joford

Thanks for all your help Larry, I ran ComboFix /Uninstall, which worked ok. I hadn't used DeFogger. The restore icon defaults did not change the bottom right tray of my desktop but its all fine and working normally so all good! I will follow your advice on system security, I do most of these things already. On this occasion I stupidly opened an email attachment that my partner asked me to access without checking the email properly first - it was a hoax email and the virus was hiding in the attachment - doh! All the best, Jo

Hi Larry, I downloaded and ran ComboFix as administrator. It didn't prompt to install Windows Recovery Module but other than that all seemed to run ok. My start menu looks normal again but my desktop is still strange - black background, icons missing (I could obviously change this easily) and the system/setting icons in the bottom right are all spread out instead of being under a menu. I have pasted the ComboFix log below. Thanks again for your continued assistance! Jo ------------------------------------------ ComboFix 11-11-14.02 - Joanna 14/11/2011 20:10:16.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3999.2660 [GMT 0:00] Running from: c:\users\Joanna\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Joanna\AppData\Roaming\.# c:\users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore c:\users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk c:\users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk c:\users\Joanna\unhide.exe . . ((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 ))))))))))))))))))))))))))))))) . . 2011-11-14 20:18 . 2011-11-14 20:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-13 23:10 . 2011-11-13 23:10 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9773CA27-BBC3-4F64-B3AC-6BBFD39F2F99}\offreg.dll 2011-11-13 13:03 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9773CA27-BBC3-4F64-B3AC-6BBFD39F2F99}\mpengine.dll 2011-11-13 13:03 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-13 13:03 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-13 13:03 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-13 13:03 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-11-07 22:43 . 2011-11-07 22:43 -------- d-----w- c:\programdata\Kaspersky Lab 2011-11-07 20:54 . 2011-11-07 20:54 -------- d-----w- c:\users\Joanna\AppData\Roaming\Malwarebytes 2011-11-07 20:54 . 2011-11-07 20:54 -------- d-----w- c:\programdata\Malwarebytes 2011-11-07 20:53 . 2011-11-07 22:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-07 20:53 . 2011-08-31 17:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-04 22:47 . 2011-11-04 22:47 -------- d-----w- c:\windows\Sun 2011-11-04 22:47 . 2011-11-04 22:47 -------- d-----w- c:\programdata\Ask 2011-10-25 20:21 . 2011-10-25 20:21 -------- d-----w- c:\program files\iPod 2011-10-25 20:21 . 2011-10-25 20:21 -------- d-----w- c:\program files\iTunes 2011-10-25 20:21 . 2011-10-25 20:21 -------- d-----w- c:\program files (x86)\iTunes 2011-10-25 20:18 . 2011-10-25 20:18 -------- d-----w- c:\program files\Bonjour 2011-10-25 20:18 . 2011-10-25 20:18 -------- d-----w- c:\program files (x86)\Bonjour 2011-10-17 21:32 . 2011-10-17 21:32 -------- d-----w- c:\program files (x86)\Common Files\xing shared 2011-10-17 21:32 . 2011-10-17 21:32 -------- d-----w- c:\program files (x86)\Real 2011-10-17 21:27 . 2011-10-17 21:27 -------- d-----w- c:\users\Joanna\AppData\Local\MPlayer 2011-10-17 21:24 . 2011-10-17 21:25 -------- d-----w- c:\users\Joanna\.3gpplayer 2011-10-17 19:43 . 2011-10-17 19:43 -------- d-----w- c:\program files (x86)\EASEUS 2011-10-16 23:04 . 2011-10-16 23:04 -------- d-----w- c:\program files\Recuva 2011-10-16 22:46 . 2011-10-16 22:46 -------- d-----w- c:\program files (x86)\eSupport.com 2011-10-16 21:58 . 2011-10-16 21:58 -------- d-----w- c:\program files (x86)\CardRecovery 2011-10-16 18:55 . 2011-10-16 18:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-16 21:27 . 2011-06-27 16:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-03 05:06 . 2011-07-27 20:33 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-06 20:45 . 2010-07-09 08:17 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:45 . 2010-02-10 13:58 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-09-06 20:45 . 2011-01-19 09:30 254400 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-06 20:38 . 2011-04-13 18:36 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 20:38 . 2010-02-10 13:58 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-06 20:36 . 2010-02-10 13:58 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-06 20:36 . 2010-02-10 13:58 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-06 20:36 . 2010-02-10 13:58 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-09-06 20:36 . 2010-02-10 13:58 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-08-30 22:05 . 2011-08-30 22:05 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-30 22:05 . 2011-08-30 22:05 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-08-30 22:05 . 2011-08-30 22:05 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-08-30 22:05 . 2011-08-30 22:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-08-30 22:05 . 2011-08-30 22:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-08-30 22:05 . 2011-08-30 22:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-08-27 05:37 . 2011-10-14 19:34 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-27 05:37 . 2011-10-14 19:34 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-08-27 04:26 . 2011-10-14 19:34 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-08-27 04:26 . 2011-10-14 19:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-17 05:26 . 2011-10-14 19:35 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-08-17 05:25 . 2011-10-14 19:35 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-08-17 04:24 . 2011-10-14 19:35 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-08-17 04:19 . 2011-10-14 19:35 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-23 39408] "ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-07-25 4389696] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432] "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-10-17 273528] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 135664] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 135664] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 14:03] . 2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 14:03] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-01-10 200704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_1810tz&r=273602101016l0333z125t5911a435 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100330133817 DPF: {A6AD2813-EDAC-4CAA-B7A3-431EC0758C2D} - hxxps://relativity.millnet.co.uk/Relativity/ActiveX/webclientmanager.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-11-14 20:21:46 ComboFix-quarantined-files.txt 2011-11-14 20:21 . Pre-Run: 138,856,198,144 bytes free Post-Run: 138,483,003,392 bytes free . - - End Of File - - 86A05E03F5A3D46918D47E174C757A9F

Hi Larry, I have Windows 7 on this computer and have no idea how to get into customize desktop...! I have tried searching control panel, looking in display settings, personalization settings, searched on internet but no luck. Do you have any idea how to get into this on Windows 7? Thanks again, Jo

Thanks for the reply LDTate, unhide.exe mostly worked - I now have all my documents, programs, favourites back (I think), but my desktop and start menu still looks strange. I also followed the instructions to disable my anti-virus and run again but this didn't do the trick. Do you have any other advice on how to fix this? Many thanks, Jo

My computer was infected yesterday by the trojan.fake.alert virus and also Trojan.fake.downloader and PUM.hijack.startmenu. Avast picked it up but apparently wasn't quick enough. It was trying to go through system restore, but I spoke to my dad and managed to disable this (although I shut down and rebooted first). Then I downloaded malware bytes and ran this. It identified 11 viruses (log attached) and cleaned them off. Ran it again and it was clean, as was Kapersky online virus removal tool. My computer seems to be performing normally but I've lost my system settings, the start menu is not fully functional, the desktop looks strange and all my documents etc. have disappeared. When I re-enabled system restore and tried to run it, it said there was no image saved... Can anyone help me recover my files? Thanks in advance, Jo :-) DDS.txt Attach.txt _____________________________________________ Malware log: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8109 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 07/11/2011 22:11:19 mbam-log-2011-11-07 (22-11-19).txt Scan type: Full scan (C:\|) Objects scanned: 302020 Time elapsed: 1 hour(s), 2 minute(s), 53 second(s) Memory Processes Infected: 2 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: c:\programdata\cmlthiyryrlbw.exe (Trojan.FakeAlert) -> 3108 -> Unloaded process successfully. c:\programdata\6dss92c31apgjk.exe (Trojan.FakeAlert) -> 4460 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CmlthiyRYRlBW.exe (Trojan.FakeAlert) -> Value: CmlthiyRYRlBW.exe -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\programdata\cmlthiyryrlbw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\programdata\6dss92c31apgjk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Joanna\AppData\Local\Temp\1275.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Joanna\AppData\Local\Temp\p5tm1qbi6dss92.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Joanna\AppData\Local\Temp\realtek_ac97.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Joanna\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\dxdiag.exe (Trojan.Downloader) -> Quarantined and deleted successfully. Hi, I would really appreciate it if someone can help advise me on this when you have a moment. I know how innundated you are with topics, though Best, Jo