Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

USB AutoRun.inf


  • This topic is locked This topic is locked
2 replies to this topic

#1 Agent3

Agent3

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 13 May 2011 - 11:01 AM

Hello, I caught a virus from someone's usb on my computer. Now everything I insert a flash drive, Malwarebytes detects and deletes it but every time I restart the machine, it comes back. The location is in x:\adobereader\DSC15829.jpg The adobereader folder is hidden in the flash drive. I tried formatting my flash drive but it didn't work. I did a complete AV and Malwarebytes scan but it still remained. Here is my log. Thanks in advance.




ComboFix 11-05-12.04 - Jesse 05/13/2011 11:33:25.1.2 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.2600 [GMT -4:00]
Running from: c:\users\Jesse\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jesse\AppData\Roaming\Local
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\0.ddi
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\1.ddi
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\2.ddi
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\3.ddi
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\4.ddi
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\5.ddi
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\6.ddi
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\7.ddi
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Apples_and_Oranges_Trailer_720-12Mbps.divx
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Apples_and_Oranges_Trailer_720-12Mbps.divx.ddr
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(2)
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(2).ddr
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(3)
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(3).ddr
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(4)
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(4).ddr
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(5)
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(5).ddr
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(6)
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(6).ddr
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(7)
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(7).ddr
c:\users\Jesse\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video.ddr
c:\users\Jesse\AppData\Roaming\Microsoft\services137.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 )))))))))))))))))))))))))))))))
.
.
2011-05-13 15:23 . 2011-05-13 15:30 -------- d-----w- C:\32788R22FWJFW
2011-05-13 01:11 . 2011-05-13 01:11 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-05-12 23:39 . 2011-05-12 23:39 -------- d-----w- c:\programdata\Kaspersky Lab
2011-05-12 16:03 . 2011-05-12 16:03 -------- d-----w- c:\users\Jesse\AppData\Local\ESET
2011-05-07 15:46 . 2011-05-07 15:46 -------- d-----w- c:\users\Jesse\AppData\Roaming\Registry Mechanic
2011-05-07 15:41 . 2010-09-16 16:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-05-07 15:41 . 2008-04-02 20:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-05-07 15:41 . 2008-04-02 20:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-05-07 15:41 . 2008-04-02 20:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-05-07 15:41 . 2004-08-04 12:00 506368 ----a-w- c:\windows\system32\msxml.dll
2011-05-07 15:41 . 2011-05-07 15:41 -------- d-----w- c:\program files\Common Files\PC Tools
2011-05-06 16:48 . 2011-05-06 16:48 -------- d-----w- c:\users\Jesse\AppData\Local\AMD
2011-05-06 16:48 . 2011-05-06 16:48 -------- d-----w- c:\programdata\ATI
2011-05-06 16:40 . 2011-05-06 16:40 -------- d-----w- c:\program files\AMD APP
2011-05-06 16:40 . 2011-05-06 16:40 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-05-06 16:40 . 2011-05-06 16:40 -------- d-----w- c:\programdata\AMD
2011-05-06 16:40 . 2010-02-18 13:18 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2011-05-06 16:39 . 2011-05-06 16:40 -------- d-----w- c:\program files\ATI Technologies
2011-05-06 16:39 . 2011-05-06 16:39 -------- d-----w- c:\program files\ATI
2011-05-06 16:11 . 2011-04-18 13:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{833DC573-4ADB-4014-89D9-78DFA9DBFEEE}\mpengine.dll
2011-05-06 16:09 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2011-05-06 16:09 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
2011-05-06 16:09 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2011-05-06 16:09 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2011-05-06 16:09 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-06 16:09 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-06 16:09 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-05-06 16:09 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-05-06 16:09 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-05-06 16:08 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-06 16:08 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2011-05-06 16:08 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2011-05-06 16:07 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2011-05-06 16:07 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-06 16:07 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-05-06 16:06 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-06 16:06 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-06 16:06 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-06 16:06 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-06 16:06 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-05-06 15:37 . 2011-05-06 15:37 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-06 15:37 . 2011-05-06 15:37 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-06 15:37 . 2011-05-06 15:37 -------- d-----w- c:\program files\OpenAL
2011-05-06 15:36 . 2011-05-06 15:36 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2011-05-06 15:35 . 2011-05-06 15:35 -------- d-----w- c:\program files\Futuremark
2011-05-06 15:29 . 2011-05-06 16:49 -------- d-----w- c:\program files\SpeedFan
2011-05-04 20:58 . 2011-05-04 20:58 -------- d-----w- c:\users\Jesse\AppData\Roaming\AnvSoft
2011-05-04 20:58 . 2011-05-04 20:58 -------- d-----w- c:\program files\AnvSoft
2011-05-04 20:52 . 2011-05-04 20:52 -------- d-----w- c:\program files\WM Converter
2011-05-04 19:47 . 2011-05-04 21:49 -------- d-----w- c:\users\Jesse\AppData\Local\WMTools Downloaded Files
2011-05-04 15:59 . 2011-05-04 15:59 -------- d-----w- c:\program files\Movie Maker 2.6
2011-05-04 15:53 . 2011-05-04 15:53 -------- d-----w- c:\users\Jesse\AppData\Local\{6B29C533-48C9-4EA8-B325-220372A83AD1}
2011-05-04 15:26 . 2011-05-04 15:26 -------- d-----w- c:\windows\en
2011-05-04 15:25 . 2010-09-23 04:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-05-04 15:23 . 2011-05-04 15:23 -------- d-----w- c:\program files\Microsoft Silverlight
2011-05-04 15:23 . 2011-05-04 15:23 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\28e7df501cc0a6f06\DSETUP.dll
2011-05-04 15:23 . 2011-05-04 15:23 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\28e7df501cc0a6f06\DXSETUP.exe
2011-05-04 15:23 . 2011-05-04 15:23 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\28e7df501cc0a6f06\dsetup32.dll
2011-05-04 15:22 . 2011-05-04 15:22 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\25ab2ae01cc0a6f05\DSETUP.dll
2011-05-04 15:22 . 2011-05-04 15:22 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\25ab2ae01cc0a6f05\DXSETUP.exe
2011-05-04 15:22 . 2011-05-04 15:22 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\25ab2ae01cc0a6f05\dsetup32.dll
2011-05-04 15:22 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2011-05-04 15:22 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-05-04 15:22 . 2011-05-04 15:22 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\219d6ad01cc0a6f04\Silverlight.4.0.exe
2011-05-04 15:22 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-05-04 15:22 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2011-05-04 15:22 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-05-04 15:22 . 2011-05-06 04:14 -------- d-----w- c:\users\Jesse\AppData\Local\Windows Live
2011-04-30 16:57 . 2011-04-30 16:57 -------- d-----w- c:\users\Jesse\AppData\Roaming\MonkeyJam
2011-04-30 16:56 . 2005-02-27 21:11 424960 ----a-w- c:\windows\system32\wavdest.ax
2011-04-28 00:00 . 2011-04-28 00:00 -------- d-----w- c:\program files\LG Electronics
2011-04-28 00:00 . 2010-01-25 10:11 19968 ----a-w- c:\windows\system32\drivers\lgandgps.sys
2011-04-28 00:00 . 2010-01-25 10:11 20864 ----a-w- c:\windows\system32\drivers\lganddiag.sys
2011-04-28 00:00 . 2010-01-25 10:11 24960 ----a-w- c:\windows\system32\drivers\lgandmodem.sys
2011-04-28 00:00 . 2010-01-25 10:11 14336 ----a-w- c:\windows\system32\drivers\lgandbus.sys
2011-04-24 03:14 . 2011-04-24 03:14 -------- d-----w- c:\program files\WinSCP
2011-04-22 17:56 . 2011-04-23 20:06 -------- d-----w- c:\users\Jesse\.shsh
2011-04-22 17:24 . 2011-04-22 17:25 -------- d-----w- c:\program files\iTunes
2011-04-22 17:24 . 2011-04-22 17:24 -------- d-----w- c:\program files\iPod
2011-04-22 17:02 . 2011-04-22 17:02 -------- d-----w- c:\program files\Bonjour
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 15:23 . 2009-08-18 16:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 04:10 . 2011-04-06 04:10 7774208 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-06 02:09 . 2011-04-06 02:09 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-06 02:09 . 2011-04-06 02:09 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-06 02:09 . 2011-04-06 02:09 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-06 02:07 . 2011-04-06 02:07 17469952 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-06 02:03 . 2011-04-06 02:03 147456 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-06 02:03 . 2011-04-06 02:03 671744 ----a-w- c:\windows\system32\aticfx32.dll
2011-04-06 01:59 . 2011-04-06 01:59 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-06 01:59 . 2011-04-06 01:59 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-06 01:58 . 2011-04-06 01:58 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-06 01:57 . 2011-04-06 01:57 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-04-06 01:57 . 2011-04-06 01:57 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-06 01:57 . 2011-04-06 01:57 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-06 01:56 . 2011-04-06 01:56 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-06 01:56 . 2011-04-06 01:56 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-06 01:53 . 2009-07-13 22:09 4307968 ----a-w- c:\windows\system32\atidxx32.dll
2011-04-06 01:42 . 2011-04-06 01:42 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-06 01:42 . 2011-04-06 01:42 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-06 01:38 . 2011-04-06 01:38 6098432 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-06 01:35 . 2009-06-10 21:19 4256768 ----a-w- c:\windows\system32\atiumdag.dll
2011-04-06 01:34 . 2011-04-06 01:34 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-04-06 01:28 . 2011-04-06 01:28 52736 ----a-w- c:\windows\system32\coinst.dll
2011-04-06 01:26 . 2009-07-13 22:09 3631616 ----a-w- c:\windows\system32\atiumdva.dll
2011-04-06 01:22 . 2011-04-06 01:22 258048 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-06 01:22 . 2011-04-06 01:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-06 01:21 . 2011-04-06 01:21 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-04-06 01:21 . 2011-04-06 01:21 242176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-06 01:20 . 2011-04-06 01:20 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-04-06 01:20 . 2011-04-06 01:20 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-04-06 01:20 . 2011-04-06 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-06 01:13 . 2011-04-06 01:13 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-06 01:13 . 2011-04-06 01:13 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-02-18 20:36 . 2011-02-18 20:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 20:36 . 2011-02-18 20:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-04-29 02:10 . 2011-03-24 02:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-06 336384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Jesse^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ------w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 08:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 21:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2010-04-15 08:17 427328 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 20:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 04:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 22:08 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 13:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 15.0]
2009-10-02 01:32 2596712 ----a-w- c:\program files\Norton Ghost\Agent\VProTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-04-06 02:10 336384 ------w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-06 697328]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-06 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-06 294400]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
R2 WCUService_STR;Splashtop Remote Software Updater Service;c:\program files\Splashtop\Splashtop Remote Software Updater\WCUService.exe [2010-12-17 894792]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-06 7774208]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-06 242176]
R3 Andbus;LGE Android Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-01-25 14336]
R3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-01-25 20864]
R3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-01-25 19968]
R3 ANDModem;LGE Android USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-01-25 24960]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 cpuz130;cpuz130;c:\users\Jesse\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-09-22 1571336]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-22 46192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 7168]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2009-09-22 1964528]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 20:13]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 20:13]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download All By FlashGet3 - c:\users\Jesse\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\Jesse\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\vrybtk5d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/weather/hourbyhour/graph/11367#
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-Adobe Reader Speed Launcher - c:\users\Jesse\AppData\Roaming\Microsoft\services137.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\users\Jesse\AppData\Roaming\Microsoft\services137.exe
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4154043401-399931997-2325302330-1000\Software\SecuROM\License information*]
"datasecu"=hex:dd,64,55,90,0b,40,35,e8,1d,99,b2,ce,04,ef,0a,31,e7,30,66,91,a9,
47,60,1e,08,db,51,b1,69,b4,9c,d7,53,08,f6,84,fa,84,58,1e,51,32,41,84,21,3d,\
"rkeysecu"=hex:b7,97,32,5f,d0,c2,8c,fc,38,0d,60,9f,2d,cf,7a,76
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-13 11:43:07
ComboFix-quarantined-files.txt 2011-05-13 15:43
.
Pre-Run: 206,633,926,656 bytes free
Post-Run: 209,228,046,336 bytes free
.
- - End Of File - - 07D369B4F5CBD0842DBAAD3B13C1717D

Edited by Agent3, 13 May 2011 - 11:12 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:12 AM

Posted 25 May 2011 - 08:01 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:12 AM

Posted 30 May 2011 - 06:19 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users