Jump to content

infected by autorun.inf virus


kenyit
 Share

Recommended Posts

i got infected by an autorun virus a few days ago. All the folders in my external drives became shortcuts. After trying to remove it using pretty much every method that can be found using google, the virus keeps coming back. Finally a friend introduced me to ComboFix and after running it the virus seems to have been gone from my computer. However there are Recycle.Bin folders left around and I need help to make sure if my computer is clean

 

Here is the log from Combo fix

 

ComboFix 13-09-01.02 - Kenyit 09/02/2013  14:05:47.6.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3983.2766 [GMT 8:00]
Running from: c:\users\Kenyit\Desktop\abah.exe.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\abah.exe
c:\abah.exe\NIRKMD.3XE
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-02 to 2013-09-02  )))))))))))))))))))))))))))))))
.
.
2013-09-02 06:10 . 2013-09-02 06:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-02 06:10 . 2013-09-02 06:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-01 10:00 . 2013-09-01 10:10 37562 ----a-w- c:\users\Kenyit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\33b1.js
2013-09-01 09:40 . 2013-09-01 09:59 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-31 16:04 . 2013-08-31 16:04 -------- d-----w- c:\users\Kenyit\AppData\Roaming\Malwarebytes
2013-08-31 16:04 . 2013-08-31 16:04 -------- d-----w- c:\programdata\Malwarebytes
2013-08-31 16:04 . 2013-08-31 16:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-31 16:04 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-30 14:53 . 2013-08-30 14:54 657209 ----a-w- c:\windows\Condition Zero Uninstaller.exe
2013-08-30 14:53 . 2013-08-30 14:53 -------- d-----w- C:\Valve
2013-08-29 15:54 . 2013-08-29 15:56 -------- d-----w- c:\users\Kenyit\AppData\Roaming\redsn0w
2013-08-29 12:48 . 2013-08-29 12:48 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-29 12:48 . 2013-08-29 12:48 -------- d-----w- c:\program files\iTunes
2013-08-29 12:48 . 2013-08-29 12:48 -------- d-----w- c:\program files (x86)\iTunes
2013-08-29 12:48 . 2013-08-29 12:48 -------- d-----w- c:\program files\iPod
2013-08-28 11:22 . 2013-08-28 11:23 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-28 11:22 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-28 11:22 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-28 07:43 . 2013-08-28 07:43 -------- d-----w- C:\794
2013-08-28 07:43 . 2013-08-28 07:43 -------- d-sh--w- c:\users\Kenyit\AppData\Roaming\78e57
2013-08-27 17:54 . 2013-08-27 17:54 -------- d-----w- c:\program files (x86)\FreeTime
2013-08-27 16:46 . 2013-08-27 16:46 -------- d-----w- c:\users\Kenyit\AppData\Roaming\Corel
2013-08-27 16:40 . 2013-08-27 16:40 -------- d-----w- c:\programdata\InterVideo
2013-08-27 16:39 . 2013-08-27 16:39 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2013-08-27 16:39 . 2013-08-27 16:39 -------- d-----w- c:\programdata\Corel
2013-08-27 16:37 . 2013-08-27 16:37 -------- d-----w- c:\program files (x86)\Corel
2013-08-27 13:26 . 1998-10-29 08:45 306688 ----a-w- c:\windows\IsUninst.exe
2013-08-27 13:00 . 2013-08-27 13:00 -------- d-----w- c:\users\Kenyit\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-08-27 13:00 . 2013-08-27 13:00 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2013-08-27 13:00 . 2013-08-27 13:00 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-08-26 14:14 . 2013-09-01 09:30 -------- d-----w- c:\program files\Recuva
2013-08-04 05:25 . 2013-08-04 05:25 -------- d-----w- c:\users\Kenyit\AppData\Local\ElevatedDiagnostics
2013-08-03 14:20 . 2013-08-03 15:14 -------- d-----w- c:\users\Kenyit\AppData\Local\Ubisoft Game Launcher
2013-08-03 09:30 . 2013-08-03 09:30 -------- d-----w- c:\users\Kenyit\AppData\Roaming\Theta
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-28 11:23 . 2013-07-09 06:29 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-28 11:23 . 2013-07-09 06:29 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-02 06:54 . 2013-08-02 06:54 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-08-02 06:54 . 2013-08-02 06:54 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-07-29 08:46 . 2013-07-29 08:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-29 08:46 . 2013-07-09 06:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-10 17:05 . 2013-07-10 17:05 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-10 17:05 . 2013-07-10 17:05 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-10 17:05 . 2013-07-10 17:05 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-27 09:57 . 2013-07-26 12:55 172920 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"6ef"="c:\users\Kenyit\AppData\Roaming\78e57\6ef.js" [X]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-07-29 3624528]
"uTorrent"="c:\users\Kenyit\AppData\Roaming\uTorrent\uTorrent.exe" [2013-08-14 888152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"UIExec"="c:\program files (x86)\Celcom Broadband\UIExec.exe" [2010-07-23 138552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-08-14 1601488]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\users\Kenyit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
33b1.js [2013-9-1 37562]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-8-27 113664]
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2013-7-16 841216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 bmusbser;Network Connect USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\bmusbser.sys;c:\windows\SYSNATIVE\DRIVERS\bmusbser.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Celcom Broadband\AssistantServices.exe;c:\program files (x86)\Celcom Broadband\AssistantServices.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-30 01:34 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-01 15:27]
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-01 15:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-14 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-14 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-14 444400]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kenyit\AppData\Roaming\Mozilla\Firefox\Profiles\4phf8rjq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-07-09 14:28; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-07-29 17:56; py3j_oqut@ioyclv-.edu; c:\users\Kenyit\AppData\Roaming\Mozilla\Firefox\Profiles\4phf8rjq.default\extensions\py3j_oqut@ioyclv-.edu
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-DMC Devi May Cry © Capcom_is1 - d:\dmc devi may cry\unins000.exe
AddRemove-football manager 2012_is1 - d:\football manager 2012\unins000.exe
AddRemove-Pro Evolution Soccer 2013_is1 - d:\pro evolution soccer 2013\unins000.exe
AddRemove-SP_4e24eecb - c:\program files (x86)\WebSearch\uninstall.exe
AddRemove-SP_703c874a - c:\program files (x86)\SaveShare\uninstall.exe
AddRemove-{8B7IL77L-LKS1-AC3-BATAC-18CD6E6334R1}_is1 - d:\batman arkham city\uninstall\unins000.exe
AddRemove-{B810D852-DFD6-FIFA13-89A5-CC4D47756DAF}_is1 - d:\fifa 13\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Completion time: 2013-09-02  14:13:20 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-02 06:13
ComboFix2.txt  2013-09-02 05:55
ComboFix3.txt  2013-09-02 05:38
ComboFix4.txt  2013-09-01 11:48
ComboFix5.txt  2013-09-02 06:04
.
Pre-Run: 108,651,200,512 bytes free
Post-Run: 108,578,914,304 bytes free
.
- - End Of File - - F0398A1508694AA0D04BE5D9642281D4
A36C5E4F47E84449FF07ED3517B43A31
 
Link to post
Share on other sites

Hello kenyit! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.