Jump to content

Malwarebytes won't remove 4 registry entries


Recommended Posts

DDS (Ver_09-02-01.01) - NTFSx86 MINIMAL

Run by Administrator at 10:11:12.06 on Mon 03/02/2009

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1796 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: {8ed1ba2d-127b-4453-a186-8e259efbbaf0} - c:\windows\system32\avicap3.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1235076538531&h=a055f122ff6391b5fb891774d7b6e061/&filename=jinstall-6u12-windows-i586-jc.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {cafeefac-0016-0000-0012-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

AppInit_DLLs: emqsys.dll

============= SERVICES / DRIVERS ===============

R0 bbpfrryn;bbpfrryn;c:\windows\system32\drivers\bbpfrryn.sys [2002-8-29 23424]

S1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-4 325128]

S1 avgmfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-4 27656]

S1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-4 107272]

S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-4 298264]

S3 getplus® helper;getPlus® Helper; [x]

=============== Created Last 30 ================

2009-03-02 02:39 <DIR> --d----- C:\backup

2009-03-02 02:14 <DIR> --d----- c:\program files\Free Window Registry Repair

2009-03-02 02:13 356 a------- c:\temp\mark.reg

2009-03-02 02:13 795,555 a------- c:\temp\RegpairSetup.exe

2009-03-02 00:56 161,792 a------- c:\windows\SWREG.exe

2009-03-02 00:56 98,816 a------- c:\windows\sed.exe

2009-03-02 00:56 <DIR> --d----- C:\ComboFix

2009-03-02 00:56 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes

2009-03-02 00:00 1,361,822 a------- C:\New Bitmap Image.bmp

2009-03-01 22:52 <DIR> --d----- c:\windows\pss

2009-03-01 19:41 578,560 ac------ c:\windows\system32\dllcache\user32.dll

2009-03-01 19:40 <DIR> --d----- c:\windows\ERUNT

2009-03-01 19:39 <DIR> --d----- C:\SDFix

2009-03-01 19:39 1,529,241 a------- c:\temp\SDFix.exe

2009-02-26 11:32 20,992 a------- c:\windows\system32\emqsys.dll

2009-02-19 15:48 410,984 a------- c:\windows\system32\deploytk.dll

2009-02-19 15:48 73,728 a------- c:\windows\system32\javacpl.cpl

2009-02-05 13:44 2,884,516 a----r-- c:\temp\ComboFix.exe

2009-02-05 11:59 <DIR> --d----- c:\program files\Trend Micro

2009-02-05 11:56 <DIR> --d----- c:\temp\ccsetup216

2009-02-05 11:55 922,137 a------- c:\temp\ccsetup216.zip

2009-02-05 11:55 812,344 a------- c:\temp\HJTInstall.exe

2009-02-04 22:13 <DIR> --d----- c:\temp\AVGRTK_remover

2009-02-04 22:12 863 a------- c:\temp\AVGRTK_remover.zip

2009-02-04 21:43 <DIR> a-dshr-- C:\cmdcons

2009-02-04 21:02 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll

2009-02-04 21:02 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll

2009-02-04 21:02 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll

2009-02-04 21:02 63,488 -c------ c:\windows\system32\dllcache\icardie.dll

2009-02-04 21:02 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe

2009-02-04 21:02 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll

2009-02-04 21:02 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat

2009-02-04 21:02 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui

2009-02-04 21:02 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll

2009-02-04 20:40 712,704 -------- c:\windows\system32\windowscodecs.dll

2009-02-04 20:40 346,112 -------- c:\windows\system32\windowscodecsext.dll

2009-02-04 20:40 276,992 -------- c:\windows\system32\wmphoto.dll

2009-02-04 20:40 69,120 -------- c:\windows\system32\wlanapi.dll

2009-02-04 20:40 53,248 -------- c:\windows\system32\tsgqec.dll

2009-02-04 20:40 50,688 -------- c:\windows\system32\tspkg.dll

2009-02-04 20:40 <DIR> --d----- c:\windows\system32\scripting

2009-02-04 20:40 <DIR> --d----- c:\windows\system32\en

2009-02-04 20:40 <DIR> --d----- c:\windows\l2schemas

2009-02-04 20:40 <DIR> --d----- c:\windows\system32\bits

2009-02-04 20:37 <DIR> --d----- c:\windows\network diagnostic

2009-02-04 20:37 144,384 -------- c:\windows\system32\drivers\hdaudbus.sys

2009-02-04 20:37 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys

2009-02-04 20:36 19,569 a------- c:\windows\005783_.tmp

2009-02-04 18:29 <DIR> --d-h--- C:\$AVG8.VAULT$

2009-02-04 18:27 10,520 a------- c:\windows\system32\avgrsstx.dll

2009-02-04 18:27 107,272 a------- c:\windows\system32\drivers\avgtdix.sys

2009-02-04 18:27 325,128 a------- c:\windows\system32\drivers\avgldx86.sys

2009-02-04 18:27 <DIR> --d----- c:\windows\system32\drivers\Avg

2009-02-04 18:15 <DIR> --d----- c:\temp\set_permissions

2009-02-04 18:15 <DIR> --d----- c:\temp\avgfix

2009-02-04 18:14 108,291 a------- c:\temp\set_permissions.zip

2009-02-04 17:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8

2009-02-04 00:46 4,497,080 a------- c:\temp\spybotsd_includes.exe

2009-02-04 00:35 <DIR> --d----- c:\program files\Spybot - Search & Destroy

2009-02-04 00:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2009-02-04 00:34 16,409,960 a------- c:\temp\spybotsd162.exe

2009-02-03 15:32 <DIR> --d----- c:\program files\AVG

2009-02-03 15:31 50,689,960 a------- c:\temp\avg_free_stf_en_8_173a1373.exe

2009-02-03 15:06 59,981,528 a------- c:\temp\avg_free_stf_en_8_233a1415.exe

2009-02-03 12:40 <DIR> --d----- C:\0a7c67e50e3d84cfd74ad1

2009-02-03 12:13 <DIR> --d----- c:\temp\sp3

2009-02-03 11:57 305 a------- c:\windows\system32\MRT.INI

2009-02-03 11:17 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-02-03 11:17 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-03 11:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-02-03 11:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-02-04 20:43 88,047 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 10:11:35.14 ===============

Link to post
Share on other sites

I doubt your clean. Please post a HijackThis log.

I wish I could have gone through this process. I know it would have been easier than the fight I had with the machine, and more effective. I will post my stuff here next time instead of bleeping computer (that post was up for 36 hrs with no response). Why is it that other peoples HJT reports got answered 20 times over but 30 - 70 people looked at (both - malware and bleeping) mine and never offered any help? I had to do something, so I did what I could and the computer is now in service. If I get it back, I will repost. Thank you very much for your support and concern. I hope to hear back from you on why this post attracted attention - but you were the only one to answer? Is it a particularly hard post to decipher? Did I say something wrong in my description of the problem? And most importantly what item(s) do you think I missed?

It did run fine on the internet for

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.