infected by autorun.inf virus

[kenyit]

i got infected by an autorun virus a few days ago. All the folders in my external drives became shortcuts. After trying to remove it using pretty much every method that can be found using google, the virus keeps coming back. Finally a friend introduced me to ComboFix and after running it the virus seems to have been gone from my computer. However there are Recycle.Bin folders left around and I need help to make sure if my computer is clean

 

Here is the log from Combo fix

 

ComboFix 13-09-01.02 - Kenyit 09/02/2013  14:05:47.6.4 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3983.2766 [GMT 8:00]

Running from: c:\users\Kenyit\Desktop\abah.exe.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\abah.exe

c:\abah.exe\NIRKMD.3XE

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-02 to 2013-09-02  )))))))))))))))))))))))))))))))

.

.

2013-09-02 06:10 . 2013-09-02 06:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-09-02 06:10 . 2013-09-02 06:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-01 10:00 . 2013-09-01 10:10 37562 ----a-w- c:\users\Kenyit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\33b1.js

2013-09-01 09:40 . 2013-09-01 09:59 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-08-31 16:04 . 2013-08-31 16:04 -------- d-----w- c:\users\Kenyit\AppData\Roaming\Malwarebytes

2013-08-31 16:04 . 2013-08-31 16:04 -------- d-----w- c:\programdata\Malwarebytes

2013-08-31 16:04 . 2013-08-31 16:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-08-31 16:04 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-30 14:53 . 2013-08-30 14:54 657209 ----a-w- c:\windows\Condition Zero Uninstaller.exe

2013-08-30 14:53 . 2013-08-30 14:53 -------- d-----w- C:\Valve

2013-08-29 15:54 . 2013-08-29 15:56 -------- d-----w- c:\users\Kenyit\AppData\Roaming\redsn0w

2013-08-29 12:48 . 2013-08-29 12:48 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-08-29 12:48 . 2013-08-29 12:48 -------- d-----w- c:\program files\iTunes

2013-08-29 12:48 . 2013-08-29 12:48 -------- d-----w- c:\program files (x86)\iTunes

2013-08-29 12:48 . 2013-08-29 12:48 -------- d-----w- c:\program files\iPod

2013-08-28 11:22 . 2013-08-28 11:23 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-08-28 11:22 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-08-28 11:22 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-08-28 07:43 . 2013-08-28 07:43 -------- d-----w- C:\794

2013-08-28 07:43 . 2013-08-28 07:43 -------- d-sh--w- c:\users\Kenyit\AppData\Roaming\78e57

2013-08-27 17:54 . 2013-08-27 17:54 -------- d-----w- c:\program files (x86)\FreeTime

2013-08-27 16:46 . 2013-08-27 16:46 -------- d-----w- c:\users\Kenyit\AppData\Roaming\Corel

2013-08-27 16:40 . 2013-08-27 16:40 -------- d-----w- c:\programdata\InterVideo

2013-08-27 16:39 . 2013-08-27 16:39 -------- d-----w- c:\program files (x86)\Common Files\Protexis

2013-08-27 16:39 . 2013-08-27 16:39 -------- d-----w- c:\programdata\Corel

2013-08-27 16:37 . 2013-08-27 16:37 -------- d-----w- c:\program files (x86)\Corel

2013-08-27 13:26 . 1998-10-29 08:45 306688 ----a-w- c:\windows\IsUninst.exe

2013-08-27 13:00 . 2013-08-27 13:00 -------- d-----w- c:\users\Kenyit\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2013-08-27 13:00 . 2013-08-27 13:00 -------- d-----w- c:\program files (x86)\Adobe Download Assistant

2013-08-27 13:00 . 2013-08-27 13:00 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2013-08-26 14:14 . 2013-09-01 09:30 -------- d-----w- c:\program files\Recuva

2013-08-04 05:25 . 2013-08-04 05:25 -------- d-----w- c:\users\Kenyit\AppData\Local\ElevatedDiagnostics

2013-08-03 14:20 . 2013-08-03 15:14 -------- d-----w- c:\users\Kenyit\AppData\Local\Ubisoft Game Launcher

2013-08-03 09:30 . 2013-08-03 09:30 -------- d-----w- c:\users\Kenyit\AppData\Roaming\Theta

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-28 11:23 . 2013-07-09 06:29 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-08-28 11:23 . 2013-07-09 06:29 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-02 06:54 . 2013-08-02 06:54 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-08-02 06:54 . 2013-08-02 06:54 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-07-29 08:46 . 2013-07-29 08:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-29 08:46 . 2013-07-09 06:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-10 17:05 . 2013-07-10 17:05 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-07-10 17:05 . 2013-07-10 17:05 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-07-10 17:05 . 2013-07-10 17:05 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-06-27 09:57 . 2013-07-26 12:55 172920 ----a-w- c:\windows\system32\drivers\idmwfp.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"6ef"="c:\users\Kenyit\AppData\Roaming\78e57\6ef.js" [X]

"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-07-29 3624528]

"uTorrent"="c:\users\Kenyit\AppData\Roaming\uTorrent\uTorrent.exe" [2013-08-14 888152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]

"UIExec"="c:\program files (x86)\Celcom Broadband\UIExec.exe" [2010-07-23 138552]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]

"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-08-14 1601488]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]

"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]

.

c:\users\Kenyit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

33b1.js [2013-9-1 37562]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-8-27 113664]

TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2013-7-16 841216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 bmusbser;Network Connect USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\bmusbser.sys;c:\windows\SYSNATIVE\DRIVERS\bmusbser.sys [x]

R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Celcom Broadband\AssistantServices.exe;c:\program files (x86)\Celcom Broadband\AssistantServices.exe [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-30 01:34 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-01 15:27]

.

2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-01 15:27]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-14 165872]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-14 407536]

"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-14 444400]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Kenyit\AppData\Roaming\Mozilla\Firefox\Profiles\4phf8rjq.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - ExtSQL: 2013-07-09 14:28; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2013-07-29 17:56; py3j_oqut@ioyclv-.edu; c:\users\Kenyit\AppData\Roaming\Mozilla\Firefox\Profiles\4phf8rjq.default\extensions\py3j_oqut@ioyclv-.edu

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-DMC Devi May Cry © Capcom_is1 - d:\dmc devi may cry\unins000.exe

AddRemove-football manager 2012_is1 - d:\football manager 2012\unins000.exe

AddRemove-Pro Evolution Soccer 2013_is1 - d:\pro evolution soccer 2013\unins000.exe

AddRemove-SP_4e24eecb - c:\program files (x86)\WebSearch\uninstall.exe

AddRemove-SP_703c874a - c:\program files (x86)\SaveShare\uninstall.exe

AddRemove-{8B7IL77L-LKS1-AC3-BATAC-18CD6E6334R1}_is1 - d:\batman arkham city\uninstall\unins000.exe

AddRemove-{B810D852-DFD6-FIFA13-89A5-CC4D47756DAF}_is1 - d:\fifa 13\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

.

**************************************************************************

.

Completion time: 2013-09-02  14:13:20 - machine was rebooted

ComboFix-quarantined-files.txt  2013-09-02 06:13

ComboFix2.txt  2013-09-02 05:55

ComboFix3.txt  2013-09-02 05:38

ComboFix4.txt  2013-09-01 11:48

ComboFix5.txt  2013-09-02 06:04

.

Pre-Run: 108,651,200,512 bytes free

Post-Run: 108,578,914,304 bytes free

.

- - End Of File - - F0398A1508694AA0D04BE5D9642281D4

A36C5E4F47E84449FF07ED3517B43A31

 

[Maniac]

Hello kenyit! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!