\Roaming\Nico Mak Computing 2012-10-09 23:38 . 2012-02-08 14:29 18760 ----a-w- c:\windows\system32\roboot64.exe 2012-10-09 23:38 . 2012-10-09 23:38 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer 2012-10-09 23:01 . 2012-10-09 23:01 -------- d-----w- c:\users\Owner\AppData\Roaming\SpeedyPC Software 2012-10-09 23:01 . 2012-10-09 23:01 -------- d-----w- c:\users\Owner\AppData\Roaming\DriverCure 2012-10-09 23:01 . 2012-10-09 23:01 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software 2012-10-09 23:01 . 2012-10-09 23:01 -------- d-----w- c:\programdata\SpeedyPC Software 2012-10-09 23:01 . 2012-10-09 23:01 -------- d-----w- c:\program files (x86)\SpeedyPC Software 2012-10-09 22:33 . 2012-10-09 22:43 16200 ----a-w- c:\windows\stinger.sys 2012-10-09 22:33 . 2012-10-09 22:51 -------- d-----w- c:\program files (x86)\stinger 2012-10-09 18:25 . 2012-10-09 18:25 110080 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe 2012-10-09 18:25 . 2012-10-09 18:25 110080 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe 2012-10-09 18:25 . 2012-10-09 18:25 110080 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe 2012-10-09 18:24 . 2012-10-09 18:25 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP 2012-10-08 19:57 . 2012-09-19 04:58 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{386EF5C4-970F-448C-B238-1DB6A05BE7BE}\mpengine.dll 2012-10-08 17:05 . 2012-10-08 17:05 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes 2012-10-08 17:05 . 2012-10-08 17:05 -------- d-----w- c:\programdata\Malwarebytes 2012-10-08 17:05 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-08 17:04 . 2012-10-08 17:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-10-06 01:28 . 2012-10-06 01:28 -------- d-----w- c:\program files (x86)\Bohemia Interactive 2012-10-03 17:21 . 2012-10-03 17:21 -------- d-----w- c:\program files (x86)\Microsoft Works 2012-09-29 22:07 . 2012-09-29 22:13 -------- d-----w- c:\program files (x86)\Wargame- European Escalation 2012-09-23 20:05 . 2012-09-24 15:33 -------- d--h--w- c:\programdata\k2logs 2012-09-23 20:05 . 2009-05-13 23:35 50688 ----a-w- c:\windows\SysWow64\wbhelp2.dll 2012-09-23 20:05 . 2009-05-13 23:35 28160 ----a-w- c:\windows\SysWow64\anim.dll 2012-09-23 20:05 . 2009-05-13 23:35 258352 ----a-w- c:\windows\SysWow64\unicows.dll 2012-09-23 20:05 . 2012-09-24 15:34 -------- d--h--w- c:\program files (x86)\KAward 2012-09-23 20:05 . 2009-05-13 23:35 544833 ----a-w- c:\windows\SysWow64\wbocx.ocx 2012-09-23 19:13 . 2012-09-23 20:00 -------- d--h--w- c:\program files (x86)\iSafe AllInOne Keylogger 2012-09-23 18:53 . 2012-09-23 18:53 -------- d-----w- c:\program files (x86)\Karen's Power Tools 2012-09-23 18:53 . 2012-09-23 18:53 -------- d-----w- c:\programdata\Karen's Power Tools 2012-09-23 18:15 . 2012-09-23 18:15 -------- d-----w- c:\program files (x86)\Astroburn Lite 2012-09-23 18:15 . 2012-09-23 18:15 -------- d-----w- c:\programdata\Astroburn Lite 2012-09-23 17:45 . 2012-09-23 17:45 26624 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{1EFAF492-9A3B-48C3-9349-234B146FDA46}\Icon1EFAF492.exe 2012-09-23 17:45 . 2012-09-23 17:45 -------- d-----w- c:\program files (x86)\LCP 2012-09-22 19:27 . 2012-09-22 19:30 -------- d-----w- c:\users\Owner\AppData\Roaming\gtk-2.0 2012-09-19 07:00 . 2012-09-19 07:00 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-09-17 07:32 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-12 16:42 . 2012-09-12 16:42 -------- d-----w- c:\program files\Microsoft Synchronization Services 2012-09-12 16:42 . 2012-09-12 16:42 -------- d-----w- c:\program files\Common Files\DESIGNER 2012-09-12 16:41 . 2012-09-12 16:41 -------- d-----w- c:\windows\PCHEALTH 2012-09-12 16:41 . 2012-09-12 16:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2012-09-12 16:40 . 2012-09-12 16:40 -------- d-----w- c:\users\Owner\AppData\Local\Microsoft Help 2012-09-12 16:40 . 2012-10-03 17:19 -------- d-----w- c:\program files\Microsoft Office 2012-09-12 16:40 . 2012-10-03 17:22 -------- d-----w- c:\programdata\Microsoft Help 2012-09-12 16:40 . 2012-09-12 16:40 -------- d-----r- C:\MSOCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-06 07:12 . 2012-09-06 07:12 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll 2012-09-06 07:10 . 2012-01-11 23:52 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-09-06 07:10 . 2012-09-06 07:10 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe 2012-09-06 07:10 . 2012-01-11 23:52 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-09-04 19:37 . 2012-09-04 19:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-04 19:37 . 2012-09-04 19:37 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-04 19:37 . 2011-08-12 23:43 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-03 08:27 . 2011-08-08 17:31 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-07-18 17:31 . 2012-09-06 14:33 3146752 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}] 2011-12-22 21:17 262312 ----a-w- c:\program files (x86)\blekkotb\auxi\blekkoAu.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}] 2011-12-22 21:16 86696 ----a-w- c:\program files (x86)\blekkotb\blekkoDx.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] 2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBitT.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-03-28 176936] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936] "{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files (x86)\blekkotb\blekkoDx.dll" [2011-12-22 86696] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-06 1353080] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-06-18 647216] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-12-21 206504] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SKLService;Run software as Windows service;c:\program files (x86)\KAward\aklservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [x] R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144] R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-08 1255736] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-02 270912] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888] S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088] S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-05-25 966144] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Contents of the 'Scheduled Tasks' folder . 2012-10-10 c:\windows\Tasks\Registry Optimizer_DEFAULT.job - c:\program files (x86)\WinZip Registry Optimizer\Winzipro.exe [2012-10-09 14:29] . 2012-10-10 c:\windows\Tasks\Registry Optimizer_UPDATES.job - c:\program files (x86)\WinZip Registry Optimizer\Winzipro.exe [2012-10-09 14:29] . 2012-10-10 c:\windows\Tasks\SpeedyPC Pro.job - c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-08-09 20:44] . 2012-10-10 c:\windows\Tasks\SpeedyPC Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2012-10-10 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52] . 2012-10-10 c:\windows\Tasks\SpeedyPC Update Version3.job - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-06-24 1366064] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Locate Spot on Map by GPS - c:\program files (x86)\Opanda\IExif 2.3\IExifMap.htm IE: View Exif/GPS/IPTC with IExif - c:\program files (x86)\Opanda\IExif 2.3\IExifCom.htm TCP: DhcpNameServer = 192.168.2.1 192.168.1.1 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rbi2mh26.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - CNN.com - Breaking News, U.S., World, Weather, Entertainment & Video News FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B24e1f2de-ae36-482d-bd34-33915f9cc516%7D&mid=8b4c7a3078f047d1ac2641affc9df0e3-4f4f50eda956b3fca24ee12c9b84443a23836c94&ds=AVG&v=9.0.0.23&lang=en&pr=fr&d=2012-01-24%2020%3A10%3A34&sap=ku&q= FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . BHO-{652853ad-5592-4231-88c6-706613a52e61} - c:\program files (x86)\somototoolbar\vmntemplateX.dll Toolbar-Locked - (no file) Toolbar-{652853ad-5592-4231-88c6-706613a52e61} - c:\program files (x86)\somototoolbar\vmntemplateX.dll Toolbar-Locked - (no file) WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) AddRemove-EADM - c:\program files (x86)\Electronic Arts\EADM\Uninstall.exe AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AIDA64Driver] "ImagePath"="\??\c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-10-10 11:59:39 ComboFix-quarantined-files.txt 2012-10-10 15:59 . Pre-Run: 254,742,294,528 bytes free Post-Run: 255,609,335,808 bytes free . - - End Of File - - 772AE7EBEFE9086BD7EEBE18E698D17B |
I also ran aswmbr. Here is the log. It asked if I wanted to fix anything but warned my drive partitions could become inaccessible so I did not choose to fix it.
Quote:
|
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-10-10 12:53:19 ----------------------------- 12:53:19.594 OS Version: Windows x64 6.1.7600 12:53:19.594 Number of processors: 8 586 0x1A05 12:53:19.595 ComputerName: OWNER-PC UserName: Owner 12:53:20.877 Initialize success 12:53:42.874 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 12:53:42.876 Disk 0 Vendor: ST31000528AS CC44 Size: 953869MB BusType: 3 12:53:42.885 Disk 0 MBR read successfully 12:53:42.887 Disk 0 MBR scan 12:53:42.890 Disk 0 unknown MBR code 12:53:42.892 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 63 12:53:42.905 Disk 0 scanning C:\Windows\system32\drivers 12:53:48.707 Service scanning 12:53:58.432 Modules scanning 12:53:58.439 Disk 0 trace - called modules: 12:53:58.444 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 12:53:58.448 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008a6e060] 12:53:58.452 3 CLASSPNP.SYS[fffff8800192d43f] -> nt!IofCallDriver -> [0xfffffa8008745520] 12:53:58.456 5 ACPI.sys[fffff88000ec5781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8008741680] 12:53:58.462 Scan finished successfully 12:54:09.336 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat" 12:54:09.339 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt" |