[Dom Fontana]

Okay, I did the first part in Safe Mode, it said it was successful, and then I rebooted. My question is with TDSS Killer, should I cure it this time or skip it and just send you the log?

[Advertisements]

Hey, yesterday was my 2nd Anniversary of joining this Forum. haha.

Edited by Dom Fontana, 07 May 2011 - 04:35 AM.

[Dom Fontana]

Hey, yesterday was my 2nd Anniversary of joining this Forum. haha.

Edited by Dom Fontana, 07 May 2011 - 04:35 AM.

[Essexboy]

Or words to that effect

[Dom Fontana]

Thanks, but see my message above about TDSS Killer. It's right above my anniversary message.

[Essexboy]

OOps missed that - could you try a cure this time please

[Essexboy]

This was done via the repair my computer command prompt

[Dom Fontana]

Good news. I did the scan and it didn't find anything. I attached the log.

Attached Files

•  TDSSKiller.2.5.0.0_07.05.2011_06.48.13_log.txt   65.79KB   119 downloads

[Dom Fontana]

This was done via the repair my computer command prompt

Right, that is what I used.

[Essexboy]

OK we got there in the end I feel - this is the first time I have come across this double whammy where they use a whitelisted file to hide a second infection - sneaky buggers. But, now I know how they do it

OK lets do a sweep now with combofix one more time and on completion could you let me know what the resiidual problems are

If combofix asks to update please allow it to do so

[Dom Fontana]

Okay, here we go.

[Dom Fontana]

Okay, I ran ComboFix and here is the log. I updated it first.

Just one thing. Before the scan, it said it found AVG anti-virus running and told me to disable it. I had uninstalled that. I check the Processes and it was not running. I proceeded with the scan and it worked fine.

ComboFix 11-05-06.04 - Dominick J. Fontana 05/07/2011 7:19.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3518.2554 [GMT -4:00]
Running from: c:\users\Dominick J. Fontana\Desktop\Geeks To Go\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\test.txt
c:\users\Dominick J. Fontana\AppData\Roaming\7za.exe
c:\users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Cookies\index (1).dat
c:\users\Dominick J. Fontana\WINDOWS
c:\windows\7Loader.TAG
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-07 11:23 . 2011-05-07 11:23 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Local\temp
2011-05-07 11:17 . 2011-05-07 11:18 -------- d-----w- C:\32788R22FWJFW
2011-05-07 10:04 . 2011-05-07 10:04 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-05-07 09:04 . 2011-04-18 13:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4E8098F-5C4B-4AA5-A6FF-656C31907676}\mpengine.dll
2011-05-07 09:02 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2011-05-05 11:33 . 2011-05-05 11:33 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2011-05-04 04:29 . 2011-05-04 08:18 -------- d-----w- c:\users\Dominick J. Fontana\DoctorWeb
2011-05-01 14:40 . 2011-05-01 14:40 0 ---ha-w- c:\users\Dominick J. Fontana\AppData\Local\BIT5E35.tmp
2011-05-01 14:35 . 2011-05-01 14:35 0 ---ha-w- c:\users\Dominick J. Fontana\AppData\Local\BIT8077.tmp
2011-05-01 03:15 . 2011-05-01 03:15 -------- d-----w- C:\_OTL
2011-04-29 17:15 . 2011-04-29 17:15 -------- d-----w- c:\windows\Dream Chronicles 2 - The Eternal Maze
2011-04-28 11:40 . 2011-04-28 11:40 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\Malwarebytes
2011-04-28 11:40 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-28 11:40 . 2011-04-28 11:40 -------- d-----w- c:\programdata\Malwarebytes
2011-04-28 11:40 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-28 11:02 . 2011-04-28 11:02 0 ---ha-w- c:\users\Dominick J. Fontana\AppData\Local\BITE4A6.tmp
2011-04-28 11:00 . 2011-04-28 11:00 0 ---ha-w- c:\users\Dominick J. Fontana\AppData\Local\BIT141C.tmp
2011-04-28 10:09 . 2011-04-28 10:09 0 ---ha-w- c:\users\Dominick J. Fontana\AppData\Local\BIT1BD9.tmp
2011-04-28 09:26 . 2011-04-28 09:26 0 ---ha-w- c:\users\Dominick J. Fontana\AppData\Local\BITB07.tmp
2011-04-28 09:14 . 2011-04-28 09:14 0 ---ha-w- c:\users\Dominick J. Fontana\AppData\Local\BITFE99.tmp
2011-04-28 09:07 . 2011-04-28 09:07 0 ---ha-w- c:\users\Dominick J. Fontana\AppData\Local\BIT394F.tmp
2011-04-27 13:47 . 2011-04-27 13:47 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\ParetoLogic
2011-04-27 13:47 . 2011-04-27 13:47 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\DriverCure
2011-04-27 10:31 . 2011-04-27 10:31 0 ---ha-w- c:\users\Dominick J. Fontana\AppData\Local\BITE964.tmp
2011-04-26 16:49 . 2011-04-26 16:49 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\Zylom
2011-04-26 16:46 . 2011-04-26 16:46 -------- d-----w- c:\programdata\Zylom
2011-04-23 12:58 . 2011-04-23 12:58 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\Top Evidence
2011-04-23 12:58 . 2011-04-23 12:58 -------- d-----w- c:\programdata\Top Evidence
2011-04-22 16:45 . 2011-04-22 16:45 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\My Games
2011-04-19 16:52 . 2011-04-19 16:52 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\Ten Heavens
2011-04-19 16:28 . 2011-04-19 16:28 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\Gamers Digital
2011-04-19 16:28 . 2011-04-19 16:28 -------- d-----w- c:\programdata\Gamers Digital
2011-04-17 09:40 . 2011-04-17 09:40 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\Camel101
2011-04-17 09:40 . 2011-04-17 09:40 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\GarageGames
2011-04-16 12:35 . 2011-04-16 12:35 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\SunRay Games
2011-04-14 15:16 . 2011-04-14 15:16 -------- d-----w- c:\programdata\Particles
2011-04-14 15:16 . 2011-04-14 15:16 -------- d-----w- c:\programdata\Far Mills
2011-04-14 03:03 . 2011-03-08 05:28 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 03:03 . 2011-02-23 04:47 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 03:03 . 2011-02-23 04:47 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 03:03 . 2011-02-23 04:47 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 03:03 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-12 09:06 . 2011-04-12 09:46 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\Awem
2011-04-12 08:58 . 2011-04-12 08:58 -------- d-----w- c:\windows\Letters from Nowhere
2011-04-09 22:55 . 2011-04-09 22:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 22:55 . 2011-04-09 22:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-09 03:02 . 2011-04-09 03:02 391168 ----a-w- c:\windows\system32\itpcoin815.dll
2011-04-08 17:10 . 2011-04-12 03:41 -------- d-----w- c:\programdata\AlawarWrapper
2011-04-08 17:10 . 2011-04-08 17:13 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\TOMI2.THE GATES OF FATE
2011-04-07 15:32 . 2011-04-07 15:32 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\TOMI3
2011-04-07 13:16 . 2011-04-07 13:16 -------- d-----w- c:\programdata\Avanquest Software Publishing Ltd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 10:47 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-19 06:30 . 2011-03-09 03:15 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-09 03:15 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-09 03:15 739840 ----a-w- c:\windows\system32\d2d1.dll
2010-10-05 21:47 . 2010-09-30 00:17 129024 ----a-w- c:\program files\Common Files\Uninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2dd743b5-84e6-490c-aa4c-6cfb6aa1c6ae}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="d:\programs\Daemon Tools Pro\DTAgent.exe" [2011-01-13 840000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
"LWBMOUSE"="c:\program files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE" [2001-11-09 356352]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"PWRISOVM.EXE"="d:\programs\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-28 606208]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
.
R0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
R2 IS360service;IS360service;d:\programs\Advanced SystemCare 3\360 Security\IS360srv.exe [x]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2009-12-22 2560]
R3 CGY012;CW-E60 Device;c:\windows\system32\Drivers\CGY012.sys [2007-02-20 20352]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-02-26 9728]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-02-26 3072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-08 1343400]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-28 218688]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 AdvancedSystemCareService;Advanced SystemCare Service;d:\programs\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\MRVW24B.sys [2008-03-19 310016]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AVGIDSDriver
*Deregistered* - AVGIDSEH
*Deregistered* - AVGIDSFilter
*Deregistered* - AVGIDSShim
*Deregistered* - Avgrkx86
*Deregistered* - Avgtdix
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 01:15]
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 01:15]
.
2011-05-01 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 17:25]
.
2011-05-07 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 17:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc12.mail.yahoo.com/mc/welcome?&.rand=670815260#_pg=showFolder;_ylc=X3oDMTBuYmRsbDMwBF9TAzM5ODMwMTAxNARhYwNjaGtNYWls&&.rand=1264856329&order=up&pSize=10&tt=14&.jsrand=4525738
IE: Scan link by Dr.Web - http://www.drweb.com...-online-en.html
IE: {{55058DA0-D957-449D-8E5C-BFBA08E46B3F} - d:\programs\Fresh Devices\FreshDownload\fd.exe
FF - ProfilePath - c:\users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://us.mc1108.mail.yahoo.com/mc/welcome?&.rand=587317658
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - d:\programs\Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programs\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - d:\programs\Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Disk Heal - l:\disk heal\Disk Heal v1.48R\Uninstall Disk Heal.exe
AddRemove-The Longest Journey - c:\windows\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-07 07:25:13
ComboFix-quarantined-files.txt 2011-05-07 11:25
.
Pre-Run: 7,857,623,040 bytes free
Post-Run: 7,810,727,936 bytes free
.
- - End Of File - - 25C24C3024A4EA6EE3B6FF9217C0CDA5

Attached Files

•  ComboFix.txt   17.27KB   143 downloads

[Essexboy]

How is the computer behaving now now ?

Any problem no matter how small

[Dom Fontana]

Great news! While I was waiting to hear from you, I rebooted the computer and it rebooted fine. Then I powered down and it shut down perfectly. I haven't been able to do that for over a week. Also, my Internet connection is good again. This is great!

[Dom Fontana]

So far, so good, but don't close the thread yet. Let me use it today and then I'll let you know if everything is okay. I want to see if I get anymore Walmart pop-ups.

Also, I imagine when we're all done, that I will reinstall AVG Anti-Virus, right?

Edited by Dom Fontana, 07 May 2011 - 05:46 AM.

[Essexboy]

No problem of that happening yet - I will close only when you are happy and I have removed my tools and tidied up

A quick sweep for orphans and then could you do some general surfing and searching, run your normal programmes and see what appertains

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.