Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

xp Antispyware 2012 & folder options missing


  • This topic is locked This topic is locked
2 replies to this topic

#1 always_learning

always_learning

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 28 December 2011 - 10:05 PM

On Sunday, 12/25/2011 I got the xp antispyware 2012 virus on my PC running Windows XP Prof.

I did the following things and was able to resolve some of the issues, but have some problems left.

I tried booting in safe mode, but couldn't. (I don't know, if this is related to the virus or to my motherboard. It boots to the normal asrock screen: "ASROCK Press F2 to run setup, F11 to ... and tab to ..." (no option for safe mode). I think I have not ever been able to boot into safe mode though.

-I was able to login to my other administrator account and did a restore to the previous day from there. Then I found your instructions and followed them:
--I ran FixNCR.reg.
--I ran rkill.
--I scanned with Malwarebytes. It found 2 trojans, one was in a system restore folder. I had it remove them.

I installed AVG and updated it, removed Avira and scanned with AVG.
I updated Ad-Aware and scanned with it.
I installed spybot and scanned with it.

Some of these scans found more files, I think Ad-Aware found more trojans, which I had it remove. I think spybot found only tracking cookies.

After all those removals, 1) my files didn't show their extensions and the view tab is missing in folder options and
2) my executables wouldn't run on the user, where the infection happened. I was able to find something, which got the executables to run again. I don't remember, what it was.
3) Another problem is, when I run a scan, and it goes to the screensaver, at first it would then show only my original user and log into it automatically and try to open some file or execute a file and come up with the "which program do yo want to use to open this file?". When I logged out of that user, all users were there again. Now it is worse, when I ran GMER and the screensaver came on, then upon me wiggling the mouse, the computer rebooted and briefly showed a blue screen, then took a long time to boot up again. I started the scan over, after changing the time on the screensaver, and making sure, it won't go into screensaver again. I have not found anything on these weird things with the screensaver. I will put that in a second post though, since I guess, I should have only 1 problem per post. I just wanted to put it here, so it can help give the whole picture.

I tried the following things to get the view tab back, nothing worked yet:
-I ran folderopt_tabs.reg.
-I ran gpedit.msc, according to the instructions on http://www.technize.com/folder-options-missing-in-windows-xp/#comment-78183 (Go to Run –>gpedit.msc
User Configuration –> Administrative Templates –> Windows Components –> Windows Explorer
Enable and then Disable “Removes Folder Options menu from Tools menu”). It didn’t work, because there was no Windows Explorer folder.
-I ran regedit, I added the NoFolderOptions with 0, then rebooted my computer, and it still doesn’t work. There is also a HonorAutorunSetting = 0×1 and a (standard) type SZ, (value not set) in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer.

Can you tell from the logs, if I still have the virus?

Thank you so much for your help!!!

Here is the DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_26
Run by SHOLA at 13:08:29 on 2011-12-28
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.3071.2132 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Programme\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\xampp\apache\bin\httpd.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\AVG\AVG2012\avgwdsvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
c:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\xampp\apache\bin\httpd.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Programme\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programme\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Microsoft IntelliType Pro\itype.exe
C:\Programme\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\ScanSoft\OMNIPA~1.0\WorkFlowTray.exe
C:\Programme\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Programme\ScanSoft\OmniPagePro14.0\OpScheduler.exe
C:\Programme\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe
C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\Programme\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar mit Pop-Up-Blocker: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\programme\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar mit Pop-Up-Blocker: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\programme\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\programme\yahoo!\companion\installs\cpn\yt.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\programme\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programme\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\programme\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Yahoo! Toolbar mit Pop-Up-Blocker: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\programme\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\programme\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\programme\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [QuickTime Task] "c:\programme\quicktime\QTTask.exe" -atboottime
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\programme\gemeinsame dateien\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [itype] "c:\programme\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\programme\microsoft intellipoint\ipoint.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [TrayServer] c:\progra~1\magix\video_~1\TrayServer.exe
mRun: [Sunkist2k] c:\programme\multimedia card reader\shwicon2k.exe
mRun: [SSBkgdUpdate] "c:\programme\gemeinsame dateien\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [WorkFlowTray] "c:\progra~1\scansoft\omnipa~1.0\WorkFlowTray.exe"
mRun: [Opware14] "c:\programme\scansoft\omnipagepro14.0\Opware14.exe"
mRun: [OpScheduler] "c:\programme\scansoft\omnipagepro14.0\OpScheduler.exe"
mRun: [PDF Converter Registry Controller] "c:\programme\scansoft\omnipagepro14.0\pdfcnv\RegistryController.exe"
mRun: [SSPrnAgent] c:\programme\scansoft\omnipagepro14.0\pdfprn\SPrnAgent.exe
mRun: [Acrobat Assistant 8.0] "c:\programme\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\gemein~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [HP Software Update] "c:\programme\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\programme\hp\hpcoretech\hpcmpmgr.exe"
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [VMonitorVMUVC] "c:\programme\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [QuickTime Task] "c:\programme\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\programme\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "c:\programme\avg\avg2012\avgtray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\hpdigi~1.lnk - c:\programme\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\hpimag~1.lnk - c:\programme\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\window~1.lnk - c:\programme\windows desktop search\WindowsSearch.exe
IE: Append to existing PDF - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\programme\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: PDF in Word öffnen - c:\programme\scansoft\omnipagepro14.0\pdfcnv\IEShellExt.dll /500
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\programme\gemeinsame dateien\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\programme\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{09308B91-C1AA-4192-9275-B31D05187B2B} : DhcpNameServer = 192.168.1.254
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\programme\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programme\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\programme\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\shola\anwendungsdaten\mozilla\firefox\profiles\n83atzpb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\programme\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\programme\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\programme\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\programme\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\programme\avg\avg2012\firefox4\components\avgssff9.dll
FF - plugin: c:\programme\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\programme\avg\avg2012\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-23 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [2009-3-8 108768]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-1-23 501560]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2008-12-9 24636]
R2 AVGIDSAgent;AVGIDSAgent;c:\programme\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\programme\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S2 gupdate1c9e44da0b6cb9e;Google Update Service (gupdate1c9e44da0b6cb9e);c:\programme\google\update\GoogleUpdate.exe [2009-6-3 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\magix\common\database\bin\fbserver.exe [2009-2-3 1527900]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2009-6-3 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programme\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys --> c:\windows\system32\drivers\RTL8192su.sys [?]
S3 SipIMNDI;T-Online Dialerschutz VoIP Service;c:\windows\system32\drivers\sipimndi.sys --> c:\windows\system32\drivers\SipIMNDI.sys [?]
S3 TTCinergyT2;TerraTec Cinergy T² Driver (TTCinergyT2.sys);c:\windows\system32\drivers\TTCinergyT2.sys [2009-2-22 16640]
S3 UPnPService;UPnPService;c:\programme\gemeinsame dateien\magix shared\upnpservice\UPnPService.exe [2009-2-27 647242]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2010-7-5 250240]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2010-7-5 476032]
.
=============== Created Last 30 ================
.
2011-12-28 00:21:23 -------- d-----w- c:\dokumente und einstellungen\shola\lokale einstellungen\anwendungsdaten\VueSoft
2011-12-27 02:00:15 -------- d-----w- c:\programme\Spybot - Search & Destroy
2011-12-27 02:00:15 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Spybot - Search & Destroy
2011-12-27 00:35:23 -------- d-----w- c:\dokumente und einstellungen\shola\anwendungsdaten\AVG2012
2011-12-27 00:34:15 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-27 00:34:15 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\AVG2012
2011-12-27 00:33:43 -------- d-----w- c:\programme\AVG
2011-12-27 00:30:04 -------- d--h--w- c:\dokumente und einstellungen\all users\anwendungsdaten\Common Files
2011-12-27 00:29:54 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\MFAData
2011-12-27 00:18:56 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-26 20:37:25 -------- d-----w- c:\programme\Lavasoft
2011-12-25 20:00:43 -------- d-----w- c:\dokumente und einstellungen\shola\anwendungsdaten\Malwarebytes
2011-12-25 20:00:10 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Malwarebytes
2011-12-25 20:00:07 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-25 20:00:07 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-12-25 19:53:27 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-25 19:53:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-07 10:40:41 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-12-07 10:40:38 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2011-12-07 10:39:53 -------- d-----w- c:\windows\system32\RtlGina
2011-12-07 10:39:52 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2011-11-29 12:23:09 -------- d-----w- c:\programme\PhonerLite
.
==================== Find3M ====================
.
2011-12-26 20:40:28 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-03 17:06:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2009-02-04 10:05:50 5239808 ----a-w- c:\programme\Multimedia Card Reader Driver.msi
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: MAXTOR_STM3500320AS rev.MX15 -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-17
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk1\DR1[0x8ABECAB8]
3 CLASSPNP[0xF763805B] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IdeDeviceP2T0L0-22[0x8ABEDD98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 13:09:13.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 always_learning

always_learning
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 02 January 2012 - 02:25 PM

My view tab is back now. This can be closed now.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 PM

Posted 02 January 2012 - 04:33 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users