Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed BearShare and other malware programs


  • This topic is locked This topic is locked
2 replies to this topic

#1 grrArgh

grrArgh

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 20 July 2011 - 07:07 PM

Hello,

I've been working on cleaning up the computer of a friend's daughter.

She clicked on one of those ads saying something was absolutely free and ended up installing bearshare and a bunch of other unwanted applications.

I've been going through and removing the programs she didn't intentionally install. Malwarebytes and Microsoft Security Essentials are now coming back clean, but I wanted to double check and make sure that I haven't missed anything.

The OS is Windows 7 Starter, PC is a Netbook

Thanks in advance for your time.

DDS:

DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by samantha at 10:41:17 on 2011-07-20
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1012.355 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Launch Manager\LMutilps32.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe
C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
uURLSearchHooks: {9565115d-c7d6-46d3-bd63-b67b481a4368} - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FacePaint.Plugin: {A15C7D2D-9A4C-4c9a-9BD4-CC4815B28EBC} -
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: FacePaint Toolbar: {cccc7d2d-9a4c-4c9a-9bd4-cc4815b28ccc} -
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SuiteTray] "c:\program files\egistec mywinlockersuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "c:\program files\egistec ips\PmmUpdate.exe"
mRun: [EgisUpdate] "c:\program files\egistec ips\EgisUpdate.exe" -d
mRun: [Norton Online Backup] c:\program files\symantec\norton online backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Power Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [Starter] c:\program files\driver-soft\drivergenius\StarterW3i.exe
mRun: [TaskTray] c:\program files\driver-soft\drivergenius\TaskTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1A4B8940-89F6-490C-BCE0-24B7D1A3C79D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AF829196-EBBE-4D61-BA0C-F469B5640550} : DHCPNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{AF829196-EBBE-4D61-BA0C-F469B5640550}\E4544574541425 : DHCPNameServer = 10.0.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\windows mail\WinMail.exe" OCInstallUserConfigOE
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl14eff2d3;MpKsl14eff2d3;c:\programdata\microsoft\microsoft antimalware\definition updates\{3bb19097-9fa3-43e7-b9b9-23bf3b2e9fa5}\MpKsl14eff2d3.sys [2011-7-20 28752]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2011-3-24 19304]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2011-3-24 16744]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2011-3-24 62048]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2011-3-24 352336]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2011-4-30 739944]
R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-3-24 13336]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2011-3-24 1751656]
R2 Live Updater Service;Live Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2011-3-24 244624]
R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-6-1 2057560]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2011-3-24 260640]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2011-3-24 250984]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-24 327784]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-1 183560]
S3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\common files\egistec\services\EgisTicketService.exe [2010-9-27 172912]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-07-20 15:30:49 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3bb19097-9fa3-43e7-b9b9-23bf3b2e9fa5}\MpKsl14eff2d3.sys
2011-07-20 15:02:55 -------- d-----w- c:\program files\Wise Registry Cleaner
2011-07-20 15:01:08 -------- d-----w- c:\program files\Wise Disk Cleaner
2011-07-20 14:28:48 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3bb19097-9fa3-43e7-b9b9-23bf3b2e9fa5}\mpengine.dll
2011-07-19 14:16:15 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-07-19 14:03:45 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-07-19 14:02:48 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-19 14:02:47 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-07-19 14:02:44 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-19 13:54:42 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-19 13:54:42 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-19 13:54:42 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-18 20:58:54 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-07-18 16:45:13 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{29ed95b2-c01a-4ea6-8bbe-cc5c29aeefe1}\gapaengine.dll
2011-07-18 16:44:46 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-18 16:42:42 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-18 13:32:28 -------- d-----w- c:\program files\ESET
2011-07-15 23:56:42 -------- d-----w- c:\users\samantha\appdata\roaming\Malwarebytes
2011-07-15 23:56:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-15 23:56:05 -------- d-----w- c:\programdata\Malwarebytes
2011-07-15 23:56:01 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 23:56:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-13 20:54:40 -------- d-sh--w- C:\found.000
2011-07-09 22:15:24 -------- d-----w- c:\programdata\1810E
2011-07-05 23:23:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-07-05 23:23:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-07-05 23:23:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-07-05 23:23:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-07-05 23:23:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-07-05 23:23:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-07-05 23:23:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-07-05 23:20:58 -------- d-----w- c:\users\samantha\appdata\local\Apple
2011-07-05 23:18:48 -------- d-----w- c:\program files\Bonjour
2011-07-05 20:45:51 -------- d-----w- c:\users\samantha\appdata\local\{BD5442B2-CC52-4990-AA5E-0F6D0E15A9B8}
2011-07-05 20:45:50 -------- d-----w- c:\users\samantha\appdata\local\{93656EB3-97A3-4D3F-A474-7C9325371426}
2011-07-03 19:17:55 -------- d-----w- c:\users\samantha\appdata\roaming\RegistryKeys
2011-07-03 16:52:29 -------- d-----w- c:\program files\FacePaint
2011-07-03 16:51:54 -------- d-----w- c:\program files\Driver-Soft
2011-07-01 21:28:12 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-01 21:28:09 -------- d-----w- c:\users\samantha\appdata\local\Conduit
2011-07-01 21:27:31 -------- d-----w- c:\program files\Yontoo Layers
2011-07-01 21:27:26 -------- d-----w- c:\programdata\Tarma Installer
2011-06-25 17:22:07 -------- d-----r- c:\program files\Skype
2011-06-23 21:44:43 -------- d-----w- c:\windows\system32\drivers\nss\0301010.006
2011-06-23 21:44:43 -------- d-----w- c:\windows\system32\drivers\NSS
2011-06-23 21:44:43 -------- d-----w- c:\program files\Norton Security Scan
2011-06-23 21:44:40 18944 ----a-r- c:\users\samantha\appdata\roaming\microsoft\installer\{297dcada-86a1-4a42-8a13-66b7d7a09fd2}\IconBB6A16301.exe
2011-06-23 21:44:38 -------- d-----w- c:\programdata\Norton
2011-06-23 21:44:28 -------- d-----w- c:\programdata\NortonInstaller
2011-06-23 21:44:28 -------- d-----w- c:\program files\NortonInstaller
2011-06-23 21:43:18 212240 ----a-w- c:\windows\system32\Richtx32.ocx
2011-06-23 21:43:17 -------- d-----w- c:\program files\Winferno
2011-06-23 21:37:33 -------- d-----w- c:\program files\Yahoo!
.
==================== Find3M ====================
.
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-14 06:30:30 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-05-14 06:23:24 271872 ----a-w- c:\windows\system32\conhost.exe
2011-05-10 13:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 13:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-03 04:30:02 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:46:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46:15 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46:10 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 20:25:24 65024 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2011-04-25 04:31:30 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:18:03 338944 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 10:42:11.73 ===============



Gmer

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-20 12:37:49
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0001
Running: gmer.exe; Driver: C:\Users\samantha\AppData\Local\Temp\pwtyrkow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 81E81339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EBAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text autochk.exe 001F11D2 1 Byte [73]
.text autochk.exe 001F11D2 3 Bytes [73, 00, 5C] {JAE 0x2; POP ESP}
.text autochk.exe 001F11D6 1 Byte [73]
.text autochk.exe 001F11D6 3 Bytes [73, 00, 79]
.text autochk.exe 001F11DA 1 Byte [73]
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mwlPSDFilter.sys (PSD Filter Driver/Egis Technology Inc.)

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:07 PM

Posted 02 August 2011 - 09:40 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:07 PM

Posted 10 August 2011 - 05:01 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users