Jump to content

Recommended Posts

Hi, I'm in need of help my netbook has a virus and I was able to get it running by using mbam in safe mode to clear one of those rouge antivirus. After I was able to get windows xp to boot in normal mode I was able to get internet explorer working by disabling the proxy setting and get on the internet, I then was able to update mbam and remove what it could, got here and downloaded defogger,dds and gmer. I ran defogger, dds, but when I ran gmer it froze when I tried to save the log, so I had to shut it off and when I turned it back on it won't boot. I saw when gmer ran that there was a root kit.

Any help would be great

Thanks

Link to post
Share on other sites

Hi screen317,

My pc won't boot into either, it shows a little hard drive activity then stops. It's a little netbook, I made a bootable xp flash drive and tried fixboot and fixmbr but neither helped, I don't know what else to try. I hope you do, I really don't want to reformat.

Any suggestions?

Link to post
Share on other sites

I tried to do a repair install(5 times) but it kept saying that there was a file it couldn't copy so I ended up doing a system restore from the restore partition, I didn't reformat but it did reinstall windows back to factory settings. I also installed Avira and ran a scan and it found some files in the backup that the restore did, it also found some on my external drive.

I ran dds and mbam, I didn't want to run gmer in fear of the same thing happening.

MBAM

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4463

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/22/2010 4:19:07 PM

mbam-log-2010-08-22 (16-19-07).txt

Scan type: Quick scan

Objects scanned: 137729

Time elapsed: 9 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Avira

Avira AntiVir Personal

Report file date: Sunday, August 22, 2010 14:32

Scanning for 2733576 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : ACER-330BB84976

Version information:

BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 16:27:27

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 16:27:49

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 16:28:35

VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 16:28:35

VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 16:28:35

VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 16:28:35

VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 16:28:35

VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 16:28:36

VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 16:28:37

VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 16:28:47

VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 16:28:48

VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 16:28:50

VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 16:28:51

VBASE018.VDF : 7.10.10.107 176640 Bytes 8/9/2010 16:28:53

VBASE019.VDF : 7.10.10.130 132608 Bytes 8/10/2010 16:28:55

VBASE020.VDF : 7.10.10.158 131072 Bytes 8/12/2010 16:28:56

VBASE021.VDF : 7.10.10.190 136704 Bytes 8/16/2010 16:28:58

VBASE022.VDF : 7.10.10.217 118272 Bytes 8/19/2010 16:28:59

VBASE023.VDF : 7.10.10.218 2048 Bytes 8/19/2010 16:29:00

VBASE024.VDF : 7.10.10.219 2048 Bytes 8/19/2010 16:29:00

VBASE025.VDF : 7.10.10.220 2048 Bytes 8/19/2010 16:29:00

VBASE026.VDF : 7.10.10.221 2048 Bytes 8/19/2010 16:29:00

VBASE027.VDF : 7.10.10.222 2048 Bytes 8/19/2010 16:29:00

VBASE028.VDF : 7.10.10.223 2048 Bytes 8/19/2010 16:29:00

VBASE029.VDF : 7.10.10.224 2048 Bytes 8/19/2010 16:29:01

VBASE030.VDF : 7.10.10.225 2048 Bytes 8/19/2010 16:29:01

VBASE031.VDF : 7.10.10.239 71680 Bytes 8/20/2010 16:29:02

Engineversion : 8.2.4.38

AEVDF.DLL : 8.1.2.1 106868 Bytes 8/22/2010 16:29:36

AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 8/22/2010 16:29:36

AESCN.DLL : 8.1.6.1 127347 Bytes 8/22/2010 16:29:32

AESBX.DLL : 8.1.3.1 254324 Bytes 8/22/2010 16:29:38

AERDL.DLL : 8.1.8.2 614772 Bytes 8/22/2010 16:29:31

AEPACK.DLL : 8.2.3.5 471412 Bytes 8/22/2010 16:29:27

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/22/2010 16:29:25

AEHEUR.DLL : 8.1.2.15 2859382 Bytes 8/22/2010 16:29:23

AEHELP.DLL : 8.1.13.2 242039 Bytes 8/22/2010 16:29:11

AEGEN.DLL : 8.1.3.19 393587 Bytes 8/22/2010 16:29:10

AEEMU.DLL : 8.1.2.0 393588 Bytes 8/22/2010 16:29:07

AECORE.DLL : 8.1.16.2 192887 Bytes 8/22/2010 16:29:06

AEBB.DLL : 8.1.1.0 53618 Bytes 8/22/2010 16:29:05

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Sunday, August 22, 2010 14:32

Starting search for hidden objects.

The scan of running processes will be started

Scan process 'msdtc.exe' - '42' Module(s) have been scanned

Scan process 'dllhost.exe' - '61' Module(s) have been scanned

Scan process 'dllhost.exe' - '47' Module(s) have been scanned

Scan process 'vssvc.exe' - '50' Module(s) have been scanned

Scan process 'avscan.exe' - '72' Module(s) have been scanned

Scan process 'avcenter.exe' - '96' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '42' Module(s) have been scanned

Scan process 'alg.exe' - '35' Module(s) have been scanned

Scan process 'igfxext.exe' - '23' Module(s) have been scanned

Scan process 'BTTray.exe' - '49' Module(s) have been scanned

Scan process 'AcerVCM.exe' - '35' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '55' Module(s) have been scanned

Scan process 'ctfmon.exe' - '27' Module(s) have been scanned

Scan process 'avgnt.exe' - '47' Module(s) have been scanned

Scan process 'jusched.exe' - '23' Module(s) have been scanned

Scan process 'PLFSetL.exe' - '20' Module(s) have been scanned

Scan process 'igfxsrvc.exe' - '25' Module(s) have been scanned

Scan process 'LManager.exe' - '51' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '29' Module(s) have been scanned

Scan process 'RTHDCPL.EXE' - '39' Module(s) have been scanned

Scan process 'igfxpers.exe' - '25' Module(s) have been scanned

Scan process 'hkcmd.exe' - '28' Module(s) have been scanned

Scan process 'igfxtray.exe' - '29' Module(s) have been scanned

Scan process 'iaanotif.exe' - '41' Module(s) have been scanned

Scan process 'svchost.exe' - '64' Module(s) have been scanned

Scan process 'svchost.exe' - '44' Module(s) have been scanned

Scan process 'RS_Service.exe' - '17' Module(s) have been scanned

Scan process 'jqs.exe' - '35' Module(s) have been scanned

Scan process 'IAANTMon.exe' - '39' Module(s) have been scanned

Scan process 'avshadow.exe' - '28' Module(s) have been scanned

Scan process 'mscorsvw.exe' - '24' Module(s) have been scanned

Scan process 'avguard.exe' - '56' Module(s) have been scanned

Scan process 'Explorer.EXE' - '108' Module(s) have been scanned

Scan process 'svchost.exe' - '36' Module(s) have been scanned

Scan process 'sched.exe' - '48' Module(s) have been scanned

Scan process 'spoolsv.exe' - '66' Module(s) have been scanned

Scan process 'svchost.exe' - '39' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'btwdins.exe' - '24' Module(s) have been scanned

Scan process 'svchost.exe' - '146' Module(s) have been scanned

Scan process 'svchost.exe' - '40' Module(s) have been scanned

Scan process 'svchost.exe' - '55' Module(s) have been scanned

Scan process 'lsass.exe' - '60' Module(s) have been scanned

Scan process 'services.exe' - '38' Module(s) have been scanned

Scan process 'winlogon.exe' - '68' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '431' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>

C:\Backup\Justin Knox\xuna.exe

[DETECTION] Is the TR/Jorik.Skor.BW Trojan

C:\Backup\Justin Knox\Local Settings\Temp\74681.exe

[DETECTION] Is the TR/Spy.90112.442 Trojan

C:\Backup\Justin Knox\Local Settings\Temp\lgqsftv.exe

[DETECTION] Is the TR/Racrip.20480 Trojan

C:\Backup\Justin Knox\Local Settings\Temporary Internet Files\Content.IE5\RVWA2X2Q\jaucnvc[2].htm

[DETECTION] Is the TR/Racrip.20480 Trojan

Begin scan in 'D:\' <Iomega HDD>

D:\Music\Saliva\Saliva - One Night Only.wma

[DETECTION] Is the TR/Dldr.Age.1171323 Trojan

D:\Music\Sevendust\Sevendust - Licking Cream.wma

[DETECTION] Is the TR/Dldr.Age.1171323 Trojan

D:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP137\A0122537.exe

[DETECTION] Is the TR/Agent.111616 Trojan

Beginning disinfection:

D:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP137\A0122537.exe

[DETECTION] Is the TR/Agent.111616 Trojan

[NOTE] The file was moved to the quarantine directory under the name '4638dbb3.qua'.

D:\Music\Sevendust\Sevendust - Licking Cream.wma

[DETECTION] Is the TR/Dldr.Age.1171323 Trojan

[NOTE] The file was moved to the quarantine directory under the name '5eeaf469.qua'.

D:\Music\Saliva\Saliva - One Night Only.wma

[DETECTION] Is the TR/Dldr.Age.1171323 Trojan

[NOTE] The file was moved to the quarantine directory under the name '0c8fae8d.qua'.

C:\Backup\Justin Knox\Local Settings\Temporary Internet Files\Content.IE5\RVWA2X2Q\jaucnvc[2].htm

[DETECTION] Is the TR/Racrip.20480 Trojan

[NOTE] The file was moved to the quarantine directory under the name '6a83e14f.qua'.

C:\Backup\Justin Knox\Local Settings\Temp\lgqsftv.exe

[DETECTION] Is the TR/Racrip.20480 Trojan

[NOTE] The file was moved to the quarantine directory under the name '2f03cc7f.qua'.

C:\Backup\Justin Knox\Local Settings\Temp\74681.exe

[DETECTION] Is the TR/Spy.90112.442 Trojan

[NOTE] The file was moved to the quarantine directory under the name '505dfe6d.qua'.

C:\Backup\Justin Knox\xuna.exe

[DETECTION] Is the TR/Jorik.Skor.BW Trojan

[NOTE] The file was moved to the quarantine directory under the name '1c9dd266.qua'.

End of the scan: Sunday, August 22, 2010 15:48

Used time: 1:11:47 Hour(s)

The scan has been done completely.

10296 Scanned directories

336150 Files were scanned

7 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

7 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

336143 Files not concerned

7120 Archives were scanned

0 Warnings

7 Notes

281663 Objects were scanned with rootkit scan

0 Hidden objects were found

DDS

DDS (Ver_10-03-17.01) - NTFSx86

Run by Carrothers at 16:20:43.37 on Sun 08/22/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.609 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Acer\Acer VCM\RS_Service.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\PLFSetL.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\dllhost.exe

C:\Documents and Settings\Carrothers\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0810&m=aspire_one

uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0810&m=aspire_one

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [LManager] c:\progra~1\launch~1\LManager.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [PLFSetL] c:\windows\PLFSetL.exe

mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-22 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-22 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-22 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-22 60936]

R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-3-12 237568]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-3 38912]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-22 135664]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-12 1684736]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

=============== Created Last 30 ================

2010-08-23 07:09:51 0 d-----w- c:\windows\3G

2010-08-23 06:53:59 0 d-----w- C:\Backup

2010-08-23 06:29:57 0 d-----w- c:\windows\system32\LogFiles

2010-08-23 06:29:12 0 d-----w- c:\windows\Screensavers

2010-08-23 06:27:12 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2010-08-23 06:27:12 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-08-23 06:25:55 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2010-08-23 06:25:55 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-08-23 06:24:28 55352 ----a-w- c:\windows\system32\drivers\btwhid.sys

2010-08-23 06:24:28 37424 ----a-w- c:\windows\system32\drivers\btport.sys

2010-08-23 06:24:28 156392 ----a-w- c:\windows\system32\drivers\btwdndis.sys

2010-08-23 06:24:27 879528 ----a-w- c:\windows\system32\drivers\btkrnl.sys

2010-08-23 06:24:27 539576 ----a-w- c:\windows\system32\drivers\btaudio.sys

2010-08-23 06:24:17 0 d-----w- c:\program files\WIDCOMM

2010-08-23 06:24:05 74656 ----a-w- c:\windows\system32\drivers\btwusb.sys

2010-08-23 06:24:05 106557 ----a-w- c:\windows\system32\btw_ci.dll

2010-08-23 06:24:02 0 d---a-w- c:\windows\BTW

2010-08-23 06:22:28 94208 ----a-w- c:\windows\PLFSetL.exe

2010-08-23 06:22:28 286720 ----a-w- c:\windows\system32\vsnp2uvc.dll

2010-08-23 06:22:28 28160 ----a-w- c:\windows\system32\drivers\sncduvc.sys

2010-08-23 06:22:28 245 ----a-w- c:\windows\PidList.ini

2010-08-23 06:22:28 196608 ----a-w- c:\windows\system32\csnp2uvc.dll

2010-08-23 06:22:28 1769984 ----a-w- c:\windows\system32\drivers\snp2uvc.sys

2010-08-23 06:22:23 172032 ----a-w- c:\windows\system32\rsnp2uvc.dll

2010-08-23 06:22:23 0 d-----w- c:\windows\SUYIN NB Cam

2010-08-23 06:22:23 0 d-----w- c:\program files\common files\SNP2UVC

2010-08-23 06:19:34 0 d-----w- c:\docume~1\carrot~1\applic~1\Acer GameZone Console

2010-08-23 06:19:34 0 d-----w- c:\docume~1\carrot~1\applic~1\Acer

2010-08-23 06:19:33 0 d-----w- c:\docume~1\carrot~1\applic~1\Super-Cow

2010-08-23 06:14:02 8192 ----a-w- c:\windows\REGLOCS.OLD

2010-08-22 20:09:09 0 d-----w- c:\docume~1\carrot~1\applic~1\Malwarebytes

2010-08-22 20:09:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-22 20:08:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-22 20:08:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-08-22 20:08:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-22 18:32:20 0 d-----w- c:\windows\system32\NtmsData

2010-08-22 18:30:41 0 d-----w- c:\docume~1\carrot~1\applic~1\Avira

2010-08-22 18:13:32 0 d-sh--w- c:\documents and settings\carrothers\PrivacIE

2010-08-22 17:59:16 0 d-----w- c:\windows\system32\XPSViewer

2010-08-22 17:58:30 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-08-22 17:58:30 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-08-22 17:58:30 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-08-22 17:58:30 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-08-22 17:58:30 117760 ------w- c:\windows\system32\prntvpt.dll

2010-08-22 17:58:29 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-08-22 17:58:29 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-08-22 17:51:41 0 d-sh--w- c:\documents and settings\carrothers\IETldCache

2010-08-22 17:43:03 0 dc-h--w- c:\windows\ie8

2010-08-22 17:26:22 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-08-22 16:45:37 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll

2010-08-22 16:45:37 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll

2010-08-22 16:44:56 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll

2010-08-22 16:38:05 2560 ------w- c:\windows\system32\xpsp4res.dll

2010-08-22 16:32:34 0 d-----w- c:\windows\system32\PreInstall

2010-08-22 16:25:09 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-08-22 16:25:08 0 d-----w- c:\program files\Avira

2010-08-22 16:25:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-08-22 16:19:05 0 d-----w- C:\Downloads

2010-08-22 16:04:41 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-08-22 16:04:41 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-22 15:55:30 0 d-----w- c:\windows\system32\SoftwareDistribution

2010-08-22 15:49:44 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2010-08-22 15:49:19 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2010-08-22 15:49:19 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-07-30 01:24:46 0 d-----w- C:\PS CS3

==================== Find3M ====================

2010-08-23 06:27:38 2506 ----a-w- c:\windows\CLEANUP.CMD

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:15:26 78336 ------w- c:\windows\system32\ieencode.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2009-03-12 05:16:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

============= FINISH: 16:21:14.96 ===============

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.