Already ran Malwarebytes and Combofix, still no icons or explorer.exe, just background

[Wilty]

Problem: My computer is infected with some malware or virus. I really don't know. It had disabled everything except for my background and mouse cursor. I can ctrl, alt, del and run programs through that. No explorer.exe, etc...IE works, and initially I wasn't able to run mbam (until I changed the file name) avast, or adaware, only avira worked.

Steps Taken: I have read extensively and done all the necessary procedures through this website as well as others and still have had no luck with a fix.

1. Computer infected- Ran adaware, icons still present.

2. Restarted computer due to blue screen, everything was gone.

3. Found out to ctrl. alt. del., wasn't able to dl mbam.exe

4. Dl'ed combofix, ran that appropriately (two times, etc..). Still no icons. (log pasted below)

5. Mbam.exe now worked, ran it quick. Found some infections/viruses (whatever the hell it does) Still no icons.

6. Dl'ed superantispyware, found more crap. Restarted. Still no icons.

7. Dl'ed service pack 3. (couldn't find explorer.exe and a couple other files), restarted. Nothing.

8. Dl'ed Microsoft's Repair Tool. Nada.

9. Ran Full scan of Mbam, 1 infection. restarted. nothing.

10. Put gun to computer.

Seriously, what's going on here?

Below are combofix log and first working mbam scan log

Combofix log:

ComboFix 09-10-25.02 - William Seimetz 10/25/2009 23:24.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1271.905 [GMT -5:00]

Running from: c:\documents and settings\William Seimetz\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\LocalService\Application Data\NetMon

c:\program files\akl

c:\program files\akl\akl.dll

c:\program files\akl\akl.exe

c:\program files\akl\uninstall.exe

c:\program files\akl\unsetup.exe

c:\program files\Common Files\ymante~1

c:\program files\curity~1

c:\program files\Inet Delivery

c:\program files\Inet Delivery\inetdl.exe

c:\program files\Inet Delivery\intdel.exe

c:\windows\a.bat

c:\windows\base64.tmp

c:\windows\bdn.com

c:\windows\FVProtect.exe

c:\windows\iTunesMusic.exe

c:\windows\msa.exe

c:\windows\mslagent

c:\windows\mslagent\2_mslagent.dll

c:\windows\mslagent\mslagent.exe

c:\windows\mslagent\uninstall.exe

c:\windows\mssecu.exe

c:\windows\system32\akttzn.exe

c:\windows\system32\anticipator.dll

c:\windows\system32\awtoolb.dll

c:\windows\system32\bdn.com

c:\windows\system32\bsva-egihsg52.exe

c:\windows\system32\dpcproxy.exe

c:\windows\system32\emesx.dll

c:\windows\system32\FTPx.dll

c:\windows\system32\hoproxy.dll

c:\windows\system32\hxiwlgpm.dat

c:\windows\system32\hxiwlgpm.exe

c:\windows\system32\MabryObj.dll

c:\windows\system32\MCGea0Ew.exe.a_a

c:\windows\system32\medup012.dll

c:\windows\system32\medup020.dll

c:\windows\system32\msgp.exe

c:\windows\system32\msnbho.dll

c:\windows\system32\mssecu.exe

c:\windows\system32\msvchost.exe

c:\windows\system32\mtr2.exe

c:\windows\system32\mwin32.exe

c:\windows\system32\netode.exe

c:\windows\system32\newsd32.exe

c:\windows\system32\ps1.exe

c:\windows\system32\psof1.exe

c:\windows\system32\psoft1.exe

c:\windows\system32\regc64.dll

c:\windows\system32\regm64.dll

c:\windows\system32\Rundl1.exe

c:\windows\system32\smp

c:\windows\system32\smp\msrc.exe

c:\windows\system32\sncntr.exe

c:\windows\system32\ssembl~1

c:\windows\system32\ssurf022.dll

c:\windows\system32\ssvchost.com

c:\windows\system32\ssvchost.exe

c:\windows\system32\sysreq.exe

c:\windows\system32\taack.dat

c:\windows\system32\taack.exe

c:\windows\system32\temp#01.exe

c:\windows\system32\thun.dll

c:\windows\system32\thun32.dll

c:\windows\system32\VBIEWER.OCX

c:\windows\system32\vbsys2.dll

c:\windows\system32\vcatchpi.dll

c:\windows\system32\winlogonpc.exe

c:\windows\system32\winsystem.exe

c:\windows\system32\WINWGPX.EXE

c:\windows\tsks~1

c:\windows\userconfig9x.dll

c:\windows\V2lsbGlhbSBTZWltZXR6

c:\windows\winsystem.exe

c:\windows\zip1.tmp

c:\windows\zip2.tmp

c:\windows\zip3.tmp

c:\windows\zipped.tmp

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_CMDSERVICE

-------\Legacy_NETWORK_MONITOR

-------\Legacy_NWCWORKSTATION

-------\Legacy_SYSREST.SYS

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Service_cmdService

-------\Service_NWCWorkstation

((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 )))))))))))))))))))))))))))))))

.

2009-10-26 03:52 . 2009-10-26 03:52 -------- d-----w- C:\explorer.exe10937e

2009-10-26 03:25 . 2009-10-26 03:26 -------- d-----w- C:\explorer.exe29581e

2009-10-26 03:19 . 2009-10-26 03:47 -------- d-----w- C:\explorer.exe23379e

2009-10-26 03:09 . 2009-10-26 03:09 -------- d-----w- C:\explorer.exe

2009-10-26 02:49 . 2009-10-26 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-26 02:37 . 2009-10-26 02:41 -------- d-----w- c:\program files\will seimetz

2009-10-23 06:48 . 2009-10-23 06:48 -------- d-----w- c:\documents and settings\William Seimetz\Application Data\Malwarebytes

2009-10-23 06:48 . 2009-10-23 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-23 06:03 . 2009-10-23 06:03 -------- d-sh--w- c:\documents and settings\William Seimetz\PrivacIE

2009-10-23 06:01 . 2009-10-23 06:01 -------- d-sh--w- c:\documents and settings\William Seimetz\IETldCache

2009-10-23 05:46 . 2009-10-23 05:49 -------- dc-h--w- c:\windows\ie8

2009-10-22 23:01 . 2009-10-22 23:01 -------- d-----w- c:\windows\system32\KB905474

2009-10-22 23:01 . 2009-03-11 03:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe

2009-10-22 23:01 . 2009-03-11 03:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe

2009-10-22 21:53 . 2009-10-22 22:05 -------- d-----w- c:\windows\system32\CatRoot_bak

2009-10-21 15:29 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-10-21 15:29 . 2009-10-21 15:29 -------- d-----w- c:\program files\Avira

2009-10-21 09:19 . 2009-10-21 09:19 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2009-10-21 08:12 . 2009-10-26 02:46 0 ----a-r- c:\windows\win32k.sys

2009-10-19 05:09 . 2009-10-19 05:09 -------- d-----w- c:\documents and settings\William Seimetz\.jnlp-applet

2009-10-07 22:03 . 2009-10-07 22:03 -------- d-----w- C:\users

2009-10-05 20:40 . 2009-10-05 20:41 -------- d-----w- c:\documents and settings\William Seimetz\Application Data\ooVoo Details

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-26 02:25 . 2007-03-26 19:07 -------- d-----w- c:\program files\Lavasoft

2009-10-23 05:57 . 2008-08-11 11:59 -------- d-----w- c:\program files\Microsoft Silverlight

2009-10-22 06:43 . 2009-02-09 23:09 -------- d-----w- c:\program files\Windows Media Connect 2

2009-10-22 06:43 . 2005-08-18 18:28 -------- d-----w- c:\program files\Resnet Configuration Utility

2009-10-22 06:43 . 2007-12-12 04:16 -------- d-----w- c:\program files\PE

2009-10-22 06:43 . 2009-01-12 07:39 -------- d-----w- c:\program files\Palm

2009-10-22 06:43 . 2005-04-15 21:01 -------- d-----w- c:\program files\NetWaiting

2009-10-22 06:43 . 2008-07-18 09:52 -------- d-----w- c:\program files\LimeWire

2009-10-22 06:43 . 2005-04-15 21:01 -------- d-----w- c:\program files\Modem Helper

2009-10-22 06:43 . 2006-09-11 06:17 -------- d-----w- c:\program files\Library

2009-10-22 06:43 . 2007-12-14 15:16 -------- d-----w- c:\program files\DivX

2009-10-22 06:43 . 2005-04-15 20:40 -------- d-----w- c:\program files\Apoint

2009-10-21 09:38 . 2008-07-18 09:53 -------- d-----w- c:\documents and settings\William Seimetz\Application Data\LimeWire

2009-10-06 03:03 . 2007-10-17 20:15 -------- d-----w- c:\program files\Full Tilt Poker

2009-10-06 03:03 . 2005-04-15 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-10-06 03:00 . 2008-12-03 17:53 -------- d-----w- c:\program files\Google

2009-10-05 21:04 . 2009-10-05 21:04 -------- d-----w- c:\program files\DV Series

2009-09-21 20:29 . 2009-09-21 20:29 -------- d-----w- c:\program files\Siber Systems

2009-09-21 13:50 . 2009-09-16 08:21 -------- d-----w- c:\program files\GRETECH

2009-09-15 00:05 . 2005-07-25 07:15 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-14 22:06 . 2008-12-11 20:10 5 -c--a-w- c:\windows\sbacknt.bin

2009-08-14 22:04 . 2008-12-11 20:06 152904 -c--a-w- c:\windows\system32\vghd.scr

2009-08-07 06:42 . 2008-09-29 09:30 1053056 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys

2006-10-01 17:23 . 2006-10-01 17:23 28672 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2006-10-01 17:23 . 2006-10-01 17:23 86016 -c--a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2006-10-01 17:23 . 2006-10-01 17:23 90112 -c--a-w- c:\program files\mozilla firefox\plugins\mwmcli.dll

2007-01-07 10:36 . 2007-01-07 10:35 80 -csh--r- c:\windows\SYSTEM32\B4716037E4.dll

.

------- Sigcheck -------

[-] 2009-10-22 22:50 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe

[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2007-06-13 10:23 . !HASH: COULD NOT OPEN FILE !!!!! . 1033216 . . [------] . . c:\windows\explorer.exe

[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe

[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SYSTEM32\DLLCACHE\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-19 50528]

"dlmMgr"="c:\program files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" [2004-11-13 414208]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-09-21 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-02-07 606208]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-31 148888]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]

c:\documents and settings\William Seimetz\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-6-22 139776]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-4-15 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"Midi1"=usbmn2x2.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GhostSurf proxy.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GhostSurf proxy.lnk

backup=c:\windows\pss\GhostSurf proxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpyCatcher Protector.lnk

backup=c:\windows\pss\SpyCatcher Protector.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^William Seimetz^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\documents and settings\William Seimetz\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^William Seimetz^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\documents and settings\William Seimetz\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"UpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443

"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

S2 Ca533av;DV Series Video Capture;c:\windows\SYSTEM32\DRIVERS\Ca533av.sys [10/5/2009 4:04 PM 515803]

S3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\SYSTEM32\DRIVERS\usb22ldr.sys [7/10/2008 11:15 AM 20936]

S3 USBCamera;DV Series Digital Camera;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [10/5/2009 4:04 PM 10984]

S3 USBMN2X2;M-Audio USB MidiSport 2x2;c:\windows\system32\drivers\usbmn2x2.sys --> c:\windows\system32\drivers\usbmn2x2.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - avgio

*Deregistered* - avipbb

*Deregistered* - mbr

*Deregistered* - ssmdrv

.

Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-10-22 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-10-22 03:18]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>;*.local

uInternet Settings,ProxyServer = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {{A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - c:\program files\gamingclubMPP\MPPoker.exe

FF - ProfilePath - c:\documents and settings\William Seimetz\Application Data\Mozilla\Firefox\Profiles\05i12wy5.default\

FF - prefs.js: browser.search.selectedEngine - Fast Browser Search

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

.

- - - - ORPHANS REMOVED - - - -

BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)

HKLM-Run-GhostSurf Reminder - (no file)

HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe

HKU-Default-Run-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe

HKU-Default-RunOnce-WUAppSetup - c:\program files\Common Files\logishrd\WUApp32.exe

HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9f.exe

AddRemove-Dasher - c:\program files\Internet Chess Club\Dasher\Dasher-uninstall.exe

AddRemove-MP3 Converter Simple - c:\progra~1\MP3CON~1\UNWISE.EXE

AddRemove-rgcAudio Triangle II DXi2 Synthesizer_is1 - c:\program files\Cakewalk\Shared Dxi\Triangle II\unins000.exe

AddRemove-Sound'Em 1.0 - c:\program files\DV Series\UNWISE.EXE

AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-25 23:34

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2401662498-2851472548-1797065733-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG08.00.00.01WORKSTATION"="8155418F5292C0A72437466580DDA81263CCA31AE8C5F3067B461EF9D9CACB6C8AC0F5EF103

85AB2EEA5DB25E09850D0BC51756B768FEB1BBD8A7C7C18721C69054ED88186BFAB8714E3E0F4645

B

857E08C61C4C35A07B28DE6098F35F41AA114C91569D5078E6AD1808B55BA189BB6091E6858ED291

F

64F9545951F17254C841DEC600EADC401E3E0F93B504E1C29728A43A4F51F8FF6E97C8D962F47201

C

181C1A6B13809C351B3BFAD93D461E486288BC733C11DAD6000FE1C4CA9FC8F454CCA5F3DECF8A80

F

9D519F9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127

B

ECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6171C11EC38DE3DBA7FD86916

4

D679429FCE15A5DB1EA6EB40BF75B025FCBD303BBB82F0AE17E62DBD57016480ABA777D8E30CDA23

F

80752A6141C383A5287B02FE6050A54F51A82F44D3099CFE98F3E7C8499845FC209431F284B67475

6

7F586A9651BF86D76BDBC0AB019F7C4D4654532B8B009C84E5EB59FC6C9AFD69447291460E7A00F1

D

38E815D47ED014E190E7F3224F6064E5E696E71ED7C9340D76F539FD4F6B66472E8A7DA1B4558B09

B

E965D3B71F57611C826F4367F875D828E6DBA7DB1598DCCBA71790DFCE12BE6BA0BDE4FD6230952A

0

2C10CDA1E006F91C02D93534237FD67EDDE79FDB0C5AE8D6F28E3B85FA0CFD916329B9E58444CF33

9

C800B3A329EE59D83C875189A6053E6EFA7724742CFBCBF7A535FB55595AE6A9ABAFC72A6ADCBBE0

D

40423E886B3F449806FAA8EF8B8A5695C3BABEE5D71ADC49B69A4A51D52F0E1619C99E070E974AF7

2

DEEFA31DA3982CA57DBF202CEE6A76E4A09F3B8A20A3AB13F654DF73B1C5B89C17D52663A6EF4A40

C

650AA5A1406FC26C7E681985AD78E2C381A273CDE05BC18F668AA48D2064A3050FFC845CA2597038

C

8E2DE52BAFEA3DA22BAC5844E32058382BEB31A1E0AB809A20A81ED619098EE48E0ADC1A88A615ED

9

F56DFE1FCD2FAEBACF100B08A34D0302B3B82AA0C3CE747126DC6FC2DAFA4A53F79D42621E8CC78E

E

36BEE5172BB819DBF75C759A51CCF4C3B75DC2732C7C0CB28BF397D97DFA80FE2A8B644BC52397DB

8

BA635C6D7B2DF4E8B66EC8D9900514B5ED30A8335FCEE2FC62BAFDCBD3FDBE6D3D7AC954DCDC9A41

9

26BED9C1282128C7759EC6DB3DC451FE2346E6DF7CC8FED66F1179A24520315B080324A7C433DE4D

F

C92DC67C1882812C42DAF36A453291D4910E81AAA5867B6ABF04B5757A2534DF7A9BC4CB6AFE1CF1

6

6DAB3C8A77FF359034DD0BB141151CE1B263896FAE937E149BFEF27E1AE2D1E08DC87A65D6170F85

7

C5D1967AA2B4A0ECAFACEBBF416E0777F55408B11EB3CA70A0CB0C6F58ABEE813DD4F0DECE0956F0

8

A7276E3F49EA02AED825C2D6AF6CB"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)

c:\program files\Intel\Wireless\Bin\LgNotify.dll

.

Completion time: 2009-10-26 23:41

ComboFix-quarantined-files.txt 2009-10-26 04:40

Pre-Run: 2,413,731,840 bytes free

Post-Run: 2,380,603,392 bytes free

- - End Of File - - F6C52428B3D0AAE359E154029BE2293E

First MBAM Quick Scan Log:

Malwarebytes' Anti-Malware 1.41

Database version: 3034

Windows 5.1.2600 Service Pack 2

10/26/2009 12:15:01 AM

mbam-log-2009-10-26 (00-15-01).txt

Scan type: Quick Scan

Objects scanned: 110645

Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Active Security (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Antivirus (Rogue.AntiVirus) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\SYSTEM32\igfxtray.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc1.exe\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc2.exe10937e\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc3.exe23379e\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc4.exe29581e\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_RON.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.