Jump to content

Wilty

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello, For the past two weeks I have been reading extensively on how to get rid of whatever I have on my computer. Unfortunately I downloaded something that cause my computer to go nuts. At first I wasn't able to perform any task besides ctrl. alt. del. My computer wouldn't let me run Malwarebytes, or any antivirus software. Finally I was able to run ComboFix and I think it deleted some unnecessary files and from there was able to run Malwarebytes. The scan quarantined and deleted some files but upon restarting my computer the desktop icons and other things were still missing. All my tasks have to be run through task manager and files like explorer.exe and control panel are unaccessible which makes me believe I am still infected. I have run into a point where I don't know what else I can do and am hoping someone has some advice for a solution. Here is a record of a HiJackThis logfile I just ran, hopefully it will be of some assistance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:20:27 PM, on 10/30/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\sndvol32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1 O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1030024 -iexplore.exe8.0 O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM') O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: The Gaming Club Poker - {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - C:\Program Files\gamingclubMPP\MPPoker.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=https://resnet.baylor.edu O14 - IERESET.INF: MS_START_PAGE_URL=https://resnet.baylor.edu O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/Ligh...loadControl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1256247913828 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1256247887875 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - C:\Program Files\Symantec AntiVirus\DefWatch.exe (file missing) O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - Unknown owner - C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Unknown owner - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (file missing) O23 - Service: WLANKEEPER - Intel
  2. Problem: My computer is infected with some malware or virus. I really don't know. It had disabled everything except for my background and mouse cursor. I can ctrl, alt, del and run programs through that. No explorer.exe, etc...IE works, and initially I wasn't able to run mbam (until I changed the file name) avast, or adaware, only avira worked. Steps Taken: I have read extensively and done all the necessary procedures through this website as well as others and still have had no luck with a fix. 1. Computer infected- Ran adaware, icons still present. 2. Restarted computer due to blue screen, everything was gone. 3. Found out to ctrl. alt. del., wasn't able to dl mbam.exe 4. Dl'ed combofix, ran that appropriately (two times, etc..). Still no icons. (log pasted below) 5. Mbam.exe now worked, ran it quick. Found some infections/viruses (whatever the hell it does) Still no icons. 6. Dl'ed superantispyware, found more crap. Restarted. Still no icons. 7. Dl'ed service pack 3. (couldn't find explorer.exe and a couple other files), restarted. Nothing. 8. Dl'ed Microsoft's Repair Tool. Nada. 9. Ran Full scan of Mbam, 1 infection. restarted. nothing. 10. Put gun to computer. Seriously, what's going on here? Below are combofix log and first working mbam scan log Combofix log: ComboFix 09-10-25.02 - William Seimetz 10/25/2009 23:24.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1271.905 [GMT -5:00] Running from: c:\documents and settings\William Seimetz\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\LocalService\Application Data\NetMon c:\program files\akl c:\program files\akl\akl.dll c:\program files\akl\akl.exe c:\program files\akl\uninstall.exe c:\program files\akl\unsetup.exe c:\program files\Common Files\ymante~1 c:\program files\curity~1 c:\program files\Inet Delivery c:\program files\Inet Delivery\inetdl.exe c:\program files\Inet Delivery\intdel.exe c:\windows\a.bat c:\windows\base64.tmp c:\windows\bdn.com c:\windows\FVProtect.exe c:\windows\iTunesMusic.exe c:\windows\msa.exe c:\windows\mslagent c:\windows\mslagent\2_mslagent.dll c:\windows\mslagent\mslagent.exe c:\windows\mslagent\uninstall.exe c:\windows\mssecu.exe c:\windows\system32\akttzn.exe c:\windows\system32\anticipator.dll c:\windows\system32\awtoolb.dll c:\windows\system32\bdn.com c:\windows\system32\bsva-egihsg52.exe c:\windows\system32\dpcproxy.exe c:\windows\system32\emesx.dll c:\windows\system32\FTPx.dll c:\windows\system32\hoproxy.dll c:\windows\system32\hxiwlgpm.dat c:\windows\system32\hxiwlgpm.exe c:\windows\system32\MabryObj.dll c:\windows\system32\MCGea0Ew.exe.a_a c:\windows\system32\medup012.dll c:\windows\system32\medup020.dll c:\windows\system32\msgp.exe c:\windows\system32\msnbho.dll c:\windows\system32\mssecu.exe c:\windows\system32\msvchost.exe c:\windows\system32\mtr2.exe c:\windows\system32\mwin32.exe c:\windows\system32\netode.exe c:\windows\system32\newsd32.exe c:\windows\system32\ps1.exe c:\windows\system32\psof1.exe c:\windows\system32\psoft1.exe c:\windows\system32\regc64.dll c:\windows\system32\regm64.dll c:\windows\system32\Rundl1.exe c:\windows\system32\smp c:\windows\system32\smp\msrc.exe c:\windows\system32\sncntr.exe c:\windows\system32\ssembl~1 c:\windows\system32\ssurf022.dll c:\windows\system32\ssvchost.com c:\windows\system32\ssvchost.exe c:\windows\system32\sysreq.exe c:\windows\system32\taack.dat c:\windows\system32\taack.exe c:\windows\system32\temp#01.exe c:\windows\system32\thun.dll c:\windows\system32\thun32.dll c:\windows\system32\VBIEWER.OCX c:\windows\system32\vbsys2.dll c:\windows\system32\vcatchpi.dll c:\windows\system32\winlogonpc.exe c:\windows\system32\winsystem.exe c:\windows\system32\WINWGPX.EXE c:\windows\tsks~1 c:\windows\userconfig9x.dll c:\windows\V2lsbGlhbSBTZWltZXR6 c:\windows\winsystem.exe c:\windows\zip1.tmp c:\windows\zip2.tmp c:\windows\zip3.tmp c:\windows\zipped.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_NETWORK_MONITOR -------\Legacy_NWCWORKSTATION -------\Legacy_SYSREST.SYS -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Service_cmdService -------\Service_NWCWorkstation ((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 ))))))))))))))))))))))))))))))) . 2009-10-26 03:52 . 2009-10-26 03:52 -------- d-----w- C:\explorer.exe10937e 2009-10-26 03:25 . 2009-10-26 03:26 -------- d-----w- C:\explorer.exe29581e 2009-10-26 03:19 . 2009-10-26 03:47 -------- d-----w- C:\explorer.exe23379e 2009-10-26 03:09 . 2009-10-26 03:09 -------- d-----w- C:\explorer.exe 2009-10-26 02:49 . 2009-10-26 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-26 02:37 . 2009-10-26 02:41 -------- d-----w- c:\program files\will seimetz 2009-10-23 06:48 . 2009-10-23 06:48 -------- d-----w- c:\documents and settings\William Seimetz\Application Data\Malwarebytes 2009-10-23 06:48 . 2009-10-23 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-23 06:03 . 2009-10-23 06:03 -------- d-sh--w- c:\documents and settings\William Seimetz\PrivacIE 2009-10-23 06:01 . 2009-10-23 06:01 -------- d-sh--w- c:\documents and settings\William Seimetz\IETldCache 2009-10-23 05:46 . 2009-10-23 05:49 -------- dc-h--w- c:\windows\ie8 2009-10-22 23:01 . 2009-10-22 23:01 -------- d-----w- c:\windows\system32\KB905474 2009-10-22 23:01 . 2009-03-11 03:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe 2009-10-22 23:01 . 2009-03-11 03:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe 2009-10-22 21:53 . 2009-10-22 22:05 -------- d-----w- c:\windows\system32\CatRoot_bak 2009-10-21 15:29 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-21 15:29 . 2009-10-21 15:29 -------- d-----w- c:\program files\Avira 2009-10-21 09:19 . 2009-10-21 09:19 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-21 08:12 . 2009-10-26 02:46 0 ----a-r- c:\windows\win32k.sys 2009-10-19 05:09 . 2009-10-19 05:09 -------- d-----w- c:\documents and settings\William Seimetz\.jnlp-applet 2009-10-07 22:03 . 2009-10-07 22:03 -------- d-----w- C:\users 2009-10-05 20:40 . 2009-10-05 20:41 -------- d-----w- c:\documents and settings\William Seimetz\Application Data\ooVoo Details . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-26 02:25 . 2007-03-26 19:07 -------- d-----w- c:\program files\Lavasoft 2009-10-23 05:57 . 2008-08-11 11:59 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-22 06:43 . 2009-02-09 23:09 -------- d-----w- c:\program files\Windows Media Connect 2 2009-10-22 06:43 . 2005-08-18 18:28 -------- d-----w- c:\program files\Resnet Configuration Utility 2009-10-22 06:43 . 2007-12-12 04:16 -------- d-----w- c:\program files\PE 2009-10-22 06:43 . 2009-01-12 07:39 -------- d-----w- c:\program files\Palm 2009-10-22 06:43 . 2005-04-15 21:01 -------- d-----w- c:\program files\NetWaiting 2009-10-22 06:43 . 2008-07-18 09:52 -------- d-----w- c:\program files\LimeWire 2009-10-22 06:43 . 2005-04-15 21:01 -------- d-----w- c:\program files\Modem Helper 2009-10-22 06:43 . 2006-09-11 06:17 -------- d-----w- c:\program files\Library 2009-10-22 06:43 . 2007-12-14 15:16 -------- d-----w- c:\program files\DivX 2009-10-22 06:43 . 2005-04-15 20:40 -------- d-----w- c:\program files\Apoint 2009-10-21 09:38 . 2008-07-18 09:53 -------- d-----w- c:\documents and settings\William Seimetz\Application Data\LimeWire 2009-10-06 03:03 . 2007-10-17 20:15 -------- d-----w- c:\program files\Full Tilt Poker 2009-10-06 03:03 . 2005-04-15 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-06 03:00 . 2008-12-03 17:53 -------- d-----w- c:\program files\Google 2009-10-05 21:04 . 2009-10-05 21:04 -------- d-----w- c:\program files\DV Series 2009-09-21 20:29 . 2009-09-21 20:29 -------- d-----w- c:\program files\Siber Systems 2009-09-21 13:50 . 2009-09-16 08:21 -------- d-----w- c:\program files\GRETECH 2009-09-15 00:05 . 2005-07-25 07:15 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-14 22:06 . 2008-12-11 20:10 5 -c--a-w- c:\windows\sbacknt.bin 2009-08-14 22:04 . 2008-12-11 20:06 152904 -c--a-w- c:\windows\system32\vghd.scr 2009-08-07 06:42 . 2008-09-29 09:30 1053056 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys 2006-10-01 17:23 . 2006-10-01 17:23 28672 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2006-10-01 17:23 . 2006-10-01 17:23 86016 -c--a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2006-10-01 17:23 . 2006-10-01 17:23 90112 -c--a-w- c:\program files\mozilla firefox\plugins\mwmcli.dll 2007-01-07 10:36 . 2007-01-07 10:35 80 -csh--r- c:\windows\SYSTEM32\B4716037E4.dll . ------- Sigcheck ------- [-] 2009-10-22 22:50 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe [7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 10:23 . !HASH: COULD NOT OPEN FILE !!!!! . 1033216 . . [------] . . c:\windows\explorer.exe [7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe [7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SYSTEM32\DLLCACHE\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-19 50528] "dlmMgr"="c:\program files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" [2004-11-13 414208] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-09-21 160592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-02-07 606208] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-31 148888] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451] c:\documents and settings\William Seimetz\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-6-22 139776] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-4-15 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "Midi1"=usbmn2x2.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GhostSurf proxy.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GhostSurf proxy.lnk backup=c:\windows\pss\GhostSurf proxy.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpyCatcher Protector.lnk backup=c:\windows\pss\SpyCatcher Protector.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^William Seimetz^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\William Seimetz\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^William Seimetz^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\William Seimetz\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "UpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 S2 Ca533av;DV Series Video Capture;c:\windows\SYSTEM32\DRIVERS\Ca533av.sys [10/5/2009 4:04 PM 515803] S3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\SYSTEM32\DRIVERS\usb22ldr.sys [7/10/2008 11:15 AM 20936] S3 USBCamera;DV Series Digital Camera;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [10/5/2009 4:04 PM 10984] S3 USBMN2X2;M-Audio USB MidiSport 2x2;c:\windows\system32\drivers\usbmn2x2.sys --> c:\windows\system32\drivers\usbmn2x2.sys [?] --- Other Services/Drivers In Memory --- *Deregistered* - avgio *Deregistered* - avipbb *Deregistered* - mbr *Deregistered* - ssmdrv . Contents of the 'Scheduled Tasks' folder 2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34] 2009-10-22 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-10-22 03:18] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local>;*.local uInternet Settings,ProxyServer = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: {{A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - c:\program files\gamingclubMPP\MPPoker.exe FF - ProfilePath - c:\documents and settings\William Seimetz\Application Data\Mozilla\Firefox\Profiles\05i12wy5.default\ FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll . - - - - ORPHANS REMOVED - - - - BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file) HKLM-Run-GhostSurf Reminder - (no file) HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe HKU-Default-Run-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe HKU-Default-RunOnce-WUAppSetup - c:\program files\Common Files\logishrd\WUApp32.exe HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9f.exe AddRemove-Dasher - c:\program files\Internet Chess Club\Dasher\Dasher-uninstall.exe AddRemove-MP3 Converter Simple - c:\progra~1\MP3CON~1\UNWISE.EXE AddRemove-rgcAudio Triangle II DXi2 Synthesizer_is1 - c:\program files\Cakewalk\Shared Dxi\Triangle II\unins000.exe AddRemove-Sound'Em 1.0 - c:\program files\DV Series\UNWISE.EXE AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-25 23:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2401662498-2851472548-1797065733-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG08.00.00.01WORKSTATION"="8155418F5292C0A72437466580DDA81263CCA31AE8C5F3067B461EF9D9CACB6C8AC0F5EF103 85AB2EEA5DB25E09850D0BC51756B768FEB1BBD8A7C7C18721C69054ED88186BFAB8714E3E0F4645 B 857E08C61C4C35A07B28DE6098F35F41AA114C91569D5078E6AD1808B55BA189BB6091E6858ED291 F 64F9545951F17254C841DEC600EADC401E3E0F93B504E1C29728A43A4F51F8FF6E97C8D962F47201 C 181C1A6B13809C351B3BFAD93D461E486288BC733C11DAD6000FE1C4CA9FC8F454CCA5F3DECF8A80 F 9D519F9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127 B ECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6171C11EC38DE3DBA7FD86916 4 D679429FCE15A5DB1EA6EB40BF75B025FCBD303BBB82F0AE17E62DBD57016480ABA777D8E30CDA23 F 80752A6141C383A5287B02FE6050A54F51A82F44D3099CFE98F3E7C8499845FC209431F284B67475 6 7F586A9651BF86D76BDBC0AB019F7C4D4654532B8B009C84E5EB59FC6C9AFD69447291460E7A00F1 D 38E815D47ED014E190E7F3224F6064E5E696E71ED7C9340D76F539FD4F6B66472E8A7DA1B4558B09 B E965D3B71F57611C826F4367F875D828E6DBA7DB1598DCCBA71790DFCE12BE6BA0BDE4FD6230952A 0 2C10CDA1E006F91C02D93534237FD67EDDE79FDB0C5AE8D6F28E3B85FA0CFD916329B9E58444CF33 9 C800B3A329EE59D83C875189A6053E6EFA7724742CFBCBF7A535FB55595AE6A9ABAFC72A6ADCBBE0 D 40423E886B3F449806FAA8EF8B8A5695C3BABEE5D71ADC49B69A4A51D52F0E1619C99E070E974AF7 2 DEEFA31DA3982CA57DBF202CEE6A76E4A09F3B8A20A3AB13F654DF73B1C5B89C17D52663A6EF4A40 C 650AA5A1406FC26C7E681985AD78E2C381A273CDE05BC18F668AA48D2064A3050FFC845CA2597038 C 8E2DE52BAFEA3DA22BAC5844E32058382BEB31A1E0AB809A20A81ED619098EE48E0ADC1A88A615ED 9 F56DFE1FCD2FAEBACF100B08A34D0302B3B82AA0C3CE747126DC6FC2DAFA4A53F79D42621E8CC78E E 36BEE5172BB819DBF75C759A51CCF4C3B75DC2732C7C0CB28BF397D97DFA80FE2A8B644BC52397DB 8 BA635C6D7B2DF4E8B66EC8D9900514B5ED30A8335FCEE2FC62BAFDCBD3FDBE6D3D7AC954DCDC9A41 9 26BED9C1282128C7759EC6DB3DC451FE2346E6DF7CC8FED66F1179A24520315B080324A7C433DE4D F C92DC67C1882812C42DAF36A453291D4910E81AAA5867B6ABF04B5757A2534DF7A9BC4CB6AFE1CF1 6 6DAB3C8A77FF359034DD0BB141151CE1B263896FAE937E149BFEF27E1AE2D1E08DC87A65D6170F85 7 C5D1967AA2B4A0ECAFACEBBF416E0777F55408B11EB3CA70A0CB0C6F58ABEE813DD4F0DECE0956F0 8 A7276E3F49EA02AED825C2D6AF6CB" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(572) c:\program files\Intel\Wireless\Bin\LgNotify.dll . Completion time: 2009-10-26 23:41 ComboFix-quarantined-files.txt 2009-10-26 04:40 Pre-Run: 2,413,731,840 bytes free Post-Run: 2,380,603,392 bytes free - - End Of File - - F6C52428B3D0AAE359E154029BE2293E First MBAM Quick Scan Log: Malwarebytes' Anti-Malware 1.41 Database version: 3034 Windows 5.1.2600 Service Pack 2 10/26/2009 12:15:01 AM mbam-log-2009-10-26 (00-15-01).txt Scan type: Quick Scan Objects scanned: 110645 Time elapsed: 6 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Active Security (Rogue.ActiveSecurity) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Antivirus (Rogue.AntiVirus) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\igfxtray.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc1.exe\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc2.exe10937e\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc3.exe23379e\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc4.exe29581e\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_RON.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.
  3. Problem: My computer is infected with some malware or virus. I really don't know. It had disabled everything except for my background and mouse cursor. I can ctrl, alt, del and run programs through that. No explorer.exe, etc...IE works, and initially I wasn't able to run mbam (until I changed the file name) avast, or adaware, only avira worked. Steps Taken: I have read extensively and done all the necessary procedures through this website as well as others and still have had no luck with a fix. 1. Computer infected- Ran adaware, icons still present. 2. Restarted computer due to blue screen, everything was gone. 3. Found out to ctrl. alt. del., wasn't able to dl mbam.exe 4. Dl'ed combofix, ran that appropriately (two times, etc..). Still no icons. (log pasted below) 5. Mbam.exe now worked, ran it quick. Found some infections/viruses (whatever the hell it does) Still no icons. 6. Dl'ed superantispyware, found more crap. Restarted. Still no icons. 7. Dl'ed service pack 3. (couldn't find explorer.exe and a couple other files), restarted. Nothing. 8. Dl'ed Microsoft's Repair Tool. Nada. 9. Ran Full scan of Mbam, 1 infection. restarted. nothing. 10. Put gun to computer. Seriously, what's going on here? Below are combofix log and first working mbam scan log Combofix log: ComboFix 09-10-25.02 - William Seimetz 10/25/2009 23:24.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1271.905 [GMT -5:00] Running from: c:\documents and settings\William Seimetz\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\LocalService\Application Data\NetMon c:\program files\akl c:\program files\akl\akl.dll c:\program files\akl\akl.exe c:\program files\akl\uninstall.exe c:\program files\akl\unsetup.exe c:\program files\Common Files\ymante~1 c:\program files\curity~1 c:\program files\Inet Delivery c:\program files\Inet Delivery\inetdl.exe c:\program files\Inet Delivery\intdel.exe c:\windows\a.bat c:\windows\base64.tmp c:\windows\bdn.com c:\windows\FVProtect.exe c:\windows\iTunesMusic.exe c:\windows\msa.exe c:\windows\mslagent c:\windows\mslagent\2_mslagent.dll c:\windows\mslagent\mslagent.exe c:\windows\mslagent\uninstall.exe c:\windows\mssecu.exe c:\windows\system32\akttzn.exe c:\windows\system32\anticipator.dll c:\windows\system32\awtoolb.dll c:\windows\system32\bdn.com c:\windows\system32\bsva-egihsg52.exe c:\windows\system32\dpcproxy.exe c:\windows\system32\emesx.dll c:\windows\system32\FTPx.dll c:\windows\system32\hoproxy.dll c:\windows\system32\hxiwlgpm.dat c:\windows\system32\hxiwlgpm.exe c:\windows\system32\MabryObj.dll c:\windows\system32\MCGea0Ew.exe.a_a c:\windows\system32\medup012.dll c:\windows\system32\medup020.dll c:\windows\system32\msgp.exe c:\windows\system32\msnbho.dll c:\windows\system32\mssecu.exe c:\windows\system32\msvchost.exe c:\windows\system32\mtr2.exe c:\windows\system32\mwin32.exe c:\windows\system32\netode.exe c:\windows\system32\newsd32.exe c:\windows\system32\ps1.exe c:\windows\system32\psof1.exe c:\windows\system32\psoft1.exe c:\windows\system32\regc64.dll c:\windows\system32\regm64.dll c:\windows\system32\Rundl1.exe c:\windows\system32\smp c:\windows\system32\smp\msrc.exe c:\windows\system32\sncntr.exe c:\windows\system32\ssembl~1 c:\windows\system32\ssurf022.dll c:\windows\system32\ssvchost.com c:\windows\system32\ssvchost.exe c:\windows\system32\sysreq.exe c:\windows\system32\taack.dat c:\windows\system32\taack.exe c:\windows\system32\temp#01.exe c:\windows\system32\thun.dll c:\windows\system32\thun32.dll c:\windows\system32\VBIEWER.OCX c:\windows\system32\vbsys2.dll c:\windows\system32\vcatchpi.dll c:\windows\system32\winlogonpc.exe c:\windows\system32\winsystem.exe c:\windows\system32\WINWGPX.EXE c:\windows\tsks~1 c:\windows\userconfig9x.dll c:\windows\V2lsbGlhbSBTZWltZXR6 c:\windows\winsystem.exe c:\windows\zip1.tmp c:\windows\zip2.tmp c:\windows\zip3.tmp c:\windows\zipped.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_NETWORK_MONITOR -------\Legacy_NWCWORKSTATION -------\Legacy_SYSREST.SYS -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Service_cmdService -------\Service_NWCWorkstation ((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 ))))))))))))))))))))))))))))))) . 2009-10-26 03:52 . 2009-10-26 03:52 -------- d-----w- C:\explorer.exe10937e 2009-10-26 03:25 . 2009-10-26 03:26 -------- d-----w- C:\explorer.exe29581e 2009-10-26 03:19 . 2009-10-26 03:47 -------- d-----w- C:\explorer.exe23379e 2009-10-26 03:09 . 2009-10-26 03:09 -------- d-----w- C:\explorer.exe 2009-10-26 02:49 . 2009-10-26 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-26 02:37 . 2009-10-26 02:41 -------- d-----w- c:\program files\will seimetz 2009-10-23 06:48 . 2009-10-23 06:48 -------- d-----w- c:\documents and settings\William Seimetz\Application Data\Malwarebytes 2009-10-23 06:48 . 2009-10-23 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-23 06:03 . 2009-10-23 06:03 -------- d-sh--w- c:\documents and settings\William Seimetz\PrivacIE 2009-10-23 06:01 . 2009-10-23 06:01 -------- d-sh--w- c:\documents and settings\William Seimetz\IETldCache 2009-10-23 05:46 . 2009-10-23 05:49 -------- dc-h--w- c:\windows\ie8 2009-10-22 23:01 . 2009-10-22 23:01 -------- d-----w- c:\windows\system32\KB905474 2009-10-22 23:01 . 2009-03-11 03:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe 2009-10-22 23:01 . 2009-03-11 03:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe 2009-10-22 21:53 . 2009-10-22 22:05 -------- d-----w- c:\windows\system32\CatRoot_bak 2009-10-21 15:29 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-21 15:29 . 2009-10-21 15:29 -------- d-----w- c:\program files\Avira 2009-10-21 09:19 . 2009-10-21 09:19 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-21 08:12 . 2009-10-26 02:46 0 ----a-r- c:\windows\win32k.sys 2009-10-19 05:09 . 2009-10-19 05:09 -------- d-----w- c:\documents and settings\William Seimetz\.jnlp-applet 2009-10-07 22:03 . 2009-10-07 22:03 -------- d-----w- C:\users 2009-10-05 20:40 . 2009-10-05 20:41 -------- d-----w- c:\documents and settings\William Seimetz\Application Data\ooVoo Details . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-26 02:25 . 2007-03-26 19:07 -------- d-----w- c:\program files\Lavasoft 2009-10-23 05:57 . 2008-08-11 11:59 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-22 06:43 . 2009-02-09 23:09 -------- d-----w- c:\program files\Windows Media Connect 2 2009-10-22 06:43 . 2005-08-18 18:28 -------- d-----w- c:\program files\Resnet Configuration Utility 2009-10-22 06:43 . 2007-12-12 04:16 -------- d-----w- c:\program files\PE 2009-10-22 06:43 . 2009-01-12 07:39 -------- d-----w- c:\program files\Palm 2009-10-22 06:43 . 2005-04-15 21:01 -------- d-----w- c:\program files\NetWaiting 2009-10-22 06:43 . 2008-07-18 09:52 -------- d-----w- c:\program files\LimeWire 2009-10-22 06:43 . 2005-04-15 21:01 -------- d-----w- c:\program files\Modem Helper 2009-10-22 06:43 . 2006-09-11 06:17 -------- d-----w- c:\program files\Library 2009-10-22 06:43 . 2007-12-14 15:16 -------- d-----w- c:\program files\DivX 2009-10-22 06:43 . 2005-04-15 20:40 -------- d-----w- c:\program files\Apoint 2009-10-21 09:38 . 2008-07-18 09:53 -------- d-----w- c:\documents and settings\William Seimetz\Application Data\LimeWire 2009-10-06 03:03 . 2007-10-17 20:15 -------- d-----w- c:\program files\Full Tilt Poker 2009-10-06 03:03 . 2005-04-15 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-06 03:00 . 2008-12-03 17:53 -------- d-----w- c:\program files\Google 2009-10-05 21:04 . 2009-10-05 21:04 -------- d-----w- c:\program files\DV Series 2009-09-21 20:29 . 2009-09-21 20:29 -------- d-----w- c:\program files\Siber Systems 2009-09-21 13:50 . 2009-09-16 08:21 -------- d-----w- c:\program files\GRETECH 2009-09-15 00:05 . 2005-07-25 07:15 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-14 22:06 . 2008-12-11 20:10 5 -c--a-w- c:\windows\sbacknt.bin 2009-08-14 22:04 . 2008-12-11 20:06 152904 -c--a-w- c:\windows\system32\vghd.scr 2009-08-07 06:42 . 2008-09-29 09:30 1053056 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys 2006-10-01 17:23 . 2006-10-01 17:23 28672 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2006-10-01 17:23 . 2006-10-01 17:23 86016 -c--a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2006-10-01 17:23 . 2006-10-01 17:23 90112 -c--a-w- c:\program files\mozilla firefox\plugins\mwmcli.dll 2007-01-07 10:36 . 2007-01-07 10:35 80 -csh--r- c:\windows\SYSTEM32\B4716037E4.dll . ------- Sigcheck ------- [-] 2009-10-22 22:50 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe [7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 10:23 . !HASH: COULD NOT OPEN FILE !!!!! . 1033216 . . [------] . . c:\windows\explorer.exe [7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe [7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SYSTEM32\DLLCACHE\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-19 50528] "dlmMgr"="c:\program files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" [2004-11-13 414208] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-09-21 160592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-02-07 606208] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-31 148888] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451] c:\documents and settings\William Seimetz\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-6-22 139776] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-4-15 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "Midi1"=usbmn2x2.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GhostSurf proxy.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GhostSurf proxy.lnk backup=c:\windows\pss\GhostSurf proxy.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpyCatcher Protector.lnk backup=c:\windows\pss\SpyCatcher Protector.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^William Seimetz^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\William Seimetz\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^William Seimetz^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\William Seimetz\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "UpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 S2 Ca533av;DV Series Video Capture;c:\windows\SYSTEM32\DRIVERS\Ca533av.sys [10/5/2009 4:04 PM 515803] S3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\SYSTEM32\DRIVERS\usb22ldr.sys [7/10/2008 11:15 AM 20936] S3 USBCamera;DV Series Digital Camera;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [10/5/2009 4:04 PM 10984] S3 USBMN2X2;M-Audio USB MidiSport 2x2;c:\windows\system32\drivers\usbmn2x2.sys --> c:\windows\system32\drivers\usbmn2x2.sys [?] --- Other Services/Drivers In Memory --- *Deregistered* - avgio *Deregistered* - avipbb *Deregistered* - mbr *Deregistered* - ssmdrv . Contents of the 'Scheduled Tasks' folder 2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34] 2009-10-22 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-10-22 03:18] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local>;*.local uInternet Settings,ProxyServer = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: {{A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - c:\program files\gamingclubMPP\MPPoker.exe FF - ProfilePath - c:\documents and settings\William Seimetz\Application Data\Mozilla\Firefox\Profiles\05i12wy5.default\ FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll . - - - - ORPHANS REMOVED - - - - BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file) HKLM-Run-GhostSurf Reminder - (no file) HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe HKU-Default-Run-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe HKU-Default-RunOnce-WUAppSetup - c:\program files\Common Files\logishrd\WUApp32.exe HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9f.exe AddRemove-Dasher - c:\program files\Internet Chess Club\Dasher\Dasher-uninstall.exe AddRemove-MP3 Converter Simple - c:\progra~1\MP3CON~1\UNWISE.EXE AddRemove-rgcAudio Triangle II DXi2 Synthesizer_is1 - c:\program files\Cakewalk\Shared Dxi\Triangle II\unins000.exe AddRemove-Sound'Em 1.0 - c:\program files\DV Series\UNWISE.EXE AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-25 23:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2401662498-2851472548-1797065733-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG08.00.00.01WORKSTATION"="8155418F5292C0A72437466580DDA81263CCA31AE8C5F3067B461EF9D9CACB6C8AC0F5EF103 85AB2EEA5DB25E09850D0BC51756B768FEB1BBD8A7C7C18721C69054ED88186BFAB8714E3E0F4645 B 857E08C61C4C35A07B28DE6098F35F41AA114C91569D5078E6AD1808B55BA189BB6091E6858ED291 F 64F9545951F17254C841DEC600EADC401E3E0F93B504E1C29728A43A4F51F8FF6E97C8D962F47201 C 181C1A6B13809C351B3BFAD93D461E486288BC733C11DAD6000FE1C4CA9FC8F454CCA5F3DECF8A80 F 9D519F9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127 B ECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6171C11EC38DE3DBA7FD86916 4 D679429FCE15A5DB1EA6EB40BF75B025FCBD303BBB82F0AE17E62DBD57016480ABA777D8E30CDA23 F 80752A6141C383A5287B02FE6050A54F51A82F44D3099CFE98F3E7C8499845FC209431F284B67475 6 7F586A9651BF86D76BDBC0AB019F7C4D4654532B8B009C84E5EB59FC6C9AFD69447291460E7A00F1 D 38E815D47ED014E190E7F3224F6064E5E696E71ED7C9340D76F539FD4F6B66472E8A7DA1B4558B09 B E965D3B71F57611C826F4367F875D828E6DBA7DB1598DCCBA71790DFCE12BE6BA0BDE4FD6230952A 0 2C10CDA1E006F91C02D93534237FD67EDDE79FDB0C5AE8D6F28E3B85FA0CFD916329B9E58444CF33 9 C800B3A329EE59D83C875189A6053E6EFA7724742CFBCBF7A535FB55595AE6A9ABAFC72A6ADCBBE0 D 40423E886B3F449806FAA8EF8B8A5695C3BABEE5D71ADC49B69A4A51D52F0E1619C99E070E974AF7 2 DEEFA31DA3982CA57DBF202CEE6A76E4A09F3B8A20A3AB13F654DF73B1C5B89C17D52663A6EF4A40 C 650AA5A1406FC26C7E681985AD78E2C381A273CDE05BC18F668AA48D2064A3050FFC845CA2597038 C 8E2DE52BAFEA3DA22BAC5844E32058382BEB31A1E0AB809A20A81ED619098EE48E0ADC1A88A615ED 9 F56DFE1FCD2FAEBACF100B08A34D0302B3B82AA0C3CE747126DC6FC2DAFA4A53F79D42621E8CC78E E 36BEE5172BB819DBF75C759A51CCF4C3B75DC2732C7C0CB28BF397D97DFA80FE2A8B644BC52397DB 8 BA635C6D7B2DF4E8B66EC8D9900514B5ED30A8335FCEE2FC62BAFDCBD3FDBE6D3D7AC954DCDC9A41 9 26BED9C1282128C7759EC6DB3DC451FE2346E6DF7CC8FED66F1179A24520315B080324A7C433DE4D F C92DC67C1882812C42DAF36A453291D4910E81AAA5867B6ABF04B5757A2534DF7A9BC4CB6AFE1CF1 6 6DAB3C8A77FF359034DD0BB141151CE1B263896FAE937E149BFEF27E1AE2D1E08DC87A65D6170F85 7 C5D1967AA2B4A0ECAFACEBBF416E0777F55408B11EB3CA70A0CB0C6F58ABEE813DD4F0DECE0956F0 8 A7276E3F49EA02AED825C2D6AF6CB" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(572) c:\program files\Intel\Wireless\Bin\LgNotify.dll . Completion time: 2009-10-26 23:41 ComboFix-quarantined-files.txt 2009-10-26 04:40 Pre-Run: 2,413,731,840 bytes free Post-Run: 2,380,603,392 bytes free - - End Of File - - F6C52428B3D0AAE359E154029BE2293E First MBAM Quick Scan Log: Malwarebytes' Anti-Malware 1.41 Database version: 3034 Windows 5.1.2600 Service Pack 2 10/26/2009 12:15:01 AM mbam-log-2009-10-26 (00-15-01).txt Scan type: Quick Scan Objects scanned: 110645 Time elapsed: 6 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Active Security (Rogue.ActiveSecurity) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Antivirus (Rogue.AntiVirus) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\igfxtray.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc1.exe\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc2.exe10937e\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc3.exe23379e\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc4.exe29581e\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_RON.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.
  4. Problem: My computer is infected with some malware or virus. I really don't know. It had disabled everything except for my background and mouse cursor. I can ctrl, alt, del and run programs through that. No explorer.exe, etc...IE works, and initially I wasn't able to run mbam (until I changed the file name) avast, or adaware, only avira worked. Steps Taken: I have read extensively and done all the necessary procedures through this website as well as others and still have had no luck with a fix. 1. Computer infected- Ran adaware, icons still present. 2. Restarted computer due to blue screen, everything was gone. 3. Found out to ctrl. alt. del., wasn't able to dl mbam.exe 4. Dl'ed combofix, ran that appropriately (two times, etc..). Still no icons. (log pasted below) 5. Mbam.exe now worked, ran it quick. Found some infections/viruses (whatever the hell it does) Still no icons. 6. Dl'ed superantispyware, found more crap. Restarted. Still no icons. 7. Dl'ed service pack 3. (couldn't find explorer.exe and a couple other files), restarted. Nothing. 8. Dl'ed Microsoft's Repair Tool. Nada. 9. Ran Full scan of Mbam, 1 infection. restarted. nothing. 10. Put gun to computer. Seriously, what's going on here? Below are combofix log and first working mbam scan log Combofix log: ComboFix 09-10-25.02 - William Seimetz 10/25/2009 23:24.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1271.905 [GMT -5:00] Running from: c:\documents and settings\William Seimetz\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\LocalService\Application Data\NetMon c:\program files\akl c:\program files\akl\akl.dll c:\program files\akl\akl.exe c:\program files\akl\uninstall.exe c:\program files\akl\unsetup.exe c:\program files\Common Files\ymante~1 c:\program files\curity~1 c:\program files\Inet Delivery c:\program files\Inet Delivery\inetdl.exe c:\program files\Inet Delivery\intdel.exe c:\windows\a.bat c:\windows\base64.tmp c:\windows\bdn.com c:\windows\FVProtect.exe c:\windows\iTunesMusic.exe c:\windows\msa.exe c:\windows\mslagent c:\windows\mslagent\2_mslagent.dll c:\windows\mslagent\mslagent.exe c:\windows\mslagent\uninstall.exe c:\windows\mssecu.exe c:\windows\system32\akttzn.exe c:\windows\system32\anticipator.dll c:\windows\system32\awtoolb.dll c:\windows\system32\bdn.com c:\windows\system32\bsva-egihsg52.exe c:\windows\system32\dpcproxy.exe c:\windows\system32\emesx.dll c:\windows\system32\FTPx.dll c:\windows\system32\hoproxy.dll c:\windows\system32\hxiwlgpm.dat c:\windows\system32\hxiwlgpm.exe c:\windows\system32\MabryObj.dll c:\windows\system32\MCGea0Ew.exe.a_a c:\windows\system32\medup012.dll c:\windows\system32\medup020.dll c:\windows\system32\msgp.exe c:\windows\system32\msnbho.dll c:\windows\system32\mssecu.exe c:\windows\system32\msvchost.exe c:\windows\system32\mtr2.exe c:\windows\system32\mwin32.exe c:\windows\system32\netode.exe c:\windows\system32\newsd32.exe c:\windows\system32\ps1.exe c:\windows\system32\psof1.exe c:\windows\system32\psoft1.exe c:\windows\system32\regc64.dll c:\windows\system32\regm64.dll c:\windows\system32\Rundl1.exe c:\windows\system32\smp c:\windows\system32\smp\msrc.exe c:\windows\system32\sncntr.exe c:\windows\system32\ssembl~1 c:\windows\system32\ssurf022.dll c:\windows\system32\ssvchost.com c:\windows\system32\ssvchost.exe c:\windows\system32\sysreq.exe c:\windows\system32\taack.dat c:\windows\system32\taack.exe c:\windows\system32\temp#01.exe c:\windows\system32\thun.dll c:\windows\system32\thun32.dll c:\windows\system32\VBIEWER.OCX c:\windows\system32\vbsys2.dll c:\windows\system32\vcatchpi.dll c:\windows\system32\winlogonpc.exe c:\windows\system32\winsystem.exe c:\windows\system32\WINWGPX.EXE c:\windows\tsks~1 c:\windows\userconfig9x.dll c:\windows\V2lsbGlhbSBTZWltZXR6 c:\windows\winsystem.exe c:\windows\zip1.tmp c:\windows\zip2.tmp c:\windows\zip3.tmp c:\windows\zipped.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_NETWORK_MONITOR -------\Legacy_NWCWORKSTATION -------\Legacy_SYSREST.SYS -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Service_cmdService -------\Service_NWCWorkstation ((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 ))))))))))))))))))))))))))))))) . 2009-10-26 03:52 . 2009-10-26 03:52 -------- d-----w- C:\explorer.exe10937e 2009-10-26 03:25 . 2009-10-26 03:26 -------- d-----w- C:\explorer.exe29581e 2009-10-26 03:19 . 2009-10-26 03:47 -------- d-----w- C:\explorer.exe23379e 2009-10-26 03:09 . 2009-10-26 03:09 -------- d-----w- C:\explorer.exe 2009-10-26 02:49 . 2009-10-26 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-26 02:37 . 2009-10-26 02:41 -------- d-----w- c:\program files\will seimetz 2009-10-23 06:48 . 2009-10-23 06:48 -------- d-----w- c:\documents and settings\William Seimetz\Application Data\Malwarebytes 2009-10-23 06:48 . 2009-10-23 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-23 06:03 . 2009-10-23 06:03 -------- d-sh--w- c:\documents and settings\William Seimetz\PrivacIE 2009-10-23 06:01 . 2009-10-23 06:01 -------- d-sh--w- c:\documents and settings\William Seimetz\IETldCache 2009-10-23 05:46 . 2009-10-23 05:49 -------- dc-h--w- c:\windows\ie8 2009-10-22 23:01 . 2009-10-22 23:01 -------- d-----w- c:\windows\system32\KB905474 2009-10-22 23:01 . 2009-03-11 03:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe 2009-10-22 23:01 . 2009-03-11 03:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe 2009-10-22 21:53 . 2009-10-22 22:05 -------- d-----w- c:\windows\system32\CatRoot_bak 2009-10-21 15:29 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-21 15:29 . 2009-10-21 15:29 -------- d-----w- c:\program files\Avira 2009-10-21 09:19 . 2009-10-21 09:19 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-21 08:12 . 2009-10-26 02:46 0 ----a-r- c:\windows\win32k.sys 2009-10-19 05:09 . 2009-10-19 05:09 -------- d-----w- c:\documents and settings\William Seimetz\.jnlp-applet 2009-10-07 22:03 . 2009-10-07 22:03 -------- d-----w- C:\users 2009-10-05 20:40 . 2009-10-05 20:41 -------- d-----w- c:\documents and settings\William Seimetz\Application Data\ooVoo Details . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-26 02:25 . 2007-03-26 19:07 -------- d-----w- c:\program files\Lavasoft 2009-10-23 05:57 . 2008-08-11 11:59 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-22 06:43 . 2009-02-09 23:09 -------- d-----w- c:\program files\Windows Media Connect 2 2009-10-22 06:43 . 2005-08-18 18:28 -------- d-----w- c:\program files\Resnet Configuration Utility 2009-10-22 06:43 . 2007-12-12 04:16 -------- d-----w- c:\program files\PE 2009-10-22 06:43 . 2009-01-12 07:39 -------- d-----w- c:\program files\Palm 2009-10-22 06:43 . 2005-04-15 21:01 -------- d-----w- c:\program files\NetWaiting 2009-10-22 06:43 . 2008-07-18 09:52 -------- d-----w- c:\program files\LimeWire 2009-10-22 06:43 . 2005-04-15 21:01 -------- d-----w- c:\program files\Modem Helper 2009-10-22 06:43 . 2006-09-11 06:17 -------- d-----w- c:\program files\Library 2009-10-22 06:43 . 2007-12-14 15:16 -------- d-----w- c:\program files\DivX 2009-10-22 06:43 . 2005-04-15 20:40 -------- d-----w- c:\program files\Apoint 2009-10-21 09:38 . 2008-07-18 09:53 -------- d-----w- c:\documents and settings\William Seimetz\Application Data\LimeWire 2009-10-06 03:03 . 2007-10-17 20:15 -------- d-----w- c:\program files\Full Tilt Poker 2009-10-06 03:03 . 2005-04-15 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-06 03:00 . 2008-12-03 17:53 -------- d-----w- c:\program files\Google 2009-10-05 21:04 . 2009-10-05 21:04 -------- d-----w- c:\program files\DV Series 2009-09-21 20:29 . 2009-09-21 20:29 -------- d-----w- c:\program files\Siber Systems 2009-09-21 13:50 . 2009-09-16 08:21 -------- d-----w- c:\program files\GRETECH 2009-09-15 00:05 . 2005-07-25 07:15 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-14 22:06 . 2008-12-11 20:10 5 -c--a-w- c:\windows\sbacknt.bin 2009-08-14 22:04 . 2008-12-11 20:06 152904 -c--a-w- c:\windows\system32\vghd.scr 2009-08-07 06:42 . 2008-09-29 09:30 1053056 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys 2006-10-01 17:23 . 2006-10-01 17:23 28672 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2006-10-01 17:23 . 2006-10-01 17:23 86016 -c--a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2006-10-01 17:23 . 2006-10-01 17:23 90112 -c--a-w- c:\program files\mozilla firefox\plugins\mwmcli.dll 2007-01-07 10:36 . 2007-01-07 10:35 80 -csh--r- c:\windows\SYSTEM32\B4716037E4.dll . ------- Sigcheck ------- [-] 2009-10-22 22:50 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe [7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 10:23 . !HASH: COULD NOT OPEN FILE !!!!! . 1033216 . . [------] . . c:\windows\explorer.exe [7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe [7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SYSTEM32\DLLCACHE\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-19 50528] "dlmMgr"="c:\program files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" [2004-11-13 414208] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-09-21 160592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-02-07 606208] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-31 148888] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451] c:\documents and settings\William Seimetz\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-6-22 139776] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-4-15 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "Midi1"=usbmn2x2.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GhostSurf proxy.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GhostSurf proxy.lnk backup=c:\windows\pss\GhostSurf proxy.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpyCatcher Protector.lnk backup=c:\windows\pss\SpyCatcher Protector.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^William Seimetz^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\William Seimetz\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^William Seimetz^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\William Seimetz\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "UpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 S2 Ca533av;DV Series Video Capture;c:\windows\SYSTEM32\DRIVERS\Ca533av.sys [10/5/2009 4:04 PM 515803] S3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\SYSTEM32\DRIVERS\usb22ldr.sys [7/10/2008 11:15 AM 20936] S3 USBCamera;DV Series Digital Camera;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [10/5/2009 4:04 PM 10984] S3 USBMN2X2;M-Audio USB MidiSport 2x2;c:\windows\system32\drivers\usbmn2x2.sys --> c:\windows\system32\drivers\usbmn2x2.sys [?] --- Other Services/Drivers In Memory --- *Deregistered* - avgio *Deregistered* - avipbb *Deregistered* - mbr *Deregistered* - ssmdrv . Contents of the 'Scheduled Tasks' folder 2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34] 2009-10-22 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-10-22 03:18] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local>;*.local uInternet Settings,ProxyServer = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: {{A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - c:\program files\gamingclubMPP\MPPoker.exe FF - ProfilePath - c:\documents and settings\William Seimetz\Application Data\Mozilla\Firefox\Profiles\05i12wy5.default\ FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll . - - - - ORPHANS REMOVED - - - - BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file) HKLM-Run-GhostSurf Reminder - (no file) HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe HKU-Default-Run-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe HKU-Default-RunOnce-WUAppSetup - c:\program files\Common Files\logishrd\WUApp32.exe HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9f.exe AddRemove-Dasher - c:\program files\Internet Chess Club\Dasher\Dasher-uninstall.exe AddRemove-MP3 Converter Simple - c:\progra~1\MP3CON~1\UNWISE.EXE AddRemove-rgcAudio Triangle II DXi2 Synthesizer_is1 - c:\program files\Cakewalk\Shared Dxi\Triangle II\unins000.exe AddRemove-Sound'Em 1.0 - c:\program files\DV Series\UNWISE.EXE AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-25 23:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2401662498-2851472548-1797065733-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG08.00.00.01WORKSTATION"="8155418F5292C0A72437466580DDA81263CCA31AE8C5F3067B461EF9D9CACB6C8AC0F5EF103 85AB2EEA5DB25E09850D0BC51756B768FEB1BBD8A7C7C18721C69054ED88186BFAB8714E3E0F4645 B 857E08C61C4C35A07B28DE6098F35F41AA114C91569D5078E6AD1808B55BA189BB6091E6858ED291 F 64F9545951F17254C841DEC600EADC401E3E0F93B504E1C29728A43A4F51F8FF6E97C8D962F47201 C 181C1A6B13809C351B3BFAD93D461E486288BC733C11DAD6000FE1C4CA9FC8F454CCA5F3DECF8A80 F 9D519F9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127 B ECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6171C11EC38DE3DBA7FD86916 4 D679429FCE15A5DB1EA6EB40BF75B025FCBD303BBB82F0AE17E62DBD57016480ABA777D8E30CDA23 F 80752A6141C383A5287B02FE6050A54F51A82F44D3099CFE98F3E7C8499845FC209431F284B67475 6 7F586A9651BF86D76BDBC0AB019F7C4D4654532B8B009C84E5EB59FC6C9AFD69447291460E7A00F1 D 38E815D47ED014E190E7F3224F6064E5E696E71ED7C9340D76F539FD4F6B66472E8A7DA1B4558B09 B E965D3B71F57611C826F4367F875D828E6DBA7DB1598DCCBA71790DFCE12BE6BA0BDE4FD6230952A 0 2C10CDA1E006F91C02D93534237FD67EDDE79FDB0C5AE8D6F28E3B85FA0CFD916329B9E58444CF33 9 C800B3A329EE59D83C875189A6053E6EFA7724742CFBCBF7A535FB55595AE6A9ABAFC72A6ADCBBE0 D 40423E886B3F449806FAA8EF8B8A5695C3BABEE5D71ADC49B69A4A51D52F0E1619C99E070E974AF7 2 DEEFA31DA3982CA57DBF202CEE6A76E4A09F3B8A20A3AB13F654DF73B1C5B89C17D52663A6EF4A40 C 650AA5A1406FC26C7E681985AD78E2C381A273CDE05BC18F668AA48D2064A3050FFC845CA2597038 C 8E2DE52BAFEA3DA22BAC5844E32058382BEB31A1E0AB809A20A81ED619098EE48E0ADC1A88A615ED 9 F56DFE1FCD2FAEBACF100B08A34D0302B3B82AA0C3CE747126DC6FC2DAFA4A53F79D42621E8CC78E E 36BEE5172BB819DBF75C759A51CCF4C3B75DC2732C7C0CB28BF397D97DFA80FE2A8B644BC52397DB 8 BA635C6D7B2DF4E8B66EC8D9900514B5ED30A8335FCEE2FC62BAFDCBD3FDBE6D3D7AC954DCDC9A41 9 26BED9C1282128C7759EC6DB3DC451FE2346E6DF7CC8FED66F1179A24520315B080324A7C433DE4D F C92DC67C1882812C42DAF36A453291D4910E81AAA5867B6ABF04B5757A2534DF7A9BC4CB6AFE1CF1 6 6DAB3C8A77FF359034DD0BB141151CE1B263896FAE937E149BFEF27E1AE2D1E08DC87A65D6170F85 7 C5D1967AA2B4A0ECAFACEBBF416E0777F55408B11EB3CA70A0CB0C6F58ABEE813DD4F0DECE0956F0 8 A7276E3F49EA02AED825C2D6AF6CB" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(572) c:\program files\Intel\Wireless\Bin\LgNotify.dll . Completion time: 2009-10-26 23:41 ComboFix-quarantined-files.txt 2009-10-26 04:40 Pre-Run: 2,413,731,840 bytes free Post-Run: 2,380,603,392 bytes free - - End Of File - - F6C52428B3D0AAE359E154029BE2293E First MBAM Quick Scan Log: Malwarebytes' Anti-Malware 1.41 Database version: 3034 Windows 5.1.2600 Service Pack 2 10/26/2009 12:15:01 AM mbam-log-2009-10-26 (00-15-01).txt Scan type: Quick Scan Objects scanned: 110645 Time elapsed: 6 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Active Security (Rogue.ActiveSecurity) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Antivirus (Rogue.AntiVirus) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\igfxtray.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc1.exe\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc2.exe10937e\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc3.exe23379e\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc4.exe29581e\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_RON.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.