Jump to content

hijack.startmenu -- Start menu is completely blocked, other functions not working.


Recommended Posts

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Owner at 19:21:07 on 2012-05-11

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3882.2902 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\windows\system32\hkcmd.exe

C:\windows\system32\igfxtray.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

C:\windows\system32\igfxpers.exe

C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe

C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\taskeng.exe

C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

C:\windows\system32\taskeng.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Windows\system32\WUDFHost.exe

\\?\C:\windows\system32\wbem\WMIADAP.EXE

C:\windows\system32\vssvc.exe

C:\windows\System32\svchost.exe -k swprv

C:\windows\SysWOW64\NOTEPAD.EXE

C:\windows\SysWOW64\NOTEPAD.EXE

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://samsung.msn.com

uDefault_Page_URL = hxxp://samsung.msn.com

mStart Page = hxxp://samsung.msn.com

BHO: MRI_DISABLED - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll

uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\SRSPRE~1.LNK - C:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/popzuma/popcaploader_v10.cab

TCP: Interfaces\{2107081C-E8B6-47F7-8BDB-CDEE3C48FC70} : DhcpNameServer = 68.6.16.30 68.6.16.25 68.2.16.30

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: MRI_DISABLED - No File

BHO-X64:     AcroIEHelperStub - No File

BHO-X64:     W2PBrowser Browser Helper - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64:     AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64:     Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64:     URLRedirectionBHO - No File

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll

mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-5-3 40384]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-6 408576]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-3 304464]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-28 2320920]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-6 911872]

R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-5-3 40384]

R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-5-3 40384]

R3 bpenum;bpenum;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]

R3 bpusb;bpusb;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-20 253088]

S3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]

S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-4 340240]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-05-05 18:31:41    69000    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98598D9B-2516-4B55-B47B-49D828560C2E}\offreg.dll

2012-05-04 03:16:49    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Malwarebytes

2012-05-04 03:16:20    38224    ----a-w-    C:\windows\SysWow64\drivers\mbamswissarmy.sys

2012-05-04 03:16:19    24664    ----a-w-    C:\windows\System32\drivers\mbam.sys

2012-05-04 03:16:19    --------    d-----w-    C:\ProgramData\Malwarebytes

2012-05-04 03:16:19    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-04 02:38:20    424016    ----a-w-    C:\windows\System32\drivers\aswSnx.sys

2012-05-04 02:38:19    63568    ----a-w-    C:\windows\System32\drivers\aswMonFlt.sys

2012-05-04 02:38:13    --------    d-----w-    C:\ProgramData\Alwil Software

2012-04-21 03:34:26    418464    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe

2012-04-13 02:49:17    5559152    ----a-w-    C:\windows\System32\ntoskrnl.exe

2012-04-13 02:49:17    3968368    ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe

2012-04-13 02:49:16    3913072    ----a-w-    C:\windows\SysWow64\ntoskrnl.exe

2012-04-13 02:46:10    81408    ----a-w-    C:\windows\System32\imagehlp.dll

2012-04-13 02:46:10    23408    ----a-w-    C:\windows\System32\drivers\fs_rec.sys

2012-04-13 02:46:10    159232    ----a-w-    C:\windows\SysWow64\imagehlp.dll

2012-04-13 02:46:09    5120    ----a-w-    C:\windows\SysWow64\wmi.dll

2012-04-13 02:46:09    5120    ----a-w-    C:\windows\System32\wmi.dll

2012-04-13 02:46:09    220672    ----a-w-    C:\windows\System32\wintrust.dll

2012-04-13 02:46:09    172544    ----a-w-    C:\windows\SysWow64\wintrust.dll

2012-04-12 03:05:48    451072    ----a-w-    C:\Program Files\Internet Explorer\ieproxy.dll

2012-04-12 03:05:38    163328    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieproxy.dll

2012-04-12 03:05:12    1638912    ----a-w-    C:\windows\SysWow64\mshtml.tlb

2012-04-12 03:05:12    1638912    ----a-w-    C:\windows\System32\mshtml.tlb

.

==================== Find3M  ====================

.

2012-04-21 03:34:26    70304    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-28 06:39:37    1188864    ----a-w-    C:\windows\System32\wininet.dll

2012-02-28 05:38:52    981504    ----a-w-    C:\windows\SysWow64\wininet.dll

2012-02-17 06:38:26    1031680    ----a-w-    C:\windows\System32\rdpcore.dll

2012-02-17 05:34:22    826880    ----a-w-    C:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24    210944    ----a-w-    C:\windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32    23552    ----a-w-    C:\windows\System32\drivers\tdtcp.sys

2012-02-14 19:09:44    1070352    ----a-w-    C:\windows\SysWow64\MSCOMCTL.OCX

.

============= FINISH: 19:21:33.03 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/8/2010 2:08:39 AM

System Uptime: 5/11/2012 5:26:34 PM (2 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | QX310/QX410/QX510/SF310/SF410/SF510

Processor: Intel® Core i3 CPU       M 370  @ 2.40GHz | CPU 1 | 2399/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 181 GiB total, 136.53 GiB free.

D: is FIXED (NTFS) - 269 GiB total, 265.817 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP168: 2/16/2012 7:50:30 AM - Windows Update

RP169: 2/27/2012 6:40:10 PM - Scheduled Checkpoint

RP170: 3/13/2012 11:15:36 AM - Windows Update

RP171: 3/14/2012 8:19:54 AM - Windows Update

RP172: 3/23/2012 11:16:25 AM - Removed HP Photosmart 6510 series Basic Device Software

RP173: 3/23/2012 11:17:52 AM - Removed HP Photosmart 6510 series Help

RP174: 3/23/2012 11:18:30 AM - Removed HP Photosmart 6510 series Product Improvement Study

RP175: 3/23/2012 11:19:27 AM - Removed HP Update.

RP176: 3/23/2012 11:20:17 AM - Removed EPSON Scan Assistant

RP177: 3/23/2012 11:20:33 AM - Removed Attach To Email

RP178: 3/23/2012 11:20:53 AM - Removed Epson Event Manager

RP179: 3/23/2012 11:21:53 AM - Removed FAX Utility

RP180: 3/23/2012 11:24:53 AM - Removed EpsonNet Setup

RP181: 4/12/2012 7:45:02 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Reader X (10.1.2)

ArcSoft MediaImpression 2

avast! Pro Antivirus

BatteryLifeExtender

Bejeweled 3

Bing Bar

Bing Bar Platform

Bing Rewards Client Installer

ChargeableUSB

Coupon Printer for Windows

CyberLink DVD Suite

CyberLink LabelPrint

CyberLink Power2Go

CyberLink PowerDirector

CyberLink PowerDVD 8

CyberLink PowerProducer

CyberLink YouCam

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Easy Content Share

Easy Display Manager

Easy Network Manager

Easy SpeedUp Manager

EasyBatteryManager

EasyFileShare

EpsonNet Print

Fast Start

Google Chrome

HPDiagnosticAlert

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Jewel Quest Solitaire III (remove only)

Junk Mail filter update

Malwarebytes' Anti-Malware

Marvell Miniport Driver

Mesh Runtime

Messenger Companion

Microsoft Default Manager

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MultimediaPOP

Peggle Deluxe 1.0

Realtek High Definition Audio Driver

Samsung AnyWeb Print

Samsung Recovery Solution 5

Samsung Support Center

Samsung Update Plus

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Skype™ 5.5

Super Collapse! 3

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

User Guide

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma's Revenge!

Zuma Deluxe 1.0.0.0

.

==== Event Viewer Messages From Past Week ========

.

5/4/2012 6:35:03 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003]  - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll

.

==== End Of File ===========================

Link to post
Share on other sites

Hello and :welcome:

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hi Elise! Thanks for your reply. Here is my ComboFix log:

ComboFix 12-05-13.03 - Owner 05/13/2012 8:25.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3882.2926 [GMT -7:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 )))))))))))))))))))))))))))))))

.

.

2012-05-13 15:29 . 2012-05-13 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-05 18:31 . 2012-05-05 18:31 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98598D9B-2516-4B55-B47B-49D828560C2E}\offreg.dll

2012-05-04 03:16 . 2012-05-04 03:16 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes

2012-05-04 03:16 . 2010-04-29 22:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2012-05-04 03:16 . 2012-05-04 03:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-04 03:16 . 2012-05-04 03:16 -------- d-----w- c:\programdata\Malwarebytes

2012-05-04 03:16 . 2010-04-29 22:39 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-04 02:38 . 2010-05-06 20:41 424016 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-05-04 02:38 . 2010-05-06 20:39 51280 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-05-04 02:38 . 2010-05-06 20:39 121936 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-05-04 02:38 . 2010-05-06 20:34 28752 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-05-04 02:38 . 2010-05-06 20:33 22096 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-05-04 02:38 . 2010-05-06 20:34 63568 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-05-04 02:38 . 2010-05-06 20:59 38848 ----a-w- c:\windows\SysWow64\avastSS.scr

2012-05-04 02:38 . 2010-05-06 20:59 165032 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-05-04 02:38 . 2012-05-04 02:38 -------- d-----w- c:\programdata\Alwil Software

2012-05-04 02:38 . 2012-05-04 02:38 -------- d-----w- c:\program files\Alwil Software

2012-04-21 03:34 . 2012-04-21 03:34 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-21 03:34 . 2011-05-12 22:52 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-06 06:53 . 2012-04-13 02:49 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-06 05:59 . 2012-04-13 02:49 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-06 05:59 . 2012-04-13 02:49 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-01 06:46 . 2012-04-13 02:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-13 02:46 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-13 02:46 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-13 02:46 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-13 02:46 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-13 02:46 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-13 02:46 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-28 06:39 . 2012-04-12 03:06 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 05:38 . 2012-04-12 03:06 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 04:31 . 2012-04-12 03:05 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 03:52 . 2012-04-12 03:05 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-02-17 06:38 . 2012-03-13 18:32 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-13 18:32 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-13 18:31 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-13 18:31 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED

SRS Premium Sound.lnk - c:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-9-28 156952]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 253088]

R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-03 2320920]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]

S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 03:34]

.

2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531033883-3367602854-4197547730-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 18:53]

.

2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531033883-3367602854-4197547730-1000UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 18:53]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://samsung.msn.com

mStart Page = hxxp://samsung.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-05-13 08:31:54

ComboFix-quarantined-files.txt 2012-05-13 15:31

.

Pre-Run: 148,165,746,688 bytes free

Post-Run: 148,442,943,488 bytes free

.

- - End Of File - - 40A491E5A1590F75B2D8CA303137C726

Link to post
Share on other sites

Hi Elise

Before running ComboFix I was unable to access the start menu, and clicking on things on the taskbar did not work. Several keys did not work either.

After running ComboFix, these issues seem to have been resolved. I don't see any other problems at this moment.

Thank you!

Link to post
Share on other sites

I am glad to hear that! :) Lets run one last scan to make sure everything is okay.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

Hi Elise

ESETScan has completed, here is the exported list of threats. Thank you!

C:\Program Files\Alwil Software\Avast5\ashBase.dll a variant of Win32/Packed.VMProtect.AAA trojan unable to clean

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3C861S43\fdd91a64ce20e17d[1].htm JS/Fraud.NAP trojan cleaned by deleting - quarantined

Operating memory a variant of Win32/Packed.VMProtect.AAA trojan

Link to post
Share on other sites

  • 4 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.