Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown malware causes browser pop-ups and redirects.


  • This topic is locked This topic is locked
14 replies to this topic

#1 Ipsagogique

Ipsagogique

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 21 February 2012 - 09:26 PM

To whomever may help me, greetings.

I am sorry to bother you with yet another browser malware, but after attempting unsuccessfully all the normal and usually effective solutions I finally gave up, so here I am asking for help. The only visible effect of this malware seems to be the bombarding of my browsers with pop-ups and redirects. I had a similar problem a couple of years ago, but this time the malware is far more aggressive (pop-ups and redirects are extremely frequent), and far less inclined to leave its current residence. I have attempted, unsuccessfully, to remove the malware with AVG-2012 and Malwarebytes, but all attempts proved unsuccessful. It affects both IE and Firefox. Firefox uninstall and re-install proved also unsuccessful.

Pop-ups and redirects usually point towards bogus search engines, real e-Bay pages, as well as to chats with young girls of slightly dubious morality, so to say. I have also noticed that in most cases the redirect, before reaching its final destination, passes via two companies of PPC advertising, jemacpv.com and popxml.com (most often the former), although I know not how relevant this might be.

I thank you in advance for all the help you can give me.


.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Leviathan at 2:41:05 on 2012-02-22
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2038.1443 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
SVCHOST.EXE
SVCHOST.EXE
C:\Programmi\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\Explorer.EXE
SVCHOST.EXE
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\LEVIAT~1\IMPOST~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programmi\Nightly\firefox.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmi\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: Acer eDataSecurity Management: {0e1230f8-ea50-42a9-983c-d22abc2eed3b} - c:\windows\system32\ToolBand.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\programmi\skype\phone\Skype.exe" /nosplash /minimized
mRun: [LaunchApp] Alaunch
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\programmi\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: univ-tours.fr\www.bvh
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{40D986A7-557C-48C5-83C0-2DE41B213B22} : DhcpNameServer = 194.168.4.100 194.168.8.100
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\leviathan\dati applicazioni\mozilla\firefox\profiles\avvp9oq9.default\
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-3 64288]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\programmi\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2008-1-3 1088896]
S1 RapportBuka;RapportBuka;\??\c:\windows\system32\drivers\rapportbuka.sys --> c:\windows\system32\drivers\RapportBuka.sys [?]
S2 gsensor;gsensor;\??\c:\windows\system32\gsensor.sys --> c:\windows\system32\gsensor.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\google\update\GoogleUpdate.exe [2010-9-4 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\programmi\lavasoft\ad-aware\aawservice.exe" --> c:\programmi\lavasoft\ad-aware\AAWService.exe [?]
S2 OODefrag;O&O Defrag;c:\windows\system32\oodag.exe [2002-2-8 263168]
S2 r_server;Remote Administrator Service;"c:\windows\system32\r_server.exe" /service --> c:\windows\system32\r_server.exe [?]
S3 cpudrv;cpudrv;c:\programmi\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\google\update\GoogleUpdate.exe [2010-9-4 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys --> c:\windows\system32\drivers\ewusbdev.sys [?]
S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [2009-9-12 7936]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\mozilla maintenance service\maintenanceservice.exe [2012-2-15 112584]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-1-3 32512]
S3 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\dati applicazioni\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys --> c:\documents and settings\all users\dati applicazioni\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-1-9 280344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
.
=============== Created Last 30 ================
.
2012-02-21 03:00:26 -------- d-----w- c:\documents and settings\leviathan\dati applicazioni\Malwarebytes
2012-02-17 20:58:16 -------- d-----w- c:\documents and settings\leviathan\impostazioni locali\dati applicazioni\Mozilla
2012-02-16 18:07:10 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-16 18:05:37 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-16 18:05:23 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-02-16 18:05:07 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2012-02-16 18:03:17 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-16 18:02:57 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-16 18:02:37 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2012-02-16 18:02:37 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2012-02-16 18:02:09 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2012-02-16 18:02:08 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2012-02-16 18:02:08 286208 ------w- c:\windows\system32\dllcache\pdh.dll
2012-02-16 18:02:08 111104 ------w- c:\windows\system32\dllcache\services.exe
2012-02-16 18:02:07 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2012-02-16 18:02:06 683520 ------w- c:\windows\system32\dllcache\advapi32.dll
2012-02-16 18:02:06 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-02-16 18:00:47 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-16 18:00:42 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-02-16 17:58:49 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2012-02-16 17:44:28 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2012-02-16 17:41:43 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
2012-02-16 17:41:24 221696 ------w- c:\windows\system32\dllcache\wordpad.exe
2012-02-16 17:41:08 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-16 17:39:00 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-02-16 17:38:39 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-16 02:41:26 -------- d-----w- c:\programmi\Nightly
2012-02-15 22:41:52 -------- d-----w- c:\programmi\Mozilla Maintenance Service
2012-02-15 22:41:45 -------- d-----w- c:\programmi\Aurora
2012-02-15 22:04:31 -------- d-----w- c:\documents and settings\leviathan\impostazioni locali\dati applicazioni\Western Digital
2012-02-15 21:32:04 -------- d-sh--w- C:\FOUND.046
.
==================== Find3M ====================
.
2012-02-13 13:13:34 90112 ----a-w- c:\windows\DUMP900b.tmp
2012-01-21 16:02:00 54016 ----a-w- c:\windows\system32\drivers\orycisx.sys
2012-01-12 17:20:32 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:43:50 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:43:50 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:43:50 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-07 21:01:24 90112 ----a-w- c:\windows\DUMP90c6.tmp
2011-11-25 21:57:08 293888 ----a-w- c:\windows\system32\winsrv.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS541612J9SA00 rev.SBDOC7KP -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B083B4C]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV ECX, [EBP+0x8]; MOV EAX, [0x8b08a184]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; CMP ECX, [0x8b08a108]; JNZ 0x22; MOV ECX, EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B09BAB8]
3 CLASSPNP[0xBA118FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000090[0x8B0479E8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B06A940]
\Driver\atapi[0x8B046CF8] -> IRP_MJ_CREATE -> 0x8B083B4C
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHitachi_HTS541612J9SA00_________________SBDOC7KP#5&273f7755&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8B083A17
user != kernel MBR !!!
sectors 234441646 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 2.42.44,01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 22 February 2012 - 08:55 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Ipsagogique

Ipsagogique
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 22 February 2012 - 10:46 AM

Hello Gringo,

Thank you for your help and for your prompt reply. Everything went fine; Combofix had a pop-up screen saying it had found a MBR infection, for which it asked reboot. While rebooting, it went to blue screen (too sudden for me to read the content), so I was not sure if things were OK or not, and in fact I still am not completely sure. While performing the disk-check upon reboot it said it had truncated two voices: 1) Combofix, 2) Qoobox/Quarantine something. However, when XP was up again I re-launched Combofix, which seems to have finished the job without problems and produced the report which you see below.

I tested Firefox a couple of times now and it seems to work fine, but, never know, I will continue testing: after all, the only good malware is a dead malware. Finally, I have noticed that several folders in C: drive that used to be hidden folders are now plainly visible. I guess this must be Combofix. Anyway, it does not seem to be a problem. Please let me know if there is anything else you need to know.

Thanks in advance for all your help,
Ipsagogique



ComboFix 12-02-22.01 - Leviathan 22/02/2012 16.12.36.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2038.1358 [GMT 1:00]
Eseguito da: c:\documents and settings\Leviathan\Desktop\Bleeping\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\All Users\Dati applicazioni\TEMP\0B4227B4.TMP
c:\documents and settings\Leviathan\Dati applicazioni\Adobe\plugs
c:\documents and settings\Leviathan\WINDOWS
c:\programmi\OfferBox
c:\programmi\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
c:\programmi\WinPCap
c:\programmi\WinPCap\daemon_mgm.exe
c:\programmi\WinPCap\npf_mgm.exe
c:\programmi\WinPCap\rpcapd.exe
c:\windows\IsUn0410.exe
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SET5D.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET74.tmp
c:\windows\system32\SET75.tmp
c:\windows\system32\SET79.tmp
c:\windows\system32\SETAA.tmp
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Creati Da 2012-01-22 al 2012-02-22 )))))))))))))))))))))))))))))))))))
.
.
2012-02-22 15:08 . 2012-02-22 15:08 -------- d-----w- C:\FOUND.000
2012-02-21 03:00 . 2012-02-21 03:00 -------- d-----w- c:\documents and settings\Leviathan\Dati applicazioni\Malwarebytes
2012-02-20 22:31 . 2012-02-20 22:31 -------- d-----w- c:\documents and settings\Leviathan\Dati applicazioni\dvdcss
2012-02-17 20:58 . 2012-02-17 20:58 -------- d-----w- c:\documents and settings\Leviathan\Impostazioni locali\Dati applicazioni\Mozilla
2012-02-16 19:05 . 2012-02-16 19:05 -------- d-----w- c:\documents and settings\Leviathan\Dati applicazioni\vlc
2012-02-16 18:07 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-16 18:05 . 2011-07-15 13:29 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-16 18:05 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-02-16 18:05 . 2009-11-21 15:54 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2012-02-16 18:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-16 18:02 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-16 18:02 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2012-02-16 18:02 . 2009-10-15 16:29 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2012-02-16 18:02 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2012-02-16 18:02 . 2009-03-06 14:19 286208 ------w- c:\windows\system32\dllcache\pdh.dll
2012-02-16 18:02 . 2009-02-09 11:22 111104 ------w- c:\windows\system32\dllcache\services.exe
2012-02-16 18:02 . 2009-02-09 10:51 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2012-02-16 18:02 . 2009-02-09 10:51 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2012-02-16 18:02 . 2009-02-09 10:51 683520 ------w- c:\windows\system32\dllcache\advapi32.dll
2012-02-16 18:02 . 2009-02-09 10:51 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-02-16 18:00 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-16 18:00 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-02-16 17:58 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2012-02-16 17:44 . 2008-10-15 16:36 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2012-02-16 17:41 . 2010-12-09 15:15 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
2012-02-16 17:41 . 2010-07-16 12:02 221696 ------w- c:\windows\system32\dllcache\wordpad.exe
2012-02-16 17:41 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-16 17:39 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-02-16 17:38 . 2010-08-16 08:44 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-16 02:41 . 2012-02-16 02:41 -------- d-----w- c:\programmi\Nightly
2012-02-15 22:41 . 2012-02-15 22:41 -------- d-----w- c:\programmi\Mozilla Maintenance Service
2012-02-15 22:41 . 2012-02-15 22:41 -------- d-----w- c:\programmi\Aurora
2012-02-15 22:04 . 2012-02-15 22:04 -------- d-----w- c:\documents and settings\Leviathan\Impostazioni locali\Dati applicazioni\Western Digital
2012-02-15 21:32 . 2012-02-15 21:32 -------- d-----w- C:\FOUND.046
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 13:13 . 2008-01-03 16:13 90112 ----a-w- c:\windows\DUMP900b.tmp
2012-01-21 16:02 . 2012-01-21 16:01 54016 ----a-w- c:\windows\system32\drivers\orycisx.sys
2012-01-12 17:20 . 2004-08-19 04:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:43 . 2004-08-19 04:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:43 . 2004-08-19 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:43 . 2004-08-19 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-19 04:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-07 21:01 . 2008-01-03 16:13 90112 ----a-w- c:\windows\DUMP90c6.tmp
2011-11-25 21:57 . 2004-08-19 04:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2007-08-09 12:08 . 2008-04-15 17:30 8784 ----a-w- c:\programmi\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 12:10 . 2008-04-15 17:30 245408 ----a-w- c:\programmi\mozilla firefox\plugins\unicows.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\usp10.dll
[7] 2008-04-13 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-04-29 . 74A36A6F9827CE0A6F3F454174850F0E . 424960 . . [1.0473.4067.15] . . c:\windows\system32\USP10.DLL
[-] 2004-04-29 . 74A36A6F9827CE0A6F3F454174850F0E . 424960 . . [1.0473.4067.15] . . c:\windows\system32\dllcache\USP10.DLL
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 3080192]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 344064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6924:TCP"= 6924:TCP:*:Disabled:spport
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [03/08/2010 16.52.15 64288]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\programmi\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [17/12/2009 15.32.32 497856]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [03/01/2008 17.28.15 1088896]
S1 RapportBuka;RapportBuka;\??\c:\windows\system32\drivers\RapportBuka.sys --> c:\windows\system32\drivers\RapportBuka.sys [?]
S2 gsensor;gsensor;\??\c:\windows\system32\gsensor.sys --> c:\windows\system32\gsensor.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [04/09/2010 17.01.10 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\programmi\Lavasoft\Ad-Aware\AAWService.exe" --> c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [?]
S2 OODefrag;O&O Defrag;c:\windows\system32\oodag.exe [08/02/2002 12.15.20 263168]
S2 r_server;Remote Administrator Service;"c:\windows\system32\r_server.exe" /service --> c:\windows\system32\r_server.exe [?]
S3 cpudrv;cpudrv;c:\programmi\SystemRequirementsLab\cpudrv.sys [18/12/2009 10.58.52 11336]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [04/09/2010 17.01.10 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [12/09/2009 18.36.58 7936]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [15/02/2012 23.41.52 112584]
S3 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\dati applicazioni\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys --> c:\documents and settings\all users\dati applicazioni\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-09-04 16:00]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-09-04 16:00]
.
2011-11-03 c:\windows\Tasks\wavepadShakeIcon.job
- c:\programmi\NCH Software\WavePad\wavepad.exe [2011-10-24 22:59]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1602300135-1746665282-2610616225-1005Core1ccdf8293368cb0.job
- c:\documents and settings\Leviathan\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-06-30 13:18]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: univ-tours.fr\www.bvh
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\documents and settings\Leviathan\Dati applicazioni\Mozilla\Firefox\Profiles\avvp9oq9.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\documents and settings\All Users\Dati applicazioni\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-22 16:20
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ||9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|.|9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG04.00.00.01SERVER"="7F132672F31ADA2D9611AE5C7FA13D32C03196ED919F618BEC61D95447E9DCC4A01D66B45B3F924B428C288A9CF82799B042678F2A4BC760AB7B72B60A0BBC508A7A9D3803994F67C86D8AAA50C77B575BE1CA2D23D878F2584D4922EE130B3775A3827B8FD7A8D9477D1C14B6DBEE6B61CBB417AA5BE50BBC2619FE5BEE962A6D16FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A6171C11EC38DE3DA6A0AC4980AC7933B5D6B2A5A2A95BFD19F56AE25493033C77C7F280BAE32EDD3E4423C1433F38F820606E5B8EFD6B2F468278470273B480C895F51F33BC31B5FB9C598E142884D08BE0D6CB7F1F7E1CEBA934AD083298B8900BE6C39FA6BCC87D3A09080997DA279F80151EA0AC54A8FC2CF91EECD93579B0A07AF684B13A0031F1DADA44C82AD0F70C663DD02A7F3B646DBCE4EB56E0DBFDF5F3061CD46542FA3908F21CDCB4A925729859220267417EF8819375F9477C434BB083516CD07EB1ABE00398568F912BC812645B00C6A81DF95F7CAC7A687BBE089D42C4345F2620874902F71C24E881464B167653AB6604C18638687098FC23343C5ECBD0CA2F8530B62A2BF9B19815C54E6A2391F8F06CC4B723355AFE2B167F24B16E461F13152C3778D81F480945493D9EC2B265C4839C465D529718B230BB00DFE881BE4F75276730D91FCE2AE5F2CBB7EC93FBE16B859C4BB2EF324281DD8B4DACCF5C65C0EEFB56BC727E6E3F0CC27B6BF31C4BB7E0B815FE0C72118A009B22DDE283DB88F6BB364072E5CC8D7FFC76BCF7F609F2B4ABA612F85055C260164DD3520EBB4D5681DDDC5F653F015DECF593A895A598271930FA27184D13E0F37F1D182D1208C83E9EBBDDB3443E59158ED6F2D0321A073D25FDED6839D907C4AC7892E7F0A1AAF38FB873DAE05BCB8E972026D7C15CC5623F9185355D68FC2A0F5C04946FFA02B989E60D3897E5B0852BBE772EEBB9F5EBF9628CC7040691DAA3EE13E1A467F23B2B8BF7FD77DCA8B928B57FAACC7D534E15D0033A776CB4202B8EC94FB02BCAB8589E6AB10C357580343AB87683693891146E4EFC0AC87DD82CCA9632B204F503B5CFF92CE8D6804133370691333227D5C08338D30F3EA6F8ED684D32D22189842C7FA11CA41D5678534BAACF8502454AA60B6ED5E0620C84FD60224E39A2BBB56C44C204DA59A4B680C94FD4A3755AB41536036F5A3EB1952FDE305593A2E627E7669FB8294EC120F0B87E9EBF1CD26EA1E669615D523B5C144477EC152A8A7C53635FE2B234A46C1AD2AB7B0BFC41E424B47DBDCE0EF4998826D70EF03A49EBA96E8D831DB7E76837062B0C3E8FD998B7ECF96C96D8CB25A6CB99856244E942AA6A996994784D75C8F4B2C8954275A0BC0D82"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(3484)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\acer\Empowering Technology\admServ.exe
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\LEVIAT~1\IMPOST~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Ora fine scansione: 2012-02-22 16:23:03 - Il pc stato riavviato
ComboFix-quarantined-files.txt 2012-02-22 15:23
.
Pre-Run: 98.941.501.440 byte disponibili
Post-Run: 99.288.055.808 byte disponibili
.
- - End Of File - - C0079BC42A1A5EFD63AF56D42D999BEC

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 22 February 2012 - 10:56 AM

Greetings Ipsagogique

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Ipsagogique

Ipsagogique
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 22 February 2012 - 11:13 AM

Dear Gringo, here follow the reports.
Thanks, Ipsagogique


1) TdssKiller:

17:04:56.0718 2716 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
17:04:56.0828 2716 ============================================================
17:04:56.0828 2716 Current date / time: 2012/02/22 17:04:56.0828
17:04:56.0828 2716 SystemInfo:
17:04:56.0828 2716
17:04:56.0828 2716 OS Version: 5.1.2600 ServicePack: 3.0
17:04:56.0828 2716 Product type: Workstation
17:04:56.0828 2716 ComputerName: LEVIATHAN
17:04:56.0828 2716 UserName: Leviathan
17:04:56.0828 2716 Windows directory: C:\WINDOWS
17:04:56.0828 2716 System windows directory: C:\WINDOWS
17:04:56.0828 2716 Processor architecture: Intel x86
17:04:56.0828 2716 Number of processors: 2
17:04:56.0828 2716 Page size: 0x1000
17:04:56.0828 2716 Boot type: Normal boot
17:04:56.0828 2716 ============================================================
17:04:57.0906 2716 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:04:57.0906 2716 \Device\Harddisk0\DR0:
17:04:57.0906 2716 MBR used
17:04:57.0906 2716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xDF93782
17:04:57.0921 2716 Initialize success
17:04:57.0921 2716 ============================================================
17:05:03.0906 4000 ============================================================
17:05:03.0906 4000 Scan started
17:05:03.0906 4000 Mode: Manual;
17:05:03.0906 4000 ============================================================
17:05:04.0421 4000 Abiosdsk - ok
17:05:04.0593 4000 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:05:04.0593 4000 abp480n5 - ok
17:05:04.0703 4000 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:05:04.0703 4000 ACPI - ok
17:05:04.0734 4000 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:05:04.0750 4000 ACPIEC - ok
17:05:04.0890 4000 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:05:04.0906 4000 adpu160m - ok
17:05:05.0000 4000 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:05:05.0000 4000 aec - ok
17:05:05.0265 4000 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:05:05.0265 4000 AegisP - ok
17:05:05.0328 4000 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:05:05.0328 4000 AFD - ok
17:05:05.0453 4000 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:05:05.0453 4000 agp440 - ok
17:05:05.0562 4000 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:05:05.0562 4000 agpCPQ - ok
17:05:05.0734 4000 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:05:05.0734 4000 Aha154x - ok
17:05:05.0859 4000 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:05:05.0859 4000 aic78u2 - ok
17:05:06.0000 4000 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:05:06.0000 4000 aic78xx - ok
17:05:06.0062 4000 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:05:06.0062 4000 AliIde - ok
17:05:06.0171 4000 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:05:06.0171 4000 alim1541 - ok
17:05:06.0250 4000 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:05:06.0250 4000 amdagp - ok
17:05:06.0453 4000 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:05:06.0453 4000 amsint - ok
17:05:06.0546 4000 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:05:06.0546 4000 Arp1394 - ok
17:05:06.0703 4000 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:05:06.0703 4000 asc - ok
17:05:06.0828 4000 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:05:06.0828 4000 asc3350p - ok
17:05:06.0968 4000 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:05:06.0968 4000 asc3550 - ok
17:05:07.0125 4000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:05:07.0125 4000 AsyncMac - ok
17:05:07.0203 4000 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:05:07.0203 4000 atapi - ok
17:05:07.0406 4000 Atdisk - ok
17:05:07.0500 4000 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:05:07.0500 4000 Atmarpc - ok
17:05:07.0671 4000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:05:07.0671 4000 audstub - ok
17:05:07.0812 4000 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:05:07.0812 4000 b57w2k - ok
17:05:07.0843 4000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:05:07.0843 4000 Beep - ok
17:05:08.0078 4000 btaudio (f73d41fd3653fe64cc79610f7b240472) C:\WINDOWS\system32\drivers\btaudio.sys
17:05:08.0093 4000 btaudio - ok
17:05:08.0375 4000 BTDriver (4854ed2ee57769b9527680978a9dd5b4) C:\WINDOWS\system32\DRIVERS\btport.sys
17:05:08.0375 4000 BTDriver - ok
17:05:08.0484 4000 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
17:05:08.0484 4000 BthEnum - ok
17:05:08.0593 4000 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
17:05:08.0593 4000 BthPan - ok
17:05:08.0671 4000 BTHPORT (ad0da527dec931c85647cb265ceda13d) C:\WINDOWS\system32\Drivers\BTHport.sys
17:05:08.0687 4000 BTHPORT - ok
17:05:09.0000 4000 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
17:05:09.0000 4000 BTHUSB - ok
17:05:09.0187 4000 BTKRNL (4ebd4ebff01617fbda6ce7963f150918) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
17:05:09.0203 4000 BTKRNL - ok
17:05:09.0484 4000 BTSERIAL (6d9f1d03d4eba886e1626d856762b4f0) C:\WINDOWS\system32\drivers\btserial.sys
17:05:09.0484 4000 BTSERIAL - ok
17:05:09.0703 4000 BTWDNDIS (96708d343264abaf8ad93c464b2fc9ca) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
17:05:09.0718 4000 BTWDNDIS - ok
17:05:09.0906 4000 BTWUSB (589400f357f6cb156a6f804035514da0) C:\WINDOWS\system32\Drivers\btwusb.sys
17:05:09.0906 4000 BTWUSB - ok
17:05:09.0921 4000 BVRPMPR5 - ok
17:05:09.0968 4000 catchme - ok
17:05:10.0125 4000 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:05:10.0125 4000 cbidf - ok
17:05:10.0250 4000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:05:10.0250 4000 cbidf2k - ok
17:05:10.0328 4000 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:05:10.0328 4000 CCDECODE - ok
17:05:10.0500 4000 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:05:10.0500 4000 cd20xrnt - ok
17:05:10.0562 4000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:05:10.0562 4000 Cdaudio - ok
17:05:10.0640 4000 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:05:10.0640 4000 Cdfs - ok
17:05:10.0687 4000 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:05:10.0687 4000 Cdrom - ok
17:05:10.0890 4000 Changer - ok
17:05:11.0046 4000 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:05:11.0062 4000 CmBatt - ok
17:05:11.0187 4000 CmdIde (03a71b880380d15a0f951612b0f52be8) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:05:11.0187 4000 CmdIde - ok
17:05:11.0281 4000 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:05:11.0281 4000 Compbatt - ok
17:05:11.0437 4000 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:05:11.0437 4000 Cpqarray - ok
17:05:11.0562 4000 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Programmi\SystemRequirementsLab\cpudrv.sys
17:05:11.0562 4000 cpudrv - ok
17:05:11.0765 4000 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
17:05:11.0765 4000 CVirtA - ok
17:05:11.0921 4000 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:05:11.0921 4000 dac2w2k - ok
17:05:12.0093 4000 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:05:12.0093 4000 dac960nt - ok
17:05:12.0218 4000 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:05:12.0218 4000 Disk - ok
17:05:12.0375 4000 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\Drivers\DKbFltr.sys
17:05:12.0375 4000 DKbFltr - ok
17:05:12.0500 4000 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
17:05:12.0515 4000 dmboot - ok
17:05:12.0671 4000 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
17:05:12.0687 4000 dmio - ok
17:05:12.0734 4000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:05:12.0734 4000 dmload - ok
17:05:12.0875 4000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:05:12.0875 4000 DMusic - ok
17:05:13.0078 4000 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
17:05:13.0078 4000 DNE - ok
17:05:13.0234 4000 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:05:13.0234 4000 dpti2o - ok
17:05:13.0390 4000 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:05:13.0390 4000 drmkaud - ok
17:05:13.0578 4000 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
17:05:13.0578 4000 EpmPsd - ok
17:05:13.0734 4000 EpmShd (50425cbd80468bf53ba90f0d7cc61805) C:\WINDOWS\system32\drivers\epm-shd.sys
17:05:13.0734 4000 EpmShd - ok
17:05:13.0984 4000 ewusbnet - ok
17:05:14.0062 4000 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:05:14.0062 4000 Fastfat - ok
17:05:14.0171 4000 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:05:14.0171 4000 Fdc - ok
17:05:14.0234 4000 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
17:05:14.0234 4000 Fips - ok
17:05:14.0312 4000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:05:14.0312 4000 Flpydisk - ok
17:05:14.0437 4000 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:05:14.0453 4000 FltMgr - ok
17:05:14.0484 4000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:05:14.0484 4000 Fs_Rec - ok
17:05:14.0609 4000 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:05:14.0609 4000 Ftdisk - ok
17:05:14.0812 4000 GEARAspiWDM - ok
17:05:14.0921 4000 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:05:14.0921 4000 Gpc - ok
17:05:16.0812 4000 gsensor - ok
17:05:17.0015 4000 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:05:17.0015 4000 HDAudBus - ok
17:05:17.0109 4000 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:05:17.0109 4000 HidUsb - ok
17:05:17.0265 4000 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:05:17.0265 4000 hpn - ok
17:05:17.0328 4000 HSFHWAZL (a30d7011c1b80a0bc16602d99218d522) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:05:17.0328 4000 HSFHWAZL - ok
17:05:17.0531 4000 HSF_DPV (5a5a7721d9c62d77fc0faba9b2cf5be9) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:05:17.0546 4000 HSF_DPV - ok
17:05:17.0625 4000 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:05:17.0625 4000 HTTP - ok
17:05:17.0843 4000 hwdatacard - ok
17:05:18.0046 4000 hwusbdev - ok
17:05:18.0171 4000 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:05:18.0171 4000 i2omgmt - ok
17:05:18.0265 4000 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:05:18.0265 4000 i2omp - ok
17:05:18.0406 4000 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:05:18.0406 4000 i8042prt - ok
17:05:18.0796 4000 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:05:19.0000 4000 ialm - ok
17:05:19.0140 4000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:05:19.0156 4000 Imapi - ok
17:05:19.0328 4000 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:05:19.0328 4000 ini910u - ok
17:05:19.0531 4000 INIDVD (5f798ff524694c54543a5735b1e87904) C:\WINDOWS\system32\DRIVERS\inidvd.sys
17:05:19.0531 4000 INIDVD - ok
17:05:19.0812 4000 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:05:19.0843 4000 IntcAzAudAddService - ok
17:05:20.0000 4000 IntelIde (027fe9b28fb0f861c181d25923b31e78) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:05:20.0000 4000 IntelIde - ok
17:05:20.0093 4000 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:05:20.0093 4000 intelppm - ok
17:05:20.0187 4000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:05:20.0187 4000 Ip6Fw - ok
17:05:20.0218 4000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:05:20.0218 4000 IpFilterDriver - ok
17:05:20.0328 4000 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:05:20.0328 4000 IpInIp - ok
17:05:20.0390 4000 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:05:20.0406 4000 IpNat - ok
17:05:20.0609 4000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:05:20.0609 4000 IPSec - ok
17:05:20.0687 4000 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
17:05:20.0703 4000 irda - ok
17:05:20.0781 4000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:05:20.0781 4000 IRENUM - ok
17:05:20.0875 4000 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:05:20.0875 4000 isapnp - ok
17:05:21.0062 4000 ivusb - ok
17:05:21.0156 4000 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:05:21.0156 4000 Kbdclass - ok
17:05:21.0250 4000 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:05:21.0250 4000 kmixer - ok
17:05:21.0453 4000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:05:21.0468 4000 KSecDD - ok
17:05:21.0625 4000 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:05:21.0625 4000 Lbd - ok
17:05:21.0843 4000 lbrtfdc - ok
17:05:22.0078 4000 LMImirr - ok
17:05:22.0281 4000 lv321av (8e983f827edab91baa424977c6efddee) C:\WINDOWS\system32\Drivers\lv321av.sys
17:05:22.0312 4000 lv321av - ok
17:05:22.0671 4000 lvmvdrv (5492f579ad7bf7dd61be35ad18ff0ad7) C:\WINDOWS\system32\drivers\lvmvdrv.sys
17:05:22.0718 4000 lvmvdrv - ok
17:05:22.0984 4000 LVPrcMon - ok
17:05:23.0171 4000 LVUSBSta (2a3a8361192de05de7d51d1f04f58b28) C:\WINDOWS\system32\drivers\lvusbsta.sys
17:05:23.0171 4000 LVUSBSta - ok
17:05:23.0296 4000 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:05:23.0296 4000 mdmxsdk - ok
17:05:23.0359 4000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:05:23.0359 4000 mnmdd - ok
17:05:23.0468 4000 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
17:05:23.0484 4000 Modem - ok
17:05:23.0531 4000 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:05:23.0531 4000 Mouclass - ok
17:05:23.0718 4000 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:05:23.0718 4000 mouhid - ok
17:05:23.0875 4000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:05:23.0875 4000 MountMgr - ok
17:05:24.0046 4000 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:05:24.0046 4000 mraid35x - ok
17:05:24.0156 4000 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:05:24.0156 4000 MRxDAV - ok
17:05:24.0437 4000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:05:24.0437 4000 Msfs - ok
17:05:24.0546 4000 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:05:24.0546 4000 MSKSSRV - ok
17:05:24.0609 4000 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:05:24.0625 4000 MSPCLOCK - ok
17:05:24.0750 4000 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:05:24.0750 4000 MSPQM - ok
17:05:24.0921 4000 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:05:24.0937 4000 mssmbios - ok
17:05:24.0984 4000 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:05:24.0984 4000 MSTEE - ok
17:05:25.0109 4000 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:05:25.0109 4000 Mup - ok
17:05:25.0187 4000 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:05:25.0187 4000 NABTSFEC - ok
17:05:25.0234 4000 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:05:25.0234 4000 NDIS - ok
17:05:25.0421 4000 NdisFilt (1f76996253071cbae0a5ab5d8551ef88) C:\WINDOWS\system32\Drivers\NdisFilt.sys
17:05:25.0421 4000 NdisFilt - ok
17:05:25.0546 4000 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:05:25.0546 4000 NdisIP - ok
17:05:25.0671 4000 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:05:25.0671 4000 NdisTapi - ok
17:05:25.0734 4000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:05:25.0734 4000 Ndisuio - ok
17:05:25.0765 4000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:05:25.0765 4000 NdisWan - ok
17:05:25.0843 4000 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:05:25.0843 4000 NDProxy - ok
17:05:25.0921 4000 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:05:25.0937 4000 NetBT - ok
17:05:26.0203 4000 NETMNT (6a25f27202f3122a44a6b74ee46e7a76) C:\WINDOWS\system32\DRIVERS\NETMNT.sys
17:05:26.0203 4000 NETMNT - ok
17:05:26.0312 4000 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:05:26.0312 4000 NIC1394 - ok
17:05:26.0421 4000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:05:26.0421 4000 Npfs - ok
17:05:26.0500 4000 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
17:05:26.0500 4000 NSCIRDA - ok
17:05:26.0593 4000 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:05:26.0609 4000 Ntfs - ok
17:05:26.0734 4000 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
17:05:26.0734 4000 NTIDrvr - ok
17:05:26.0765 4000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:05:26.0765 4000 Null - ok
17:05:26.0859 4000 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:05:26.0859 4000 NwlnkFlt - ok
17:05:26.0890 4000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:05:26.0890 4000 NwlnkFwd - ok
17:05:26.0953 4000 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:05:26.0953 4000 ohci1394 - ok
17:05:27.0140 4000 OsaFsLoc (26c4a4b64d1dd8e6fdfb2f4897be029c) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
17:05:27.0140 4000 OsaFsLoc - ok
17:05:27.0328 4000 osaio (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
17:05:27.0328 4000 osaio - ok
17:05:27.0515 4000 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
17:05:27.0515 4000 osanbm - ok
17:05:27.0578 4000 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
17:05:27.0578 4000 Parport - ok
17:05:27.0703 4000 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:05:27.0703 4000 PartMgr - ok
17:05:27.0750 4000 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:05:27.0765 4000 ParVdm - ok
17:05:27.0843 4000 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
17:05:27.0843 4000 PCI - ok
17:05:28.0046 4000 PCIDump - ok
17:05:28.0171 4000 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:05:28.0171 4000 PCIIde - ok
17:05:28.0250 4000 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:05:28.0250 4000 Pcmcia - ok
17:05:28.0453 4000 PDCOMP - ok
17:05:28.0656 4000 PDFRAME - ok
17:05:28.0859 4000 PDRELI - ok
17:05:29.0062 4000 PDRFRAME - ok
17:05:29.0203 4000 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:05:29.0203 4000 perc2 - ok
17:05:29.0359 4000 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:05:29.0359 4000 perc2hib - ok
17:05:29.0500 4000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:05:29.0500 4000 PptpMiniport - ok
17:05:29.0562 4000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:05:29.0562 4000 Ptilink - ok
17:05:29.0781 4000 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:05:29.0781 4000 PxHelp20 - ok
17:05:29.0921 4000 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:05:29.0921 4000 ql1080 - ok
17:05:30.0046 4000 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:05:30.0046 4000 Ql10wnt - ok
17:05:30.0187 4000 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:05:30.0187 4000 ql12160 - ok
17:05:30.0312 4000 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:05:30.0312 4000 ql1240 - ok
17:05:30.0453 4000 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:05:30.0453 4000 ql1280 - ok
17:05:30.0656 4000 RapportBuka - ok
17:05:30.0703 4000 RapportIaso - ok
17:05:30.0765 4000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:05:30.0765 4000 RasAcd - ok
17:05:30.0890 4000 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
17:05:30.0890 4000 Rasirda - ok
17:05:30.0937 4000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:05:30.0937 4000 Rasl2tp - ok
17:05:31.0015 4000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:05:31.0015 4000 RasPppoe - ok
17:05:31.0078 4000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:05:31.0078 4000 Raspti - ok
17:05:31.0125 4000 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:05:31.0125 4000 RDPCDD - ok
17:05:31.0187 4000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:05:31.0203 4000 rdpdr - ok
17:05:31.0328 4000 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:05:31.0328 4000 RDPWD - ok
17:05:31.0531 4000 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:05:31.0531 4000 redbook - ok
17:05:31.0640 4000 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
17:05:31.0640 4000 RFCOMM - ok
17:05:31.0656 4000 rpcapd - ok
17:05:31.0906 4000 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:05:31.0906 4000 s24trans - ok
17:05:31.0968 4000 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
17:05:31.0968 4000 sbp2port - ok
17:05:32.0203 4000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:05:32.0203 4000 Secdrv - ok
17:05:32.0296 4000 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:05:32.0296 4000 serenum - ok
17:05:32.0421 4000 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
17:05:32.0421 4000 Serial - ok
17:05:32.0609 4000 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:05:32.0609 4000 Sfloppy - ok
17:05:32.0843 4000 Simbad - ok
17:05:33.0031 4000 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:05:33.0031 4000 sisagp - ok
17:05:33.0078 4000 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:05:33.0078 4000 SLIP - ok
17:05:33.0187 4000 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:05:33.0187 4000 Sparrow - ok
17:05:33.0265 4000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:05:33.0265 4000 splitter - ok
17:05:33.0359 4000 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
17:05:33.0359 4000 sr - ok
17:05:33.0437 4000 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:05:33.0437 4000 streamip - ok
17:05:33.0609 4000 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:05:33.0609 4000 swenum - ok
17:05:33.0718 4000 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:05:33.0718 4000 swmidi - ok
17:05:33.0890 4000 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:05:33.0890 4000 symc810 - ok
17:05:34.0015 4000 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:05:34.0015 4000 symc8xx - ok
17:05:34.0140 4000 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:05:34.0140 4000 sym_hi - ok
17:05:34.0281 4000 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:05:34.0281 4000 sym_u3 - ok
17:05:34.0406 4000 SynTP (a63401d180863a2cefce51798542ae5f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:05:34.0406 4000 SynTP - ok
17:05:34.0625 4000 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:05:34.0625 4000 sysaudio - ok
17:05:34.0765 4000 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:05:34.0781 4000 Tcpip - ok
17:05:34.0906 4000 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:05:34.0906 4000 TDPIPE - ok
17:05:35.0031 4000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:05:35.0031 4000 TDTCP - ok
17:05:35.0218 4000 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:05:35.0218 4000 TermDD - ok
17:05:35.0343 4000 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
17:05:35.0343 4000 tifm21 - ok
17:05:35.0406 4000 TosIde (b5cee774da04340c6f4c0fd14286a50e) C:\WINDOWS\system32\DRIVERS\toside.sys
17:05:35.0406 4000 TosIde - ok
17:05:35.0546 4000 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
17:05:35.0546 4000 UBHelper - ok
17:05:35.0718 4000 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:05:35.0734 4000 Udfs - ok
17:05:35.0875 4000 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:05:35.0875 4000 ultra - ok
17:05:36.0015 4000 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:05:36.0031 4000 Update - ok
17:05:36.0343 4000 USBAAPL - ok
17:05:36.0484 4000 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:05:36.0484 4000 usbaudio - ok
17:05:36.0593 4000 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:05:36.0609 4000 usbccgp - ok
17:05:36.0781 4000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:05:36.0781 4000 usbehci - ok
17:05:36.0921 4000 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:05:36.0921 4000 usbhub - ok
17:05:37.0062 4000 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:05:37.0062 4000 usbprint - ok
17:05:37.0203 4000 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:05:37.0218 4000 usbscan - ok
17:05:37.0359 4000 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:05:37.0359 4000 USBSTOR - ok
17:05:37.0578 4000 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:05:37.0578 4000 usbuhci - ok
17:05:37.0687 4000 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:05:37.0687 4000 VgaSave - ok
17:05:37.0859 4000 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:05:37.0875 4000 viaagp - ok
17:05:38.0000 4000 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:05:38.0000 4000 ViaIde - ok
17:05:38.0171 4000 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
17:05:38.0187 4000 VolSnap - ok
17:05:38.0359 4000 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\WINDOWS\system32\DRIVERS\vpnva.sys
17:05:38.0359 4000 vpnva - ok
17:05:39.0421 4000 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
17:05:39.0437 4000 vsdatant - ok
17:05:39.0687 4000 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
17:05:39.0718 4000 w39n51 - ok
17:05:39.0984 4000 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:05:39.0984 4000 Wanarp - ok
17:05:40.0171 4000 WDC_SAM - ok
17:05:40.0375 4000 WDICA - ok
17:05:40.0531 4000 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:05:40.0531 4000 wdmaud - ok
17:05:40.0671 4000 winachsf (e0a00b06ea067c84e124b407dffa1af1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:05:40.0671 4000 winachsf - ok
17:05:40.0968 4000 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:05:40.0968 4000 WmiAcpi - ok
17:05:41.0062 4000 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:05:41.0062 4000 WS2IFSL - ok
17:05:41.0234 4000 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:05:41.0234 4000 WSTCODEC - ok
17:05:41.0453 4000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:05:41.0453 4000 WudfPf - ok
17:05:41.0656 4000 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:05:41.0656 4000 WudfRd - ok
17:05:41.0812 4000 MBR (0x1B8) (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0
17:05:41.0968 4000 \Device\Harddisk0\DR0 - ok
17:05:41.0984 4000 Boot (0x1200) (eb19c8eff43009c32007bb992f2a4911) \Device\Harddisk0\DR0\Partition0
17:05:41.0984 4000 \Device\Harddisk0\DR0\Partition0 - ok
17:05:41.0984 4000 ============================================================
17:05:41.0984 4000 Scan finished
17:05:41.0984 4000 ============================================================
17:05:42.0015 3276 Detected object count: 0
17:05:42.0015 3276 Actual detected object count: 0



2) AswMBR:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-22 17:07:24
-----------------------------
17:07:24.750 OS Version: Windows 5.1.2600 Service Pack 3
17:07:24.765 Number of processors: 2 586 0xE08
17:07:24.765 ComputerName: LEVIATHAN UserName: Leviathan
17:07:25.562 Initialize success
17:10:35.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:10:35.203 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC7KP Size: 114473MB BusType: 3
17:10:35.562 Disk 0 MBR read successfully
17:10:35.578 Disk 0 MBR scan
17:10:35.578 Disk 0 unknown MBR code
17:10:35.593 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSWIN4.1 114470 MB offset 63
17:10:35.593 Disk 0 scanning sectors +234436545
17:10:35.671 Disk 0 scanning C:\WINDOWS\system32\drivers
17:10:41.296 Service scanning
17:10:54.359 Modules scanning
17:10:59.453 Disk 0 trace - called modules:
17:10:59.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:10:59.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b058ab8]
17:10:59.484 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\00000093[0x8b05b9e8]
17:10:59.484 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b02b940]
17:10:59.484 Scan finished successfully
17:11:31.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Leviathan\Desktop\Bleeping\5 AswMBR\MBR.dat"
17:11:31.875 The log file has been saved successfully to "C:\Documents and Settings\Leviathan\Desktop\Bleeping\5 AswMBR\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 22 February 2012 - 11:20 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
c:\windows\system32\drivers\orycisx.sys

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Ipsagogique

Ipsagogique
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 22 February 2012 - 11:41 AM

Hi Gringo. Here is the log.
Thanks, I.

ComboFix 12-02-22.01 - Leviathan 22/02/2012 17.28.14.2.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2038.1346 [GMT 1:00]
Eseguito da: c:\documents and settings\Leviathan\Desktop\Bleeping\3 Combofix\ComboFix.exe
Opzioni usate :: c:\documents and settings\Leviathan\Desktop\Bleeping\3 Combofix\CFScript (drag on Combofix).txt
.
FILE ::
"c:\windows\system32\drivers\orycisx.sys"
.
.
((((((((((((((((((((((((( Files Creati Da 2012-01-22 al 2012-02-22 )))))))))))))))))))))))))))))))))))
.
.
2012-02-22 15:08 . 2012-02-22 15:08 -------- d-----w- C:\FOUND.000
2012-02-21 03:00 . 2012-02-21 03:00 -------- d-----w- c:\documents and settings\Leviathan\Dati applicazioni\Malwarebytes
2012-02-20 22:31 . 2012-02-20 22:31 -------- d-----w- c:\documents and settings\Leviathan\Dati applicazioni\dvdcss
2012-02-17 20:58 . 2012-02-17 20:58 -------- d-----w- c:\documents and settings\Leviathan\Impostazioni locali\Dati applicazioni\Mozilla
2012-02-16 19:05 . 2012-02-16 19:05 -------- d-----w- c:\documents and settings\Leviathan\Dati applicazioni\vlc
2012-02-16 18:07 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-16 18:05 . 2011-07-15 13:29 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-16 18:05 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-02-16 18:05 . 2009-11-21 15:54 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2012-02-16 18:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-16 18:02 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-16 18:02 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2012-02-16 18:02 . 2009-10-15 16:29 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2012-02-16 18:02 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2012-02-16 18:02 . 2009-03-06 14:19 286208 ------w- c:\windows\system32\dllcache\pdh.dll
2012-02-16 18:02 . 2009-02-09 11:22 111104 ------w- c:\windows\system32\dllcache\services.exe
2012-02-16 18:02 . 2009-02-09 10:51 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2012-02-16 18:02 . 2009-02-09 10:51 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2012-02-16 18:02 . 2009-02-09 10:51 683520 ------w- c:\windows\system32\dllcache\advapi32.dll
2012-02-16 18:02 . 2009-02-09 10:51 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-02-16 18:00 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-16 18:00 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-02-16 17:58 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2012-02-16 17:44 . 2008-10-15 16:36 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2012-02-16 17:41 . 2010-12-09 15:15 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
2012-02-16 17:41 . 2010-07-16 12:02 221696 ------w- c:\windows\system32\dllcache\wordpad.exe
2012-02-16 17:41 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-16 17:39 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-02-16 17:38 . 2010-08-16 08:44 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-16 02:41 . 2012-02-16 02:41 -------- d-----w- c:\programmi\Nightly
2012-02-15 22:41 . 2012-02-15 22:41 -------- d-----w- c:\programmi\Mozilla Maintenance Service
2012-02-15 22:41 . 2012-02-15 22:41 -------- d-----w- c:\programmi\Aurora
2012-02-15 22:04 . 2012-02-15 22:04 -------- d-----w- c:\documents and settings\Leviathan\Impostazioni locali\Dati applicazioni\Western Digital
2012-02-15 21:32 . 2012-02-15 21:32 -------- d-----w- C:\FOUND.046
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 13:13 . 2008-01-03 16:13 90112 ----a-w- c:\windows\DUMP900b.tmp
2012-01-21 16:02 . 2012-01-21 16:01 54016 ----a-w- c:\windows\system32\drivers\orycisx.sys
2012-01-12 17:20 . 2004-08-19 04:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:43 . 2004-08-19 04:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:43 . 2004-08-19 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:43 . 2004-08-19 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-19 04:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-07 21:01 . 2008-01-03 16:13 90112 ----a-w- c:\windows\DUMP90c6.tmp
2011-11-25 21:57 . 2004-08-19 04:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2007-08-09 12:08 . 2008-04-15 17:30 8784 ----a-w- c:\programmi\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 12:10 . 2008-04-15 17:30 245408 ----a-w- c:\programmi\mozilla firefox\plugins\unicows.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\usp10.dll
[7] 2008-04-13 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-04-29 . 74A36A6F9827CE0A6F3F454174850F0E . 424960 . . [1.0473.4067.15] . . c:\windows\system32\USP10.DLL
[-] 2004-04-29 . 74A36A6F9827CE0A6F3F454174850F0E . 424960 . . [1.0473.4067.15] . . c:\windows\system32\dllcache\USP10.DLL
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 3080192]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 344064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6924:TCP"= 6924:TCP:*:Disabled:spport
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [03/08/2010 16.52.15 64288]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\programmi\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [17/12/2009 15.32.32 497856]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [03/01/2008 17.28.15 1088896]
S1 RapportBuka;RapportBuka;\??\c:\windows\system32\drivers\RapportBuka.sys --> c:\windows\system32\drivers\RapportBuka.sys [?]
S2 gsensor;gsensor;\??\c:\windows\system32\gsensor.sys --> c:\windows\system32\gsensor.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [04/09/2010 17.01.10 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\programmi\Lavasoft\Ad-Aware\AAWService.exe" --> c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [?]
S2 OODefrag;O&O Defrag;c:\windows\system32\oodag.exe [08/02/2002 12.15.20 263168]
S2 r_server;Remote Administrator Service;"c:\windows\system32\r_server.exe" /service --> c:\windows\system32\r_server.exe [?]
S3 cpudrv;cpudrv;c:\programmi\SystemRequirementsLab\cpudrv.sys [18/12/2009 10.58.52 11336]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [04/09/2010 17.01.10 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [12/09/2009 18.36.58 7936]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [15/02/2012 23.41.52 112584]
S3 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\dati applicazioni\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys --> c:\documents and settings\all users\dati applicazioni\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-09-04 16:00]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-09-04 16:00]
.
2011-11-03 c:\windows\Tasks\wavepadShakeIcon.job
- c:\programmi\NCH Software\WavePad\wavepad.exe [2011-10-24 22:59]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1602300135-1746665282-2610616225-1005Core1ccdf8293368cb0.job
- c:\documents and settings\Leviathan\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-06-30 13:18]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: univ-tours.fr\www.bvh
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\documents and settings\Leviathan\Dati applicazioni\Mozilla\Firefox\Profiles\avvp9oq9.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-22 17:34
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ||9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|.|9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG04.00.00.01SERVER"="7F132672F31ADA2D9611AE5C7FA13D32C03196ED919F618BEC61D95447E9DCC4A01D66B45B3F924B428C288A9CF82799B042678F2A4BC760AB7B72B60A0BBC508A7A9D3803994F67C86D8AAA50C77B575BE1CA2D23D878F2584D4922EE130B3775A3827B8FD7A8D9477D1C14B6DBEE6B61CBB417AA5BE50BBC2619FE5BEE962A6D16FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A6171C11EC38DE3DA6A0AC4980AC7933B5D6B2A5A2A95BFD19F56AE25493033C77C7F280BAE32EDD3E4423C1433F38F820606E5B8EFD6B2F468278470273B480C895F51F33BC31B5FB9C598E142884D08BE0D6CB7F1F7E1CEBA934AD083298B8900BE6C39FA6BCC87D3A09080997DA279F80151EA0AC54A8FC2CF91EECD93579B0A07AF684B13A0031F1DADA44C82AD0F70C663DD02A7F3B646DBCE4EB56E0DBFDF5F3061CD46542FA3908F21CDCB4A925729859220267417EF8819375F9477C434BB083516CD07EB1ABE00398568F912BC812645B00C6A81DF95F7CAC7A687BBE089D42C4345F2620874902F71C24E881464B167653AB6604C18638687098FC23343C5ECBD0CA2F8530B62A2BF9B19815C54E6A2391F8F06CC4B723355AFE2B167F24B16E461F13152C3778D81F480945493D9EC2B265C4839C465D529718B230BB00DFE881BE4F75276730D91FCE2AE5F2CBB7EC93FBE16B859C4BB2EF324281DD8B4DACCF5C65C0EEFB56BC727E6E3F0CC27B6BF31C4BB7E0B815FE0C72118A009B22DDE283DB88F6BB364072E5CC8D7FFC76BCF7F609F2B4ABA612F85055C260164DD3520EBB4D5681DDDC5F653F015DECF593A895A598271930FA27184D13E0F37F1D182D1208C83E9EBBDDB3443E59158ED6F2D0321A073D25FDED6839D907C4AC7892E7F0A1AAF38FB873DAE05BCB8E972026D7C15CC5623F9185355D68FC2A0F5C04946FFA02B989E60D3897E5B0852BBE772EEBB9F5EBF9628CC7040691DAA3EE13E1A467F23B2B8BF7FD77DCA8B928B57FAACC7D534E15D0033A776CB4202B8EC94FB02BCAB8589E6AB10C357580343AB87683693891146E4EFC0AC87DD82CCA9632B204F503B5CFF92CE8D6804133370691333227D5C08338D30F3EA6F8ED684D32D22189842C7FA11CA41D5678534BAACF8502454AA60B6ED5E0620C84FD60224E39A2BBB56C44C204DA59A4B680C94FD4A3755AB41536036F5A3EB1952FDE305593A2E627E7669FB8294EC120F0B87E9EBF1CD26EA1E669615D523B5C144477EC152A8A7C53635FE2B234A46C1AD2AB7B0BFC41E424B47DBDCE0EF4998826D70EF03A49EBA96E8D831DB7E76837062B0C3E8FD998B7ECF96C96D8CB25A6CB99856244E942AA6A996994784D75C8F4B2C8954275A0BC0D82"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(1716)
c:\windows\system32\WININET.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\acer\Empowering Technology\admServ.exe
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\LEVIAT~1\IMPOST~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Ora fine scansione: 2012-02-22 17:37:31 - Il pc stato riavviato
ComboFix-quarantined-files.txt 2012-02-22 16:37
ComboFix2.txt 2012-02-22 15:23
.
Pre-Run: 99.292.741.632 byte disponibili
Post-Run: 99.267.837.952 byte disponibili
.
- - End Of File - - 0B1F95A210913737671C6016E89D9095

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 22 February 2012 - 11:56 AM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Ipsagogique

Ipsagogique
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 22 February 2012 - 12:24 PM

Dear Gringo, here are the logs.
Thanks, I.

1) MBAM:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.22.03

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Leviathan :: LEVIATHAN [administrator]

22/02/2012 18.12.46
mbam-log-2012-02-22 (18-12-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223927
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


2) HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18.21.25, on 22/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\DOCUME~1\LEVIAT~1\IMPOST~1\Temp\RtkBtMnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Nightly\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.bvh.univ-tours.fr
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\DOCUME~1\LEVIAT~1\IMPOST~1\TEMP\WZSE3.TMP\INSTAL~1.EXE (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programmi\WinPcap\rpcapd.exe (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Programmi\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 7577 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 22 February 2012 - 12:52 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Ipsagogique

Ipsagogique
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 22 February 2012 - 03:22 PM

Dear Gringo,

Here are the results. I have not yet closed the ESET online scanner.

C:\Programmi\FoxTabFLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application
C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Win32/Olmarik.AJL trojan

Thanks, I.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 22 February 2012 - 04:35 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Programmi\FoxTabFLVPlayer\FLVPlayer.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Ipsagogique

Ipsagogique
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 22 February 2012 - 08:33 PM

Dear Gringo,

Thank you very much for all your help. Everything now seems working fine. I'll get back if anything happens in the next few days.

Thank you again,
Ipsagogique

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 23 February 2012 - 07:55 AM

you are more than welcome and glad I was able to help


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 26 February 2012 - 12:48 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users