Jump to content

Malwarebytes

Already ran Malwarebytes and Combofix, still no icons or explorer.exe, just background

- - - - -
Started by Wilty, Oct 29 2009 03:38 PM

  • You cannot reply to this topic
No replies to this topic

#1
Wilty
Posted 29 October 2009 - 03:38 PM

    New Member

  • Members
  • Pip
  • 6 posts
Problem: My computer is infected with some malware or virus. I really don't know. It had disabled everything except for my background and mouse cursor. I can ctrl, alt, del and run programs through that. No explorer.exe, etc...IE works, and initially I wasn't able to run mbam (until I changed the file name) avast, or adaware, only avira worked.

Steps Taken: I have read extensively and done all the necessary procedures through this website as well as others and still have had no luck with a fix.
1. Computer infected- Ran adaware, icons still present.
2. Restarted computer due to blue screen, everything was gone.
3. Found out to ctrl. alt. del., wasn't able to dl mbam.exe
4. Dl'ed combofix, ran that appropriately (two times, etc..). Still no icons. (log pasted below)
5. Mbam.exe now worked, ran it quick. Found some infections/viruses (whatever the hell it does) Still no icons.
6. Dl'ed superantispyware, found more crap. Restarted. Still no icons.
7. Dl'ed service pack 3. (couldn't find explorer.exe and a couple other files), restarted. Nothing.
8. Dl'ed Microsoft's Repair Tool. Nada.
9. Ran Full scan of Mbam, 1 infection. restarted. nothing.
10. Put gun to computer.

Seriously, what's going on here?

Below are combofix log and first working mbam scan log

Combofix log:

ComboFix 09-10-25.02 - William Seimetz 10/25/2009 23:24.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1271.905 [GMT -5:00]
Running from: c:\documents and settings\William Seimetz\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\LocalService\Application Data\NetMon
c:\program files\akl
c:\program files\akl\akl.dll
c:\program files\akl\akl.exe
c:\program files\akl\uninstall.exe
c:\program files\akl\unsetup.exe
c:\program files\Common Files\ymante~1
c:\program files\curity~1
c:\program files\Inet Delivery
c:\program files\Inet Delivery\inetdl.exe
c:\program files\Inet Delivery\intdel.exe
c:\windows\a.bat
c:\windows\base64.tmp
c:\windows\bdn.com
c:\windows\FVProtect.exe
c:\windows\iTunesMusic.exe
c:\windows\msa.exe
c:\windows\mslagent
c:\windows\mslagent\2_mslagent.dll
c:\windows\mslagent\mslagent.exe
c:\windows\mslagent\uninstall.exe
c:\windows\mssecu.exe
c:\windows\system32\akttzn.exe
c:\windows\system32\anticipator.dll
c:\windows\system32\awtoolb.dll
c:\windows\system32\bdn.com
c:\windows\system32\bsva-egihsg52.exe
c:\windows\system32\dpcproxy.exe
c:\windows\system32\emesx.dll
c:\windows\system32\FTPx.dll
c:\windows\system32\hoproxy.dll
c:\windows\system32\hxiwlgpm.dat
c:\windows\system32\hxiwlgpm.exe
c:\windows\system32\MabryObj.dll
c:\windows\system32\MCGea0Ew.exe.a_a
c:\windows\system32\medup012.dll
c:\windows\system32\medup020.dll
c:\windows\system32\msgp.exe
c:\windows\system32\msnbho.dll
c:\windows\system32\mssecu.exe
c:\windows\system32\msvchost.exe
c:\windows\system32\mtr2.exe
c:\windows\system32\mwin32.exe
c:\windows\system32\netode.exe
c:\windows\system32\newsd32.exe
c:\windows\system32\ps1.exe
c:\windows\system32\psof1.exe
c:\windows\system32\psoft1.exe
c:\windows\system32\regc64.dll
c:\windows\system32\regm64.dll
c:\windows\system32\Rundl1.exe
c:\windows\system32\smp
c:\windows\system32\smp\msrc.exe
c:\windows\system32\sncntr.exe
c:\windows\system32\ssembl~1
c:\windows\system32\ssurf022.dll
c:\windows\system32\ssvchost.com
c:\windows\system32\ssvchost.exe
c:\windows\system32\sysreq.exe
c:\windows\system32\taack.dat
c:\windows\system32\taack.exe
c:\windows\system32\temp#01.exe
c:\windows\system32\thun.dll
c:\windows\system32\thun32.dll
c:\windows\system32\VBIEWER.OCX
c:\windows\system32\vbsys2.dll
c:\windows\system32\vcatchpi.dll
c:\windows\system32\winlogonpc.exe
c:\windows\system32\winsystem.exe
c:\windows\system32\WINWGPX.EXE
c:\windows\tsks~1
c:\windows\userconfig9x.dll
c:\windows\V2lsbGlhbSBTZWltZXR6
c:\windows\winsystem.exe
c:\windows\zip1.tmp
c:\windows\zip2.tmp
c:\windows\zip3.tmp
c:\windows\zipped.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_NWCWORKSTATION
-------\Legacy_SYSREST.SYS
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_cmdService
-------\Service_NWCWorkstation


((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 )))))))))))))))))))))))))))))))
.

2009-10-26 03:52 . 2009-10-26 03:52 -------- d-----w- C:\explorer.exe10937e
2009-10-26 03:25 . 2009-10-26 03:26 -------- d-----w- C:\explorer.exe29581e
2009-10-26 03:19 . 2009-10-26 03:47 -------- d-----w- C:\explorer.exe23379e
2009-10-26 03:09 . 2009-10-26 03:09 -------- d-----w- C:\explorer.exe
2009-10-26 02:49 . 2009-10-26 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-26 02:37 . 2009-10-26 02:41 -------- d-----w- c:\program files\will seimetz
2009-10-23 06:48 . 2009-10-23 06:48 -------- d-----w- c:\documents and settings\William Seimetz\Application Data\Malwarebytes
2009-10-23 06:48 . 2009-10-23 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-23 06:03 . 2009-10-23 06:03 -------- d-sh--w- c:\documents and settings\William Seimetz\PrivacIE
2009-10-23 06:01 . 2009-10-23 06:01 -------- d-sh--w- c:\documents and settings\William Seimetz\IETldCache
2009-10-23 05:46 . 2009-10-23 05:49 -------- dc-h--w- c:\windows\ie8
2009-10-22 23:01 . 2009-10-22 23:01 -------- d-----w- c:\windows\system32\KB905474
2009-10-22 23:01 . 2009-03-11 03:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-10-22 23:01 . 2009-03-11 03:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-10-22 21:53 . 2009-10-22 22:05 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-21 15:29 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-21 15:29 . 2009-10-21 15:29 -------- d-----w- c:\program files\Avira
2009-10-21 09:19 . 2009-10-21 09:19 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-21 08:12 . 2009-10-26 02:46 0 ----a-r- c:\windows\win32k.sys
2009-10-19 05:09 . 2009-10-19 05:09 -------- d-----w- c:\documents and settings\William Seimetz\.jnlp-applet
2009-10-07 22:03 . 2009-10-07 22:03 -------- d-----w- C:\users
2009-10-05 20:40 . 2009-10-05 20:41 -------- d-----w- c:\documents and settings\William Seimetz\Application Data\ooVoo Details

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 02:25 . 2007-03-26 19:07 -------- d-----w- c:\program files\Lavasoft
2009-10-23 05:57 . 2008-08-11 11:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-22 06:43 . 2009-02-09 23:09 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-22 06:43 . 2005-08-18 18:28 -------- d-----w- c:\program files\Resnet Configuration Utility
2009-10-22 06:43 . 2007-12-12 04:16 -------- d-----w- c:\program files\PE
2009-10-22 06:43 . 2009-01-12 07:39 -------- d-----w- c:\program files\Palm
2009-10-22 06:43 . 2005-04-15 21:01 -------- d-----w- c:\program files\NetWaiting
2009-10-22 06:43 . 2008-07-18 09:52 -------- d-----w- c:\program files\LimeWire
2009-10-22 06:43 . 2005-04-15 21:01 -------- d-----w- c:\program files\Modem Helper
2009-10-22 06:43 . 2006-09-11 06:17 -------- d-----w- c:\program files\Library
2009-10-22 06:43 . 2007-12-14 15:16 -------- d-----w- c:\program files\DivX
2009-10-22 06:43 . 2005-04-15 20:40 -------- d-----w- c:\program files\Apoint
2009-10-21 09:38 . 2008-07-18 09:53 -------- d-----w- c:\documents and settings\William Seimetz\Application Data\LimeWire
2009-10-06 03:03 . 2007-10-17 20:15 -------- d-----w- c:\program files\Full Tilt Poker
2009-10-06 03:03 . 2005-04-15 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 03:00 . 2008-12-03 17:53 -------- d-----w- c:\program files\Google
2009-10-05 21:04 . 2009-10-05 21:04 -------- d-----w- c:\program files\DV Series
2009-09-21 20:29 . 2009-09-21 20:29 -------- d-----w- c:\program files\Siber Systems
2009-09-21 13:50 . 2009-09-16 08:21 -------- d-----w- c:\program files\GRETECH
2009-09-15 00:05 . 2005-07-25 07:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-14 22:06 . 2008-12-11 20:10 5 -c--a-w- c:\windows\sbacknt.bin
2009-08-14 22:04 . 2008-12-11 20:06 152904 -c--a-w- c:\windows\system32\vghd.scr
2009-08-07 06:42 . 2008-09-29 09:30 1053056 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys
2006-10-01 17:23 . 2006-10-01 17:23 28672 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2006-10-01 17:23 . 2006-10-01 17:23 86016 -c--a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2006-10-01 17:23 . 2006-10-01 17:23 90112 -c--a-w- c:\program files\mozilla firefox\plugins\mwmcli.dll
2007-01-07 10:36 . 2007-01-07 10:35 80 -csh--r- c:\windows\SYSTEM32\B4716037E4.dll
.

------- Sigcheck -------

[-] 2009-10-22 22:50 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 . !HASH: COULD NOT OPEN FILE !!!!! . 1033216 . . [------] . . c:\windows\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SYSTEM32\DLLCACHE\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-19 50528]
"dlmMgr"="c:\program files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" [2004-11-13 414208]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-09-21 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-02-07 606208]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-31 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]

c:\documents and settings\William Seimetz\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-6-22 139776]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-4-15 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=usbmn2x2.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GhostSurf proxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GhostSurf proxy.lnk
backup=c:\windows\pss\GhostSurf proxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpyCatcher Protector.lnk
backup=c:\windows\pss\SpyCatcher Protector.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^William Seimetz^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\William Seimetz\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^William Seimetz^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\William Seimetz\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"UpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

S2 Ca533av;DV Series Video Capture;c:\windows\SYSTEM32\DRIVERS\Ca533av.sys [10/5/2009 4:04 PM 515803]
S3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\SYSTEM32\DRIVERS\usb22ldr.sys [7/10/2008 11:15 AM 20936]
S3 USBCamera;DV Series Digital Camera;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [10/5/2009 4:04 PM 10984]
S3 USBMN2X2;M-Audio USB MidiSport 2x2;c:\windows\system32\drivers\usbmn2x2.sys --> c:\windows\system32\drivers\usbmn2x2.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - avgio
*Deregistered* - avipbb
*Deregistered* - mbr
*Deregistered* - ssmdrv
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-10-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-22 03:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - c:\program files\gamingclubMPP\MPPoker.exe
FF - ProfilePath - c:\documents and settings\William Seimetz\Application Data\Mozilla\Firefox\Profiles\05i12wy5.default\
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
HKLM-Run-GhostSurf Reminder - (no file)
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
HKU-Default-Run-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
HKU-Default-RunOnce-WUAppSetup - c:\program files\Common Files\logishrd\WUApp32.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9f.exe
AddRemove-Dasher - c:\program files\Internet Chess Club\Dasher\Dasher-uninstall.exe
AddRemove-MP3 Converter Simple - c:\progra~1\MP3CON~1\UNWISE.EXE
AddRemove-rgcAudio Triangle II DXi2 Synthesizer_is1 - c:\program files\Cakewalk\Shared Dxi\Triangle II\unins000.exe
AddRemove-Sound'Em 1.0 - c:\program files\DV Series\UNWISE.EXE
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 23:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2401662498-2851472548-1797065733-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="8155418F5292C0A72437466580DDA81263CCA31AE8C5F3067B461EF9D9CACB6C8AC0F5EF103
85AB2EEA5DB25E09850D0BC51756B768FEB1BBD8A7C7C18721C69054ED88186BFAB8714E3E0F4645
B
857E08C61C4C35A07B28DE6098F35F41AA114C91569D5078E6AD1808B55BA189BB6091E6858ED291
F
64F9545951F17254C841DEC600EADC401E3E0F93B504E1C29728A43A4F51F8FF6E97C8D962F47201
C
181C1A6B13809C351B3BFAD93D461E486288BC733C11DAD6000FE1C4CA9FC8F454CCA5F3DECF8A80
F
9D519F9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127
B
ECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6171C11EC38DE3DBA7FD86916
4
D679429FCE15A5DB1EA6EB40BF75B025FCBD303BBB82F0AE17E62DBD57016480ABA777D8E30CDA23
F
80752A6141C383A5287B02FE6050A54F51A82F44D3099CFE98F3E7C8499845FC209431F284B67475
6
7F586A9651BF86D76BDBC0AB019F7C4D4654532B8B009C84E5EB59FC6C9AFD69447291460E7A00F1
D
38E815D47ED014E190E7F3224F6064E5E696E71ED7C9340D76F539FD4F6B66472E8A7DA1B4558B09
B
E965D3B71F57611C826F4367F875D828E6DBA7DB1598DCCBA71790DFCE12BE6BA0BDE4FD6230952A
0
2C10CDA1E006F91C02D93534237FD67EDDE79FDB0C5AE8D6F28E3B85FA0CFD916329B9E58444CF33
9
C800B3A329EE59D83C875189A6053E6EFA7724742CFBCBF7A535FB55595AE6A9ABAFC72A6ADCBBE0
D
40423E886B3F449806FAA8EF8B8A5695C3BABEE5D71ADC49B69A4A51D52F0E1619C99E070E974AF7
2
DEEFA31DA3982CA57DBF202CEE6A76E4A09F3B8A20A3AB13F654DF73B1C5B89C17D52663A6EF4A40
C
650AA5A1406FC26C7E681985AD78E2C381A273CDE05BC18F668AA48D2064A3050FFC845CA2597038
C
8E2DE52BAFEA3DA22BAC5844E32058382BEB31A1E0AB809A20A81ED619098EE48E0ADC1A88A615ED
9
F56DFE1FCD2FAEBACF100B08A34D0302B3B82AA0C3CE747126DC6FC2DAFA4A53F79D42621E8CC78E
E
36BEE5172BB819DBF75C759A51CCF4C3B75DC2732C7C0CB28BF397D97DFA80FE2A8B644BC52397DB
8
BA635C6D7B2DF4E8B66EC8D9900514B5ED30A8335FCEE2FC62BAFDCBD3FDBE6D3D7AC954DCDC9A41
9
26BED9C1282128C7759EC6DB3DC451FE2346E6DF7CC8FED66F1179A24520315B080324A7C433DE4D
F
C92DC67C1882812C42DAF36A453291D4910E81AAA5867B6ABF04B5757A2534DF7A9BC4CB6AFE1CF1
6
6DAB3C8A77FF359034DD0BB141151CE1B263896FAE937E149BFEF27E1AE2D1E08DC87A65D6170F85
7
C5D1967AA2B4A0ECAFACEBBF416E0777F55408B11EB3CA70A0CB0C6F58ABEE813DD4F0DECE0956F0
8
A7276E3F49EA02AED825C2D6AF6CB"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-10-26 23:41
ComboFix-quarantined-files.txt 2009-10-26 04:40

Pre-Run: 2,413,731,840 bytes free
Post-Run: 2,380,603,392 bytes free

- - End Of File - - F6C52428B3D0AAE359E154029BE2293E



First MBAM Quick Scan Log:

Malwarebytes' Anti-Malware 1.41
Database version: 3034
Windows 5.1.2600 Service Pack 2

10/26/2009 12:15:01 AM
mbam-log-2009-10-26 (00-15-01).txt

Scan type: Quick Scan
Objects scanned: 110645
Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Active Security (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Antivirus (Rogue.AntiVirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\igfxtray.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc1.exe\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc2.exe10937e\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc3.exe23379e\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2401662498-2851472548-1797065733-1006\Dc4.exe29581e\iexplore.exe (Worm.Autorun. -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_RON.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us