Jump to content

berthazz

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

 Content Type 

Everything posted by berthazz

  1. berthazz
    Hi Maniac, Well, I haven't actually used the PC since my last post, as I didn't know if was safe to do so until I had heard from you! I did notice that during the 1+1/2 hours while ESET was running, I didn't get one single "LockScreen" popup, so that looks like it may be gone. Should I just continue to use the PC as normal now? Or would you like me to run a HijackThis log or anything so that you can see what is running on the machine? Thank you so much for all this help - it is VERY much appreciated....
  2. berthazz
    Hi Maniac, Sorry - perhaps I should have mentioned in my last post that the two threats identified by ESET were both Win32/Kryptik.AQPH- hope that helps!..
  3. berthazz
    Hi Maniac, OK - I hope I've done the right things here! I ran the ESET Online Scanner as instructed (including checking the boxes as indicated), and the scan took around 1+1/2 hours. It quite quickly identified 2 threats, and on completion it reported that 2 threats had been identified and removed. I then found the log.txt file in the folder as advised, but noted that it had been created before the scan ran (I was perhaps wronlgly expecting it to be created AFTER the scan had finished?). Anyway - here are the contents of the C:\Program Files\ESET\Eset Online Scanner\log.txt file: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Hope that was what you were expecting!
  4. berthazz
    Hi Maniac, Many thanks for your reply. I have been away for a few days but I am just about to run the ESET Online Scanner as instructed. As soon as the log has been generated, I will post it here as requested.
  5. berthazz
    Thanks, Maniac. I have uploaded the file to Rapidshare and will PM the link to you now
  6. berthazz
    Hi Maniac, I have followed your instructions. Please find C:\Combofix.txt copied below: ------------------------------------------------------------------------------------------------------- ComboFix 13-01-04.03 - Rob 05/01/2013 0:30.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4091.2914 [GMT 0:00] Running from: c:\users\Rob\Desktop\ComboFix.exe Command switches used :: c:\users\Rob\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Rob\AppData\Roaming\Hemer c:\users\Rob\AppData\Roaming\Hemer\edykr.awa c:\users\Rob\AppData\Roaming\Ipedax c:\users\Rob\AppData\Roaming\Izedo c:\users\Rob\AppData\Roaming\Yhseu c:\users\Rob\AppData\Roaming\Yhseu\ezdun.hau c:\users\Rob\AppData\Roaming\Ynsuu . . ((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 ))))))))))))))))))))))))))))))) . . 2013-01-05 00:34 . 2013-01-05 00:34 -------- d-----w- c:\users\Mcx1-ROB-PC\AppData\Local\temp 2013-01-05 00:34 . 2013-01-05 00:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-01 21:33 . 2013-01-01 21:33 -------- d-----w- c:\programdata\IObit 2013-01-01 21:33 . 2013-01-01 21:33 -------- d-----w- c:\users\Rob\AppData\Roaming\IObit 2013-01-01 21:33 . 2013-01-01 21:33 -------- d-----w- c:\program files (x86)\IObit 2013-01-01 17:26 . 2013-01-01 17:26 388096 ----a-r- c:\users\Rob\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-01-01 17:26 . 2013-01-01 17:26 -------- d-----w- c:\program files (x86)\Trend Micro 2013-01-01 17:25 . 2013-01-01 21:31 -------- d-----w- c:\program files\UTILITY PROGRAMS 2012-12-15 16:36 . 2012-12-15 16:36 -------- d-----w- c:\users\Rob\AppData\Roaming\Malwarebytes 2012-12-15 16:36 . 2012-12-15 16:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-15 16:36 . 2012-12-15 16:36 -------- d-----w- c:\programdata\Malwarebytes 2012-12-15 16:36 . 2012-09-29 19:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-15 13:26 . 2012-12-15 13:26 -------- d-----w- c:\users\Rob\AppData\Roaming\AVG2013 2012-12-15 13:25 . 2012-12-15 13:25 -------- d-----w- c:\users\Rob\AppData\Roaming\TuneUp Software 2012-12-15 13:25 . 2012-12-15 13:25 -------- d-----w- c:\programdata\AVG2013 2012-12-15 13:25 . 2012-12-15 13:25 -------- d-----w- C:\$AVG 2012-12-15 13:20 . 2012-03-20 02:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54C00459-14ED-4FAD-A37F-04431D38E1CB}\mpengine.dll 2012-12-15 13:03 . 2012-12-15 13:26 -------- d-----w- c:\users\Rob\AppData\Local\Avg2013 2012-12-15 13:03 . 2012-12-15 13:03 -------- d-----w- c:\users\Rob\AppData\Local\MFAData 2012-12-11 22:50 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-11 22:50 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-11 22:50 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-11 22:48 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-11 22:48 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-11 22:48 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-11 22:48 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-11 22:48 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-11 22:48 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-12 20:33 . 2011-03-22 22:45 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-11 22:47 . 2012-04-22 09:57 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-11 22:47 . 2011-07-10 10:37 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-22 13:02 . 2012-10-22 13:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2012-10-20 12:00 . 2011-09-22 23:00 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-10-20 12:00 . 2011-09-22 23:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-10-16 08:38 . 2012-11-27 21:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 21:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 21:00 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-15 03:48 . 2012-10-15 03:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-10-09 18:17 . 2012-11-16 09:41 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 18:17 . 2012-11-16 09:41 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-16 09:41 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-16 09:41 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800] . c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-12-31 172032] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-05-23 69152] R3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-04 28152] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-19 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-09-18 18792] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Rob\Desktop\emsisoftemergencykit\Run\a2ddax64.sys [2012-12-15 23208] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-16 87600] S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-07-23 23912] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680] . . Contents of the 'Scheduled Tasks' folder . 2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 22:47] . 2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-711389052-200102541-574798463-1001Core.job - c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-22 22:14] . 2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-711389052-200102541-574798463-1001UA.job - c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-22 22:14] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-14 1794344] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.bing.com/?PC=BNHP mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCD5SRVC{048DBD20-445E8C82-05040104}] "ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-05 00:36:41 ComboFix-quarantined-files.txt 2013-01-05 00:36 ComboFix2.txt 2013-01-04 22:21 ComboFix3.txt 2013-01-01 20:01 . Pre-Run: 422,980,345,856 bytes free Post-Run: 422,684,577,792 bytes free . - - End Of File - - DF8C308808B226875BDC48C23FD77D63
  7. berthazz
    Hi Maniac, Thanks for clarifying. I have followed your instructions exactly. Please find the text from C:\Combofix.txt copied below: ---------------------------------------------------------------------------------- ComboFix 13-01-04.03 - Rob 04/01/2013 22:16:10.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4091.2982 [GMT 0:00] Running from: c:\users\Rob\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 ))))))))))))))))))))))))))))))) . . 2013-01-04 22:19 . 2013-01-04 22:19 -------- d-----w- c:\users\Mcx1-ROB-PC\AppData\Local\temp 2013-01-04 22:19 . 2013-01-04 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-01 21:33 . 2013-01-01 21:33 -------- d-----w- c:\programdata\IObit 2013-01-01 21:33 . 2013-01-01 21:33 -------- d-----w- c:\users\Rob\AppData\Roaming\IObit 2013-01-01 21:33 . 2013-01-01 21:33 -------- d-----w- c:\program files (x86)\IObit 2013-01-01 17:26 . 2013-01-01 17:26 388096 ----a-r- c:\users\Rob\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-01-01 17:26 . 2013-01-01 17:26 -------- d-----w- c:\program files (x86)\Trend Micro 2013-01-01 17:25 . 2013-01-01 21:31 -------- d-----w- c:\program files\UTILITY PROGRAMS 2012-12-15 16:36 . 2012-12-15 16:36 -------- d-----w- c:\users\Rob\AppData\Roaming\Malwarebytes 2012-12-15 16:36 . 2012-12-15 16:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-15 16:36 . 2012-12-15 16:36 -------- d-----w- c:\programdata\Malwarebytes 2012-12-15 16:36 . 2012-09-29 19:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-15 13:26 . 2012-12-15 13:26 -------- d-----w- c:\users\Rob\AppData\Roaming\AVG2013 2012-12-15 13:25 . 2012-12-15 13:25 -------- d-----w- c:\users\Rob\AppData\Roaming\TuneUp Software 2012-12-15 13:25 . 2012-12-15 13:25 -------- d-----w- c:\programdata\AVG2013 2012-12-15 13:25 . 2012-12-15 13:25 -------- d-----w- C:\$AVG 2012-12-15 13:20 . 2012-03-20 02:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54C00459-14ED-4FAD-A37F-04431D38E1CB}\mpengine.dll 2012-12-15 13:12 . 2012-12-15 17:24 -------- d-----w- c:\users\Rob\AppData\Roaming\Ipedax 2012-12-15 13:12 . 2012-12-15 13:15 -------- d-----w- c:\users\Rob\AppData\Roaming\Ynsuu 2012-12-15 13:12 . 2012-12-15 13:12 -------- d-----w- c:\users\Rob\AppData\Roaming\Yhseu 2012-12-15 13:03 . 2012-12-15 13:26 -------- d-----w- c:\users\Rob\AppData\Local\Avg2013 2012-12-15 13:03 . 2012-12-15 13:03 -------- d-----w- c:\users\Rob\AppData\Local\MFAData 2012-12-12 21:11 . 2012-12-12 21:11 -------- d-----w- c:\users\Rob\AppData\Roaming\Izedo 2012-12-12 21:11 . 2012-12-12 21:11 -------- d-----w- c:\users\Rob\AppData\Roaming\Hemer 2012-12-11 22:50 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-11 22:50 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-11 22:50 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-11 22:48 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-11 22:48 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-11 22:48 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-11 22:48 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-11 22:48 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-11 22:48 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-12 20:33 . 2011-03-22 22:45 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-11 22:47 . 2012-04-22 09:57 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-11 22:47 . 2011-07-10 10:37 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-22 13:02 . 2012-10-22 13:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2012-10-20 12:00 . 2011-09-22 23:00 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-10-20 12:00 . 2011-09-22 23:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-10-16 08:38 . 2012-11-27 21:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 21:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 21:00 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-15 03:48 . 2012-10-15 03:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-10-09 18:17 . 2012-11-16 09:41 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 18:17 . 2012-11-16 09:41 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-16 09:41 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-16 09:41 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800] . c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-12-31 172032] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-05-23 69152] R3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-04 28152] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-19 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-09-18 18792] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Rob\Desktop\emsisoftemergencykit\Run\a2ddax64.sys [2012-12-15 23208] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-16 87600] S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-07-23 23912] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680] . . Contents of the 'Scheduled Tasks' folder . 2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 22:47] . 2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-711389052-200102541-574798463-1001Core.job - c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-22 22:14] . 2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-711389052-200102541-574798463-1001UA.job - c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-22 22:14] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-14 1794344] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.bing.com/?PC=BNHP mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCD5SRVC{048DBD20-445E8C82-05040104}] "ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-04 22:21:53 ComboFix-quarantined-files.txt 2013-01-04 22:21 ComboFix2.txt 2013-01-01 20:01 . Pre-Run: 423,155,159,040 bytes free Post-Run: 423,090,929,664 bytes free . - - End Of File - - C38735BD8C0505E52530BBC59DF34898
  8. berthazz
    Hi Maniac, Sorry if I am being a little cautious here, but I want to make sure I follow your instructions 100% correctly. Do you mean that I should do these actions? 1. Restart the PC. 2. Delete Combofix.exe from the desktop 3. Click on the link you provided and download Combofix.exe from that page (following the instructions found via the link you gave) 4. Run Combofix.exe (ensuring all anti-virus/anti-malware programs are disabled) 5. After Combofix.exe has run, post C:\Combofix.txt in my next reply. Is that correct? As I had already run Combofix.exe once before I wrote my first post in this forum, I want to make sure that it will be OK to run it again. Many thanks.
  9. berthazz
    Hi - I meant to ask before: Is it safe for me to shut down my laptop? As things seems to be "marked for deletion" I am nervous about shutting down and/or restarting. Would this be risky? Alternatively I could put the laptop into "Hibernate" mode instead of shutting down? I wanted to check with you if either of these would be possible, so I don't have to leave my laptop on all day and night! Thanks again.
  10. berthazz
    Hi Maniac, Thanks again for your continued help. I followed your instructions exactly but when I drag the CFScript.txt file into Combofix.exe (as you instructed above) I get the same error message that I mentioned in my first post. A window appears that says: "C:\Users\Rob\Desktop\Combofix.exe Illegal operation attempted on a registry key that has been marked for deletion." I am able to open other programs (e.g. Malwarebytes) provided that I right click on the icon and select "Run as administrator". As I am dragging a file into Combofix.exe I am unable to do this - any suggestions? For your information, I have tried right clicking on Combofix.exe, clicking on the 'Compatibility' tab and checking the box "Run this program as an administrator". Unfortunately the same error message appears. Any advice would be greatly appreciated.
  11. berthazz
    Hi Maniac! Thanks so much for getting back to me. It is very kind of you to offer help - much appreciated. I will not run any further scans or take any actions unless you tell me to do so! The contents of C:\Qoobox\Addor Remove Programs.txt are as follows: -------------------------------------------------- Accelerometer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) Advanced Audio FX Engine Amazon MP3 Downloader 1.0.17 Amazon Music Importer Apple Application Support Apple Software Update Audacity 1.3.14 (Unicode) Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Support Center (Support Software) Dell Webcam Central Google Chrome Google Talk Plugin GoToAssist 8.0.0.514 HiJackThis Java 7 Update 7 Java Auto Updater Java 6 Update 32 LAME v3.98.3 for Audacity Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nokia Maps 3D browser plugin for Internet Explorer (5.10.2.0) O2Micro Flash Memory Card Windows Driver OpenOffice.org 3.3 PrimoPDF -- brought to you by Nitro PDF Software QuickTime RICOH Media Driver ver.2.07.01.00 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Spotify Tesco Download Manager Tesco Download Manager - Install/Uninstall (v1.0.9.0)_ Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VC80CRTRedist - 8.0.50727.6195 Visual Studio 2008 x64 Redistributables Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Phone Intro Video (ENU)
  12. berthazz
    Hi all, I'm new here - Happy New Year! I was wondering if anyone would be kind enough to offer me some help. Recently I encounted that terrible PCEU LockScreen virus (like the FBI LockScreen virus except for the UK). I ran Malwarebytes Anti-Malware a few times as well as Emsisoft Emergency Kit in line with some instructions I found online. This seemed to remove the virus and my AVG virus scanner then found no problems at all. However, when I reactivated the internet and started browsing, after a few minutes of trouble free browsing the LockScreen was back! I have now disabled internet access. Today I ran Malwarebytes Anti-Malware again and it detected 1 problem under "Registry Values". The following entry showed up: HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Rob\Locals~1\Temp\mskqtkejf.pif At this point I decided not to delete it and searched help on Google. I came across an entry on this forum for a similar problem and, although I'm really not a technical guy, I have been following your very helpful instructions. As per the other thread, I downloaded Combofix onto my desktop, disabled my firewall and anti-virus software, closed all other programs and ran Combofix. It ran successfully and then rebooted my computer. Combofix then posted a log - I have attached this for your information. The only thing that is worrying me slightly is that, whilst everything appears normal superficially, if I double click on any programme files or Word, PDF, or similar, a window opens with the message "Illegal operation attempted on a registry key that has been marked for deletion". I thought this was a good time to pause everything and seek further help from someone much wiser than me! As I am concerned about this "marked for deletion" message, I am going to leave my laptop switched on and prevent it from re-booting just in case it destroys my PC!!! Any help and advice you could offer would be massively appreciated! Hope to hear from someone soon. Many thanks. ComboFix.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.