Blank desktop ?

Inactive
By Hazel010303
Jul 10, 2013
  1. Hazel010303

    Hazel010303 Newcomer, in training Topic Starter Posts: 27

    Its back to the blank screen again, no desktop. If I go into safe mode and run combofix it works again, but only once
  2. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    Leave Combofix alone unless I ask you to run it.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  3. Hazel010303

    Hazel010303 Newcomer, in training Topic Starter Posts: 27

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-07-2013
    Ran by SYSTEM on 18-07-2013 09:13:27
    Running from E:\
    Windows Vista (TM) Home Premium (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [ECenter] - C:\Dell\E-Center\EULALauncher.exe [17920 2007-05-24] ( )
    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-04-27] (Synaptics, Inc.)
    HKLM\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-08-28] (Creative Technology Ltd.)
    HKLM\...\Run: [SunJavaUpdateSched] - "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [77824 2007-10-16] (Sun Microsystems, Inc.)
    HKLM\...\Run: [DELL Webcam Manager] - "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s [118784 2007-07-27] (Creative Technology Ltd.)
    HKLM\...\Run: [ISUSScheduler] - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2006-10-03] (Macrovision Corporation)
    HKLM\...\Run: [RoxWatchTray] - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [221184 2006-11-05] (Sonic Solutions)
    HKLM\...\Run: [PCMService] - "C:\Program Files\Dell\MediaDirect\PCMService.exe" [184320 2007-04-16] (CyberLink Corp.)
    HKLM\...\Run: [dscactivate] - c:\dell\dsca.exe 3 [16384 2007-07-30] ( )
    HKLM\...\Run: [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-07-24] (Google)
    HKLM\...\Run: [FaxCenterServer] - "C:\Program Files\Dell Fax Solutions\fm3032.exe" /s [312200 2006-11-03] ()
    HKLM\...\Run: [TalkTalk] - "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk [202016 2007-10-12] (SupportSoft, Inc.)
    HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
    HKLM\...\Run: [Google Updater] - "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation [161336 2011-09-20] (Google)
    HKLM\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-02] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [SigmatelSysTrayApp] - sttray.exe [x]
    HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-05-15] (NVIDIA Corporation)
    HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8429568 2007-05-15] (NVIDIA Corporation)
    HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-05-15] (NVIDIA Corporation)
    HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [67584 2007-05-15] (NVIDIA Corporation)
    HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM\...\Run: [NielsenOnline] - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [93504 2012-02-23] (The Nielsen Company)
    HKLM\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
    HKLM\...\Run: [DLCGCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16 [73728 2006-10-20] ()
    HKLM\...\Run: [dlcgmon.exe] - "C:\Program Files\Dell AIO 810\dlcgmon.exe" [431600 2007-01-12] (Dell)
    HKU\Default\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startup [ 2007-03-15] (Gteko Ltd.)
    HKU\Default User\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startup [ 2007-03-15] (Gteko Ltd.)
    HKU\Lienne\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startup [ 2007-03-15] (Gteko Ltd.)
    HKU\Lienne\...\Run: [DellSupportCenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [ 2007-07-10] (SupportSoft, Inc.)
    HKU\Lienne\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)
    HKU\Lienne\...\Run: [KGShareApp] - C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe [ 2012-06-26] (Eastman Kodak Company)
    HKU\Lienne\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-18] (Microsoft Corporation)
    HKU\TEMP\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startup [ 2007-03-15] (Gteko Ltd.)
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Digital Line Detect.lnk
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
    ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)

    ========================== Services (Whitelisted) =================

    S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S2 dlcg_device; C:\Windows\system32\dlcgcoms.exe [537480 2006-12-07] ( )
    S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] ()
    S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-24] (Google)
    S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    S2 NielsenUpdate; C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2833120 2013-04-19] ()
    S2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [374112 2010-11-11] (Ralink Technology, Corp.)
    S3 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [619872 2010-12-31] ()
    S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202800 2007-07-10] (SupportSoft, Inc.)
    S2 sprtsvc_TalkTalk; C:\Program Files\TalkTalk\bin\sprtsvc.exe [202016 2007-10-12] (SupportSoft, Inc.)
    S2 STacSV; C:\Windows\system32\STacSV.exe [90112 2007-03-06] (SigmaTel, Inc.)
    S3 SupportSoft RemoteAssist; C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe [382320 2007-08-02] (SupportSoft, Inc.)
    S2 tgsrvc_TalkTalk; C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe [148768 2007-08-02] (SupportSoft, Inc.)
    S2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [x]
    S3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [x]

    ==================== Drivers (Whitelisted) ====================

    S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-05-21] (AVG Technologies)
    S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
    S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1093472 2010-12-28] (Ralink Technology Corp.)
    S1 nnfwdk; C:\Program Files\NetRatingsNetSight\NetSight\meter4\nnfwdk.sys [23264 2013-04-19] (The Nielsen Company)
    S3 STHDA; C:\Windows\System32\drivers\stwrt.sys [323584 2007-03-06] (SigmaTel, Inc.)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
    S3 catchme; \??\C:\Users\Lienne\AppData\Local\Temp\catchme.sys [x]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
    S3 TrueSight; \??\C:\Windows\system32\TrueSight.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-07-13 23:43 - 2013-07-13 23:43 - 00017305 _____ C:\Users\Lienne\Desktop\Addition.txt
    2013-07-13 23:41 - 2013-07-13 23:41 - 00000000 ____D C:\FRST
    2013-07-13 23:09 - 2013-07-13 23:09 - 00010276 _____ C:\ComboFix.txt
    2013-07-13 13:32 - 2013-07-13 09:50 - 05088600 ____R (Swearware) C:\Users\Lienne\Desktop\ComboFix.exe
    2013-07-13 13:31 - 2013-07-13 13:31 - 00000000 ____D C:\Users\Lienne\AppData\Local\Avg2013
    2013-07-13 10:33 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
    2013-07-13 10:33 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
    2013-07-13 10:33 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2013-07-13 10:33 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2013-07-13 10:33 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2013-07-13 10:33 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
    2013-07-13 10:33 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
    2013-07-13 10:33 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
    2013-07-13 10:27 - 2013-07-13 23:09 - 00000000 ____D C:\Qoobox
    2013-07-13 10:27 - 2013-07-13 10:50 - 00000000 ____D C:\Windows\erdnt
    2013-07-12 20:01 - 2013-07-12 20:01 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-07-11 07:04 - 2013-07-11 07:04 - 00001644 _____ C:\avenger.txt
    2013-07-11 06:37 - 2013-04-04 05:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-07-09 07:43 - 2013-07-09 07:43 - 00000591 _____ C:\Windows\setupact.log
    2013-07-09 07:43 - 2013-07-09 07:43 - 00000000 _____ C:\Windows\setuperr.log

    ==================== One Month Modified Files and Folders =======

    2013-07-15 06:51 - 2006-11-02 04:47 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2013-07-15 06:51 - 2006-11-02 04:47 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2013-07-15 01:06 - 2007-10-16 09:25 - 02051504 _____ C:\Windows\WindowsUpdate.log
    2013-07-14 23:28 - 2007-10-22 08:51 - 00000000 ___RD C:\Users\Lienne\Desktop
    2013-07-14 23:06 - 2006-11-02 02:33 - 00703388 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-07-14 23:04 - 2007-10-23 04:04 - 00027430 _____ C:\Users\Lienne\AppData\Roaming\nvModes.001
    2013-07-13 23:43 - 2013-07-13 23:43 - 00017305 _____ C:\Users\Lienne\Desktop\Addition.txt
    2013-07-13 23:42 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public
    2013-07-13 23:41 - 2013-07-13 23:41 - 00000000 ____D C:\FRST
    2013-07-13 23:21 - 2007-10-22 08:47 - 00096974 _____ C:\Windows\PFRO.log
    2013-07-13 23:09 - 2013-07-13 23:09 - 00010276 _____ C:\ComboFix.txt
    2013-07-13 23:09 - 2013-07-13 10:27 - 00000000 ____D C:\Qoobox
    2013-07-13 23:06 - 2006-11-02 02:23 - 00000215 _____ C:\Windows\system.ini
    2013-07-13 13:54 - 2009-05-21 08:13 - 00000000 ____D C:\Program Files\AVG
    2013-07-13 13:31 - 2013-07-13 13:31 - 00000000 ____D C:\Users\Lienne\AppData\Local\Avg2013
    2013-07-13 13:31 - 2013-04-02 08:33 - 00000000 ____D C:\ProgramData\MFAData
    2013-07-13 13:31 - 2009-07-19 09:03 - 00000000 ____D C:\ProgramData\Norton
    2013-07-13 13:31 - 2007-11-07 03:30 - 00000000 ____D C:\Program Files\Norton Security Scan
    2013-07-13 13:31 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Sidebar
    2013-07-13 13:31 - 2006-11-02 03:18 - 00000000 __RHD C:\Users\Public\Desktop
    2013-07-13 10:50 - 2013-07-13 10:27 - 00000000 ____D C:\Windows\erdnt
    2013-07-13 09:50 - 2013-07-13 13:32 - 05088600 ____R (Swearware) C:\Users\Lienne\Desktop\ComboFix.exe
    2013-07-13 01:44 - 2007-10-22 12:09 - 00023870 _____ C:\dlcg.log
    2013-07-12 20:01 - 2013-07-12 20:01 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-07-12 20:01 - 2013-06-12 12:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-07-12 19:56 - 2008-02-17 10:30 - 00008268 _____ C:\Users\Lienne\AppData\Local\d3d9caps.dat
    2013-07-11 07:04 - 2013-07-11 07:04 - 00001644 _____ C:\avenger.txt
    2013-07-09 08:41 - 2007-10-16 17:01 - 00000000 ____D C:\DELL
    2013-07-09 07:43 - 2013-07-09 07:43 - 00000591 _____ C:\Windows\setupact.log
    2013-07-09 07:43 - 2013-07-09 07:43 - 00000000 _____ C:\Windows\setuperr.log
    2013-07-08 20:42 - 2007-10-22 08:51 - 00000000 ____D C:\users\Lienne
    2013-07-08 20:42 - 2006-11-02 02:22 - 42729472 _____ C:\Windows\System32\config\software_previous
    2013-07-08 20:41 - 2013-04-17 03:55 - 00000000 ____D C:\Program Files\Dell AIO 810
    2013-07-08 20:41 - 2008-10-13 11:16 - 00000000 ____D C:\Windows\Minidump
    2013-07-08 20:41 - 2007-10-22 09:34 - 00000000 ____D C:\Program Files\MSN Messenger
    2013-07-08 20:41 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
    2013-07-08 20:41 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
    2013-07-08 20:41 - 2006-11-02 02:22 - 20447232 _____ C:\Windows\System32\config\system_previous
    2013-07-08 20:31 - 2006-11-02 02:22 - 40108032 _____ C:\Windows\System32\config\components_previous
    2013-07-08 20:31 - 2006-11-02 02:22 - 00057344 _____ C:\Windows\System32\config\sam_previous

    ==================== Known DLLs (Whitelisted) ============


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 21%
    Total physical RAM: 1021.57 MB
    Available physical RAM: 800.95 MB
    Total Pagefile: 986.54 MB
    Available Pagefile: 859.65 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1979.14 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:99.18 GB) (Free:32.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (CDROM) (CDROM) (Total:0.1 GB) (Free:0 GB) CDFS
    Drive e: (SONY USB) (Removable) (Total:0.12 GB) (Free:0.02 GB) FAT
    Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.64 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 08000000)
    Partition 1: (Not Active) - (Size=110 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=99 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=3 GB) - (Type=OF Extended)

    ========================================================
    Disk: 1 (Size: 124 MB) (Disk ID: A2F07B3A)
    Partition 1: (Active) - (Size=124 MB) - (Type=06)


    LastRegBack: 2013-07-15 23:22

    ==================== End Of Log ============================
  4. Broni

    Broni Malware Annihilator Posts: 45,316   +243

  5. Hazel010303

    Hazel010303 Newcomer, in training Topic Starter Posts: 27

    Hi, sorry for the delay. The McAffee uninstaller was unsuccessful, and it wont let me save the log. Or copy it, or in fact do anything at all once the log has been created, it literally just freezes every time.
  6. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    What about AVG Remover?
  7. Hazel010303

    Hazel010303 Newcomer, in training Topic Starter Posts: 27

    Sorry, I thought I had replied but apparently it didnt post. I said I wasn't sure about the avg remover, it ran but then entirely disappeared, didn't give me any messages about being successful or not and did not post a log anywhere.
  8. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    Did you try to boot normally again?
  9. Hazel010303

    Hazel010303 Newcomer, in training Topic Starter Posts: 27

    Yes it doesn't work, just blank desktop. The only time I ever saw the desktop was directly after using Combofix.
  10. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    Please re-run Combofix and post its log.
  11. Hazel010303

    Hazel010303 Newcomer, in training Topic Starter Posts: 27

    HI there, sorry, just running it now
  12. Hazel010303

    Hazel010303 Newcomer, in training Topic Starter Posts: 27

    ComboFix 13-07-31.02 - Lienne 31/07/2013 21:25:02.2.2 - x86 MINIMAL
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1021.531 [GMT 1:00]
    Running from: F:\ComboFix.exe
    AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
    SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-31 )))))))))))))))))))))))))))))))
    .
    .
    2013-07-14 07:41 . 2013-07-14 07:41--------d-----w-C:\FRST
    2013-07-13 21:31 . 2013-07-13 21:31--------d-----w-c:\users\Lienne\AppData\Local\Avg2013
    2013-07-11 14:37 . 2013-04-04 13:5022856----a-w-c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-05-21 11:10 . 2012-11-16 16:0437664----a-w-c:\windows\system32\drivers\avgtpx86.sys
    2010-07-24 17:58 . 2010-07-24 17:58119808----a-w-c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-07-11 198704]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-10-16 77824]
    "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
    "dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-24 30192]
    "FaxCenterServer"="c:\program files\Dell Fax Solutions\fm3032.exe" [2006-11-04 312200]
    "TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-20 161336]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "SigmatelSysTrayApp"="sttray.exe" [2007-03-06 303104]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-16 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-16 8429568]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-16 81920]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-05-16 67584]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
    "NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2012-02-24 93504]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    "DLCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
    "dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2007-01-12 431600]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-16 50688]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2008-10-30 282624]
    Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe -s [2012-10-24 11474272]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcsREG_MULTI_SZ BthServ
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 18:08]
    .
    2013-05-25 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-03 10:22]
    .
    2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-24 19:24]
    .
    2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-24 19:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-07-31 21:33
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2013-07-31 21:36:53
    ComboFix-quarantined-files.txt 2013-07-31 20:36
    ComboFix2.txt 2013-07-14 07:09
    ComboFix3.txt 2013-07-13 23:19
    ComboFix4.txt 2013-07-13 22:45
    ComboFix5.txt 2013-07-31 20:21
    .
    Pre-Run: 36,031,967,232 bytes free
    Post-Run: 35,997,032,448 bytes free
    .
    - - End Of File - - D82B17F925EBB19D4F08A0ABB3DF81B7
    5C616939100B85E558DA92B899A0FC36
  13. Hazel010303

    Hazel010303 Newcomer, in training Topic Starter Posts: 27

    After running combofix I am able to boot normally just once. then it crashes and I have to go through safe mode again.
     
  14. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    At this point I don't see anything malicious there anymore.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.