Jump to content

Desktop icons won't load after running Malwarebytes? DDS.txt and Attach.txt


Recommended Posts

ComboFix 12-05-30.04 - aaron's 05/30/2012 22:18:34.1.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1012.390 [GMT -6:00]

Running from: c:\users\aaron's\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\progra~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDRIvert.exe

c:\program files\Common Files\Uninstall

c:\program files\Common Files\Uninstall\PAV\Uninstall.lnk

c:\program files\PAV

c:\programdata\1327978977.bdinstall.bin

c:\programdata\1327979322.bdinstall.bin

c:\programdata\1327979658.bdinstall.bin

c:\programdata\1327987000.bdinstall.bin

c:\programdata\46D

c:\programdata\46D\{5E912E7C-1EEB-44E6-B3FA-D9632CDC549A}.swf

c:\programdata\Microsoft\Internet Explorer\DLLs\c.cgm

c:\users\aaron's\AppData\Roaming\C74751

c:\users\aaron's\AppData\Roaming\inst.exe

c:\users\aaron's\AppData\Roaming\Mozilla\Firefox\Profiles\co6y4dtt.default\searchplugins\bing-zugo.xml

c:\users\aaron's\AppData\Roaming\vso_ts_preview.xml

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

c:\windows\$NtUninstallKB23894$ . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))

.

.

2012-05-31 04:57 . 2012-05-31 05:02 -------- d-----w- c:\users\aaron's\AppData\Local\temp

2012-05-31 04:57 . 2012-05-31 04:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-31 01:36 . 2012-05-31 01:36 -------- d-----w- c:\users\aaron's\AppData\Roaming\Malwarebytes

2012-05-31 01:35 . 2012-05-31 01:35 -------- d-----w- c:\programdata\Malwarebytes

2012-05-31 01:35 . 2012-05-31 01:36 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-31 01:35 . 2012-04-04 21:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-31 00:36 . 2012-05-31 00:36 399264 ----a-w- c:\windows\unhide.exe

2012-05-30 23:20 . 2012-05-30 23:20 -------- d-----w- C:\found.000

2012-05-28 05:20 . 2012-05-28 05:35 -------- dc----w- c:\program files\Free Window Registry Repair

2012-05-26 04:45 . 2012-05-26 04:45 -------- d-----w- c:\programdata\PC Tools

2012-05-26 04:45 . 2012-05-26 04:45 -------- d-----w- c:\users\aaron's\AppData\Roaming\Product_PT

2012-05-26 03:54 . 2012-05-26 03:55 -------- dc----w- c:\program files\Defraggler

2012-05-26 01:46 . 2012-05-26 01:46 -------- d-----w- c:\users\aaron's\AppData\Local\VS Revo Group

2012-05-26 01:46 . 2009-12-30 17:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-05-26 01:46 . 2012-05-26 01:46 -------- dc----w- c:\program files\VS Revo Group

2012-05-26 01:00 . 2012-04-17 14:25 27080 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys

2012-05-25 23:55 . 2010-09-23 18:29 511328 -c--a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL

2012-05-25 23:45 . 2012-05-25 23:45 74703 ----a-w- c:\windows\system32\mfc45.dll

2012-05-09 20:22 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 20:22 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-09 20:21 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 20:21 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll

2012-05-09 20:20 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-05-09 20:20 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll

2012-05-09 20:20 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-05-09 20:20 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-05-09 20:20 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-05-09 20:19 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-09 20:19 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-05 07:02 . 2012-05-10 00:53 -------- d-----w- c:\programdata\YTD YouTube Downloader & Converter

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 06:11 . 2012-04-17 01:13 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 06:11 . 2012-01-13 21:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-02 13:36 . 2012-05-09 20:19 2044928 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-01-03 9210400]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4shared Desktop

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cognac

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCare

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft AutoScreenRecorder 3.1 Pro]

0 [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-03-05 18:06 173592 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-03-05 18:06 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-03-05 18:06 150552 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-01-17 13:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-04-22 110304]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2012-01-03 87968]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

hpdevmgmt REG_MULTI_SZ hpqcxs08

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 06:11]

.

2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:16]

.

2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:16]

.

2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031169062-1864207035-1914167420-1000Core.job

- c:\users\aaron's\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 18:57]

.

2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031169062-1864207035-1914167420-1000UA.job

- c:\users\aaron's\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 18:57]

.

.

------- Supplementary Scan -------

.

mStart Page = about:blank

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch

IE: &Clean Traces

IE: &Download with &DAP

IE: Download &all with DAP

IE: Download all by YouTube Robot

IE: Download by YouTube Robot

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

Trusted Zone: adobe.com\kb2

TCP: DhcpNameServer = 192.168.0.1

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)

Toolbar-10 - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-30 23:01

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\SetID\Internal]

@Denied: (A 2) (LocalSystem)

"DEVICE2"="vaaur8rPygA="

"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"

.

[HKEY_USERS\S-1-5-21-4031169062-1864207035-1914167420-1000\Software\SecuROM\License information*]

"datasecu"=hex:a2,07,db,f1,87,7b,e6,76,34,33,d8,56,f0,9d,a6,d8,bd,40,00,1e,dc,

22,28,34,9f,c8,10,46,ac,39,d7,ef,93,1a,1e,bb,4f,4c,cf,2c,0b,8c,b0,fd,de,f0,\

"rkeysecu"=hex:2e,94,cc,97,cf,8d,95,62,3d,19,af,1e,26,41,cb,4b

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\system32\conime.exe

.

**************************************************************************

.

Completion time: 2012-05-30 23:12:38 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-31 05:12

.

Pre-Run: 23,668,080,640 bytes free

Post-Run: 23,916,982,272 bytes free

.

- - End Of File - - CD052D8D8EAA4A97C4A2DF61E09A1AA7

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

Folder::
c:\windows\$NtUninstallKB23894$

ClearJavaCache::

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 12-05-30.04 - aaron's 06/01/2012 13:59:35.2.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1012.418 [GMT -6:00]

Running from: c:\users\aaron's\Desktop\ComboFix.exe

Command switches used :: c:\users\aaron's\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))

.

.

2012-06-01 20:19 . 2012-06-01 20:23 -------- d-----w- c:\users\aaron's\AppData\Local\temp

2012-06-01 20:19 . 2012-06-01 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-31 01:36 . 2012-05-31 01:36 -------- d-----w- c:\users\aaron's\AppData\Roaming\Malwarebytes

2012-05-31 01:35 . 2012-05-31 01:35 -------- d-----w- c:\programdata\Malwarebytes

2012-05-31 01:35 . 2012-05-31 01:36 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-31 01:35 . 2012-04-04 21:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-31 00:36 . 2012-05-31 00:36 399264 ----a-w- c:\windows\unhide.exe

2012-05-30 23:20 . 2012-05-30 23:20 -------- d-----w- C:\found.000

2012-05-28 05:20 . 2012-05-28 05:35 -------- dc----w- c:\program files\Free Window Registry Repair

2012-05-26 04:45 . 2012-05-26 04:45 -------- d-----w- c:\programdata\PC Tools

2012-05-26 04:45 . 2012-05-26 04:45 -------- d-----w- c:\users\aaron's\AppData\Roaming\Product_PT

2012-05-26 03:54 . 2012-05-26 03:55 -------- dc----w- c:\program files\Defraggler

2012-05-26 01:46 . 2012-05-26 01:46 -------- d-----w- c:\users\aaron's\AppData\Local\VS Revo Group

2012-05-26 01:46 . 2009-12-30 17:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-05-26 01:46 . 2012-05-26 01:46 -------- dc----w- c:\program files\VS Revo Group

2012-05-26 01:00 . 2012-04-17 14:25 27080 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys

2012-05-25 23:55 . 2010-09-23 18:29 511328 -c--a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL

2012-05-25 23:45 . 2012-05-25 23:45 74703 ----a-w- c:\windows\system32\mfc45.dll

2012-05-09 20:22 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 20:22 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-09 20:21 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 20:21 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll

2012-05-09 20:20 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-05-09 20:20 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll

2012-05-09 20:20 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-05-09 20:20 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-05-09 20:20 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-05-09 20:19 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-09 20:19 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-09 20:19 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys

2012-05-05 07:02 . 2012-05-10 00:53 -------- d-----w- c:\programdata\YTD YouTube Downloader & Converter

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 06:11 . 2012-04-17 01:13 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 06:11 . 2012-01-13 21:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-01-03 9210400]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft AutoScreenRecorder 3.1 Pro]

0 [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-03-05 18:06 173592 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-03-05 18:06 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-03-05 18:06 150552 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-01-17 13:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-04-22 110304]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2012-01-03 87968]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

hpdevmgmt REG_MULTI_SZ hpqcxs08

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 06:11]

.

2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:16]

.

2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:16]

.

2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031169062-1864207035-1914167420-1000Core.job

- c:\users\aaron's\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 18:57]

.

2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4031169062-1864207035-1914167420-1000UA.job

- c:\users\aaron's\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 18:57]

.

.

------- Supplementary Scan -------

.

mStart Page = about:blank

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch

IE: &Clean Traces

IE: &Download with &DAP

IE: Download &all with DAP

IE: Download all by YouTube Robot

IE: Download by YouTube Robot

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

Trusted Zone: adobe.com\kb2

TCP: DhcpNameServer = 192.168.0.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-01 14:23

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\SetID\Internal]

@Denied: (A 2) (LocalSystem)

"DEVICE2"="vaaur8rPygA="

"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"

.

[HKEY_USERS\S-1-5-21-4031169062-1864207035-1914167420-1000\Software\SecuROM\License information*]

"datasecu"=hex:a2,07,db,f1,87,7b,e6,76,34,33,d8,56,f0,9d,a6,d8,bd,40,00,1e,dc,

22,28,34,9f,c8,10,46,ac,39,d7,ef,93,1a,1e,bb,4f,4c,cf,2c,0b,8c,b0,fd,de,f0,\

"rkeysecu"=hex:2e,94,cc,97,cf,8d,95,62,3d,19,af,1e,26,41,cb,4b

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\system32\conime.exe

c:\windows\system32\sdclt.exe

.

**************************************************************************

.

Completion time: 2012-06-01 14:32:32 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-01 20:32

ComboFix2.txt 2012-05-31 05:12

.

Pre-Run: 26,464,104,448 bytes free

Post-Run: 26,518,052,864 bytes free

.

- - End Of File - - 4F289D07311AB2D25D2A7D1C6851A0BB

Link to post
Share on other sites

Now we need to uninstall Combofix and run a new MBAM scan

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Now run MBAM

Link to post
Share on other sites

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

  • Securing Your Web Browser
    This paper will help you configure your web browser for safer internet surfing.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

thank you so much! also you said you would help me out with the problem where it said that I had 2 anti virus programs installed? I am currently using Avast but it said I had Norton also installed, but I uninstalled that months ago. this issue was adressed earlier by you in this same topic

Link to post
Share on other sites

thank you so much! also you said you would help me out with the problem where it said that I had 2 anti virus programs installed? I am currently using Avast but it said I had Norton also installed, but I uninstalled that months ago. this issue was adressed earlier by you in this same topic

AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

It's not there any longer that I can see.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.