Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Open C: Drive


  • This topic is locked This topic is locked
2 replies to this topic

#1 cruzenchic134

cruzenchic134

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 06 February 2009 - 01:19 AM

Everytime I try to open my C: drive it pops up this; "RECYCLER\S-5-3-92-100008188-100028437-100019466-5694.com". Make sure you typed the name correctly, and then try again. To search for a file, click the Start Button, and then click Search.

I have tried several different things and I still get the same thing. I'm pretty sure it is a virus or a worm. What I don't know is how to get rid of it. This all started when I tried to download my paid version of AVG. When I went to download AVG, I went to google to find the right site, because I couldn't remember. When I found the site, I clicked on it and I got redirected to info.com, which searched AVG again. So I clicked out of the window, reopened a new window, brought up google and searched again for AVG. This time it took me to the AVG site, but when I went to download AVG, when it tried to bring up the download page it just stayed blank and never opened.
I'm at my wits end trying to figure out how to clean this mess up. I need my computer back. This is the first thing I have not been able to figure out.

Thank you for all help.


Here is the DDS Log.


DDS (Ver_09-02-01.01) - NTFSx86
Run by user at 0:16:14.53 on Fri 02/06/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.167 [GMT -6:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1296 [VPS 090205-1] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office10\MSTORDB.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [Orb] c:\program files\orb networks\orb\bin\OrbTray.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224819470283
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://livenj02.custhelp.com/7520-b289h/rnl/java/RntX.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-2-1 12552]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-1 111184]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-1 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-1 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-1 107272]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-1 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-23 47640]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-02-03 17:35 91,520 a------- c:\windows\system32\WebIQEngineSetup.exe
2009-02-03 17:35 <DIR> --d----- c:\program files\Usability Sciences
2009-02-01 15:02 <DIR> --d----- c:\program files\Trend Micro
2009-02-01 14:33 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-01 14:33 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-02-01 14:33 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-01 14:33 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-01 14:33 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-01 14:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-01 13:42 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-02-01 13:42 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-01 13:42 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-01 13:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-01 13:42 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-01 00:26 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-01-30 14:49 <DIR> --d----- c:\docume~1\user\applic~1\Pogo Games
2009-01-30 14:47 <DIR> --d----- c:\program files\Oberon Media
2009-01-28 08:03 4 a------- c:\windows\system32\gaopdxcounter
2009-01-28 08:03 381 ---shr-- C:\autorun.inf
2009-01-27 23:54 <DIR> --d----- c:\program files\iWin.com
2009-01-27 22:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iWin Games
2009-01-27 22:47 <DIR> --d----- c:\program files\iWin Games
2009-01-25 00:28 <DIR> --d----- c:\program files\IrfanView
2009-01-23 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LogMeIn
2009-01-23 15:38 28,984 a------- c:\windows\system32\LMIport.dll
2009-01-23 15:38 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-01-23 15:38 47,640 a------- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-01-23 15:38 87,352 a------- c:\windows\system32\LMIinit.dll
2009-01-23 15:38 1,024 a------- C:\.rnd
2009-01-23 15:37 <DIR> --d----- c:\program files\LogMeIn
2009-01-11 12:27 89,184 a------- c:\windows\system32\drivers\imagedrv.sys
2009-01-11 12:27 57,344 a------- c:\windows\system32\ImageDrive.cpl
2009-01-11 12:26 38,912 a------- c:\windows\system32\picn20.dll
2009-01-11 12:26 544,768 a------- c:\windows\system32\imagx5.dll
2009-01-11 12:26 569,344 a------- c:\windows\system32\imagr5.dll
2009-01-11 12:26 283,920 a------- c:\windows\system32\ImagXpr5.dll
2009-01-11 12:26 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-01-07 16:27 <DIR> --d----- c:\docume~1\user\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

==================== Find3M ====================

2008-12-11 11:51 61,248 a------- c:\docume~1\user\applic~1\GDIPFONTCACHEV1.DAT
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll

============= FINISH: 0:17:09.04 ===============





If anything else is needed please let me know. I can get a hijack log and a mbam log

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:47 PM

Posted 14 February 2009 - 08:31 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:47 PM

Posted 20 February 2009 - 03:44 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users