Win64:Dropper-Gen[Drp]

[phanta5]

I tried opening Windows Explorer and got this error:

C:\\Windows\explorer.exe

Operation did not complete successfully because the file contains a virus

So I did a scan with Avast and the results showed:

File name:C:\\Windows\explorer.exe                             Severity: High                    Status: Threat:Win64:Dropper-Gen[Drp]

The recommmended action was move to chest but i got an error: specified file is read only (6009)

No idea what to do at this point, so looking for help. Thanks.

[essexboy]

Hi there, I will go right in with the big boy first

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[phanta5]

My computer seems to be running fine; I am now able to open Windows Explorer.

ComboFix 14-03-05.01 - Jason 03/07/2014  10:16:41.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3959.2193 [GMT -5:00]
Running from: c:\users\Jason\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20130724.txt
C:\END
c:\users\Jason\AppData\Local\assembly\tmp
c:\users\Jason\videos\Start Button.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-07 to 2014-03-07  )))))))))))))))))))))))))))))))
.
.
2014-03-07 15:27 . 2014-03-07 15:27   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-03-07 14:41 . 2014-03-07 14:41   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACA96C98-71CD-4C1A-A292-844AFC899BF2}\offreg.dll
2014-03-07 07:26 . 2014-02-06 09:01   10536864   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACA96C98-71CD-4C1A-A292-844AFC899BF2}\mpengine.dll
2014-03-02 19:06 . 2014-03-02 19:06   --------   d-----w-   c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-02 19:06 . 2014-03-02 19:06   --------   d-----w-   c:\program files\iTunes
2014-03-02 19:06 . 2014-03-02 19:06   --------   d-----w-   c:\program files (x86)\iTunes
2014-03-02 19:06 . 2014-03-02 19:06   --------   d-----w-   c:\program files\iPod
2014-02-26 06:34 . 2014-02-26 06:34   --------   d-----w-   c:\windows\Migration
2014-02-14 18:02 . 2014-02-14 18:02   --------   d-----w-   c:\program files (x86)\Pokemon Showdown
2014-02-12 20:43 . 2013-12-21 09:53   548864   ----a-w-   c:\windows\system32\vbscript.dll
2014-02-12 20:43 . 2013-12-21 08:56   454656   ----a-w-   c:\windows\SysWow64\vbscript.dll
2014-02-12 17:53 . 2013-12-06 02:30   2048   ----a-w-   c:\windows\system32\msxml3r.dll
2014-02-12 17:52 . 2013-12-24 23:09   1987584   ----a-w-   c:\windows\SysWow64\d3d10warp.dll
2014-02-12 17:52 . 2013-12-24 22:48   2565120   ----a-w-   c:\windows\system32\d3d10warp.dll
2014-02-12 17:52 . 2013-11-22 22:48   3928064   ----a-w-   c:\windows\system32\d2d1.dll
2014-02-12 17:52 . 2013-11-26 08:16   3419136   ----a-w-   c:\windows\SysWow64\d2d1.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 04:19 . 2012-03-29 05:49   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-21 04:19 . 2011-05-17 11:46   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-15 22:55 . 2011-01-03 22:13   88567024   ----a-w-   c:\windows\system32\MRT.exe
2013-12-18 11:13 . 2010-12-26 19:38   270496   ------w-   c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Jason\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"F.lux"="c:\users\Jason\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1013128]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-02-28 4767304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[phanta5]

.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe

R2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys

R2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys

R3 aswVmm;aswVmm;

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys

R3 dump_wmimmc;dump_wmimmc;c:\ignitedgames\WindSlayer2\GameGuard\dump_wmimmc.sys;c:\ignitedgames\WindSlayer2\GameGuard\dump_wmimmc.sys

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys

R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys

R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys;c:\windows\SYSNATIVE\DRIVERS\motport.sys

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys

R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys

R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des

R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys;c:\windows\SYSNATIVE\Drivers\pssdk42.sys

R3 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys;c:\windows\SYSNATIVE\Drivers\pssdklbf.sys

R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys;c:\aeriagames\EdenEternal\sjcs64.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

R3 uqk;uqk;c:\koramgame\STOnline\avital\wyqku64.sys;c:\koramgame\STOnline\avital\wyqku64.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys

R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys;c:\aeriagames\EdenEternal\avital\ussjcs64.sys

R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys;c:\windows\SYSNATIVE\Drivers\VMUVC.sys

R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys;c:\windows\SYSNATIVE\drivers\vvftUVC.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys

R3 X6va003;X6va003;c:\users\Jason\AppData\Local\Temp\003FCB6.tmp;c:\users\Jason\AppData\Local\Temp\003FCB6.tmp

R3 X6va005;X6va005;c:\users\Jason\AppData\Local\Temp\00530FF.tmp;c:\users\Jason\AppData\Local\Temp\00530FF.tmp

R3 X6va006;X6va006;c:\users\Jason\AppData\Local\Temp\006C49D.tmp;c:\users\Jason\AppData\Local\Temp\006C49D.tmp

R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009

R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012

R3 X6va013;X6va013;c:\windows\SysWOW64\Drivers\X6va013;c:\windows\SysWOW64\Drivers\X6va013

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe

S0 aswRvrt;aswRvrt;

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys

S1 aswSnx;aswSnx;

S1 aswSP;aswSP;

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys

S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe

S2 aswFsBlk;aswFsBlk;

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys

S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe;c:\program files\Broadcom\BPowMon\BPowMon.exe

S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys

S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 38054838
*NewlyCreated* - 49052150
*Deregistered* - 38054838
*Deregistered* - 49052150
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 04:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-02-28 08:35   133840   ----a-w-   c:\program files\Alwil Software\Avast5\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=CA&userid=ce917bfa-2d26-d2b1-b4f3-bd2e4720613a&searchtype=hp&installDate=19/10/2013
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;192.168.*.*;<local>;*.local
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=CA&userid=ce917bfa-2d26-d2b1-b4f3-bd2e4720613a&searchtype=ds&q={searchTerms}&installDate=19/10/2013
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{1A760F14-656D-40EA-B5DC-06D0D10AB9E0}: NameServer = 192.168.0.1,192.168.2.1
FF - ProfilePath - c:\users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\z2o2e9yv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.soft-quick.info/?l=1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.ca/
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=CA&userid=ce917bfa-2d26-d2b1-b4f3-bd2e4720613a&searchtype=ds&installDate=19/10/2013&q=
.

[phanta5]

- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-LoL Summoner Information - c:\program files (x86)\LSI\LoLSummonerInfo.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Jason\AppData\Local\Temp\003FCB6.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Jason\AppData\Local\Temp\00530FF.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Jason\AppData\Local\Temp\006C49D.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va013]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va013"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-07  10:31:25
ComboFix-quarantined-files.txt  2014-03-07 15:31
.
Pre-Run: 144,267,874,304 bytes free
Post-Run: 144,275,374,080 bytes free
.
- - End Of File - - F851C2A704D7777FECF3680DDFC212AF

[essexboy]

You can attach the log, it will make it easier
 

[essexboy]

OK looking at that I will need to run OTL and AdwCleaner to clear some ad ware

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

THEN

Download OTL  to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

• Select All Users
  
• Select LOP and Purity
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Attach  both logs

[phanta5]

After the reboot following the AdwCleaner scan I have had trouble connecting to the internet; not sure if this is related.
I am replying from another computer using a wireless connection but am unable to connect using my computer directly connected to the router.

The log is attached, should i go ahead and run the OTL scan as well?

[essexboy]

Reboot the computer and if you are still unable to connect then run this small OTL fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:Files
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
netsh winsock reset /c
netsh advfirewall reset /c

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[phanta5]

Unfortunately, I am still unable to connect even after the fix.

Attached are the logs of the fix and the quick scan, respectively.

[wowmuchdoge]

I am also having this problem, and this only started occurring today. I have a feeling it's a false positive from Avast's latest virus definition update. Here is the file on virustotal https://www.virustotal.com/en/file/c1a580448bc33d89399370c506661a46416ed983a3e5a5433affb1db5e28940f/analysis/1394214390/

[essexboy]

When you try to get online what error does windows give you

Download and run the trendmicro uninstaller from here http://esupport.trendmicro.com/solution/en-us/1037161.aspx

[essexboy]

I am also having this problem, and this only started occurring today. I have a feeling it's a false positive from Avast's latest virus definition update. Here is the file on virustotal https://www.virustotal.com/en/file/c1a580448bc33d89399370c506661a46416ed983a3e5a5433affb1db5e28940f/analysis/1394214390/

If it is a false positive, then I am not getting it

[wowmuchdoge]

If it is a false positive, then I am not getting it

I'm running a 64bit version of Windows 7 Ultimate. Virus definition 140307-0
EDIT: well it (the explorer.exe I have) probably doesn't actually depend on what version of windows 7 (other than 32/64bit) I'm running does it? Hmm...

[phanta5]

When I open my browser I get: Server not found

The network and sharing centre says: Unidentified network, no internet access

I ran the trendmicro uninstaller but that did not fix the problem.