Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hibernate file keeps showing up


  • Please log in to reply
1 reply to this topic

#1 dbqsmurf

dbqsmurf

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 05 January 2010 - 03:29 PM

I have scanned this computer with everything from malwarebytes and superantispyware to avast and antivir and ms security essentials.. all come up clean inside windows and inside ubcd4 windows. When I restart it the hiber.sys file reappears and starts then the normal windows start. I have removed hiber.sys inside ubcd4win but it keeps coming back so something is still infected somewhere. Hibernate has been turned off. Before I got the computer It wouldn't even start into the windows on the harddrive (it was bad really bad) but I have cleaned up it and gotten it to where it will boot up on the harddrive and cleaned the run keys from what I knew was bad. And minus a blue screen of death for a missing iastor.sys file which is a known dell issue and a blue screen for software because of a bad sector on the harddrive (will deal with this once I talk to the owner about how bad is system really is but right now he wants it running without reistalling windows...) not sure what to do about the hiber.sys file that keeps reapearing other then reinstalling windows at this point which to the owner is not an option...(it will be when the harddrive finally dies..don't tell him that though)


DDS Log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Jonathon at 14:12:13.34 on Tue 01/05/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.377 [GMT -6:00]

AV: avast! antivirus 4.8.1368 [VPS 100105-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\WALGRE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jonathon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Walgreens PhotoShow Media Manager] c:\progra~1\walgre~1\photos~1\data\xtras\mssysmgr.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [RayV] c:\program files\rayv\rayv\RayV.exe /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [<NO NAME>]
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pervas~1.lnk - c:\pvsw\bin\w3dbsmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} - hxxp://update.rayv.com/viewer/webinstall/ActiveXInstall1.0/rayvactivex.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - hxxps://accounting.quickbooks.com/c1/v16.548/qboax9.cab
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c6/v16.607/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\surarihi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jonathon\applic~1\mozilla\firefox\profiles\ibguoi66.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.churchon20.com/
FF - component: c:\documents and settings\jonathon\application data\mozilla\firefox\profiles\ibguoi66.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\rayv\rayv\plugins\nprayvplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-11 114768]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-11 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-5-29 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-5-29 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-5-29 352920]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2005-12-6 57344]

=============== Created Last 30 ================

2010-01-05 19:53:40 0 d-----w- c:\program files\TrendMicro
2010-01-05 11:32:43 3251 ----a-w- c:\windows\system32\wbem\Outlook_01ca8dfacba75704.mof
2010-01-04 10:04:44 0 d-----w- c:\docume~1\jonathon\applic~1\Malwarebytes
2010-01-04 10:04:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-04 10:04:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-04 10:04:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 10:04:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-04 10:03:03 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-04 10:02:41 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-04 10:02:41 0 d-----w- c:\docume~1\jonathon\applic~1\SUPERAntiSpyware.com
2010-01-04 10:02:00 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-04 06:40:25 195456 ------w- c:\windows\system32\MpSigStub.exe
2010-01-04 05:29:48 0 d-----w- c:\program files\Microsoft Security Essentials
2009-12-21 09:32:44 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-21 09:32:43 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-21 09:32:39 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-21 09:32:38 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-21 09:32:35 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-21 09:32:12 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-21 09:32:09 28288 ----a-w- c:\windows\system32\dllcache\xjis.nls
2009-12-21 09:32:08 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-21 09:32:04 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-21 09:32:01 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-12-21 09:32:00 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-21 09:30:59 76800 ----a-w- c:\windows\system32\dllcache\wam51.dll
2009-12-21 09:29:57 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2009-12-21 09:28:57 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2009-12-21 09:27:59 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2009-12-21 09:26:59 46592 ----a-w- c:\windows\system32\dllcache\sspifilt.dll
2009-12-21 09:25:59 24576 ----a-w- c:\windows\system32\dllcache\smc8000n.sys
2009-12-21 09:24:55 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-12-21 09:23:58 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys
2009-12-21 09:22:57 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2009-12-21 09:21:59 7168 ----a-w- c:\windows\system32\dllcache\pnrmc.sys
2009-12-21 09:20:58 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys
2009-12-21 09:19:58 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-12-21 09:18:59 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2009-12-21 09:17:59 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2009-12-21 09:16:59 22016 ----a-w- c:\windows\system32\dllcache\logscrpt.dll
2009-12-21 09:15:59 7168 ----a-w- c:\windows\system32\dllcache\isapips.dll
2009-12-21 09:14:58 141056 ----a-w- c:\windows\system32\dllcache\icam3.sys
2009-12-21 09:13:57 67167 ----a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2009-12-21 09:12:59 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys
2009-12-21 09:11:59 45568 ----a-w- c:\windows\system32\dllcache\esuni.dll
2009-12-21 09:10:59 455199 ----a-w- c:\windows\system32\dllcache\el985n51.sys
2009-12-21 09:09:59 614429 ----a-w- c:\windows\system32\dllcache\digiview.exe
2009-12-21 09:08:59 216064 ----a-w- c:\windows\system32\dllcache\cpscan.dll
2009-12-21 09:07:59 66082 ----a-w- c:\windows\system32\dllcache\c_20107.nls
2009-12-21 09:06:59 29184 ----a-w- c:\windows\system32\dllcache\asptxn.dll
2009-12-21 09:01:59 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2009-12-21 08:15:53 8 --sha-r- c:\documents and settings\jonathon\ntuser.pol
2009-12-21 08:04:41 90112 ----a-w- c:\windows\DUMP248f.tmp
2009-12-21 08:04:41 90112 ----a-w- c:\windows\DUMP22ba.tmp
2009-12-21 08:04:41 90112 ----a-w- c:\windows\DUMP16f3.tmp
2009-12-21 08:04:41 90112 ----a-w- c:\windows\DUMP16b4.tmp
2009-12-21 08:04:41 90112 ----a-w- c:\windows\DUMP14df.tmp
2009-12-20 16:43:56 0 d-----w- c:\windows\Cookies
2009-12-20 16:43:39 0 d-----w- c:\windows\Recent
2009-12-17 22:32:34 0 d--h--w- c:\windows\system32\GroupPolicy
2009-12-17 22:17:50 389120 ----a-w- c:\windows\system32\cmd.execf
2009-12-13 23:52:52 0 d-----w- c:\windows\pss
2009-12-13 23:51:13 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-12-13 23:51:13 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

==================== Find3M ====================

2009-11-21 15:51:04 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2009-10-28 14:36:11 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\dllcache\raschap.dll
2008-09-12 01:01:11 168 --sh--r- c:\windows\system32\6B2DE16B13.sys
2008-07-29 12:56:18 152 --sh--r- c:\windows\system32\7392DBB05A.sys
2008-09-12 01:01:29 9602 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 14:13:07.45 ===============



rootrepeal log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/05 14:14
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xF470C000 Size: 749568 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF147B000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\Config\Config
Status: Locked to the Windows API!

Path: C:\WINDOWS\Connection Wizard\Connection Wizard
Status: Locked to the Windows API!

Path: C:\WINDOWS\ftpcache\ftpcache
Status: Locked to the Windows API!

Path: C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\dhcp\dhcp
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\FxsTmp\FxsTmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1025\1025
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1028\1028
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1031\1031
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1037\1037
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1041\1041
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1042\1042
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1054\1054
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\2052\2052
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\3076\3076
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\3com_dmi\3com_dmi
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\export\export
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\xircom\xircom
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\ShellExt\ShellExt
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\wins\wins
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\_avast4_\_avast4_
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\MCAF1.tmp\MCAF1.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\MCA42.tmp\MCA42.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\MCA96.tmp\MCA96.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\MCA35B.tmp\MCA35B.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\MCQTFILE00000\MCQTFILE00000
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\MCQTFILE00001\MCQTFILE00001
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\MCQTFILE00002\MCQTFILE00002
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\MCQTFILE00003\MCQTFILE00003
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\MCQTFILE00004\MCQTFILE00004
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\MCQTFILE00005\MCQTFILE00005
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d1\d1
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d2\d2
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d3\d3
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d4\d4
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d5\d5
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d6\d6
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d7\d7
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d8\d8
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB904706\KB904706
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB912812\KB912812
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB916281\KB916281
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB918899\KB918899
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB920213\KB920213
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB922760\KB922760
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB924496\KB924496
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB932168\KB932168
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB933729\KB933729
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB941568\KB941568
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB943460\KB943460
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp98\imejp98
Status: Locked to the Windows API!

Path: C:\WINDOWS\java\classes\classes
Status: Locked to the Windows API!

Path: C:\WINDOWS\java\trustlib\trustlib
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\tmp\tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\Registration\CRMLog\CRMLog
Status: Locked to the Windows API!

Path: C:\WINDOWS\msapps\msinfo\msinfo
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\LogFiles\WUDF\WUDF
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\oobe\sample\sample
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\wbem\snmp\snmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\disdn\disdn
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\GroupPolicy\Machine\Machine
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\GroupPolicy\User\User
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\appmgmt\S-1-5-21-1353563555-4007092142-3756461379-1007\S-1-5-21-1353563555-4007092142-3756461379-1007
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\mui\dispspec\dispspec
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\TempRec\TempSBE\TempSBE
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\batch\batch
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Temp\Temp
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\chsime\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\CHTIME\Applets\Applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imjp8_1\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imkr6_1\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imkr6_1\dicts\dicts
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\shared\res\res
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\Sun\Java\Deployment\Deployment
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\oobe\html\oemcust\oemcust
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\oobe\html\oemhw\oemhw
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\oobe\html\oemreg\oemreg
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\wbem\mof\bad\bad
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\wbem\mof\good\good
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\MCA176.tmp\tempinst\cntrlbin_cab\cntrlbin_cab
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\MCA176.tmp\tempinst\cntrlres_cab\cntrlres_cab
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\MCA176.tmp\tempinst\shredbin_cab\shredbin_cab
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\MCA176.tmp\tempinst\shredcfg_cab\shredcfg_cab
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1B57.tmp\ZAP1B57.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1CA8.tmp\ZAP1CA8.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Status: Locked to the Windows API!

Path: c:\documents and settings\all users\application data\microsoft\microsoft antimalware\support\mpwpptracing.bin
Status: Allocation size mismatch (API: 524288, Raw: 65536)

Path: C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jonathon\Local Settings\Application Data\Microsoft\CD Burning\Summer 2009\JHIRSC~1.MP3
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\{4E3254D7-522A-412A-9296-3F4767B3A2CB}
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jonathon\Local Settings\Application Data\Microsoft\CD Burning\Summer 2008\Revival 2008\REVIVA~1.MP3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jonathon\Local Settings\Application Data\Microsoft\CD Burning\Summer 2008\Revival 2008\REVIVA~3.MP3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jonathon\Local Settings\Application Data\Microsoft\CD Burning\Summer 2008\Revival 2008\REVIVA~2.MP3
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1353563555-4007092142-3756461379-500\S-1-5-21-1353563555-4007092142-3756461379-500
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-343818398-1004336348-839522115-500\S-1-5-21-343818398-1004336348-839522115-500
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jonathon\Local Settings\Application Data\Microsoft\CD Burning\Summer 2009\New Folder\New Folder\RIPPLE~1.MOV
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1353563555-4007092142-3756461379-500\S-1-5-21-1353563555-4007092142-3756461379-500
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-343818398-1004336348-839522115-500\S-1-5-21-343818398-1004336348-839522115-500
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Musicmatch\Jukebox\Cache\Cache
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache
Status: Locked to the Windows API!

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf4a286b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf4a28574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf4a28a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf4a2814c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf4a2864e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf4a2808c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf4a280f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf4a2876e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf4a2872e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf4a288ae

==EOF==

Thanks for the help

Philip

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:54 AM

Posted 13 January 2010 - 09:13 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users