Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dts-search results infection


  • This topic is locked This topic is locked
15 replies to this topic

#1 benja8151

benja8151

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 02 December 2012 - 06:11 AM

Hey, I am new to this forum and I see you have a great way to deal with problems on computer. So, I have a Windows XP sp1 laptop, probably 7 years old which I use just for easy tasks, but dts search is really slowing it down. I've looked for some instructions on removing it, but ultimately the best option is just to ask an expert to help. I've seen a post about this problem on BC forums before, but I would imagine the way to remove the infection is a bit different from one PC to another.

Thanks for your help!

So, here are my logs:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Benjamin at 12:02:26 on 2012-12-02
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.1022.317 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\OpenManage\OMCC\iws\bin\win32\omaws32.exe
C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Dell\OpenManage\OMCC\oma\bin\omsad32.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.sweetim.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\windows ilivid toolbar\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - c:\program files\windows ilivid toolbar\datamngr\BrowserConnection.dll
BHO: SweetIM Toolbar Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\windows ilivid toolbar\datamngr\toolbar\searchqudtx.dll
TB: SweetIM Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\benjamin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [GC75-Manager-Class] "c:\program files\dell truemobile 5100\GPRSMgr.exe" -startup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DATAMNGR] c:\progra~1\window~4\datamngr\DATAMN~1.EXE
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [RemoteControl11] c:\program files\cyberlink\powerdvd11\PDVD11Serv.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\dell\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{36D8EC59-F99E-4F29-BDBA-43935ADDA045} : DHCPNameServer = 192.168.1.1
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\btxppanel.dll
Notify: Antiwpa - antiwpa.dll
Notify: igfxcui - igfxdev.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
AppInit_DLLs= c:\progra~1\window~4\datamngr\datamngr.dll c:\progra~1\window~4\datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\benjamin\application data\mozilla\firefox\profiles\hugl268y.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.si/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\benjamin\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-3-25 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-6 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-6 337880]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/11/26 18:22:58];c:\program files\cyberlink\powerdvd11\common\navfilter\000.fcl [2011-9-16 77296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-6 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-6 44768]
R2 ccadmin;Client Connector Administrator;c:\program files\dell\openmanage\omcc\iws\bin\win32\omaws32.exe [2005-1-20 41076]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\CLHNServiceForPowerDVD.exe [2011-11-26 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSMonitorService.exe [2011-11-26 75048]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSServerForPDVD11.exe [2011-11-26 292136]
R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\ntk_PowerDVD.sys [2011-11-26 71664]
R2 omccomsad;OMCC OM Common Services;c:\program files\dell\openmanage\omcc\oma\bin\omsad32.exe [2005-1-20 28794]
R3 dcdbas;System Management Driver;c:\windows\system32\drivers\dcdbas32.sys [2009-10-19 26624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-12-02 10:34:45 -------- d-----w- c:\documents and settings\benjamin\application data\DriverCure
2012-12-02 10:34:44 -------- d-----w- c:\documents and settings\benjamin\application data\SpeedyPC Software
2012-12-02 10:33:56 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
.
==================== Find3M ====================
.
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 12:03:10,20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 02 December 2012 - 03:58 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 benja8151

benja8151
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 02 December 2012 - 04:27 PM

Thanks for reply, I tried to do it as quickly as possible, but the shutdown takes a few minutes, maybe it's connected to the original problem. Startup is ok though.

Here are the reports:
checkup.txt
Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (8.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


AdwCleaner[S1]
# AdwCleaner v2.011 - Logfile created 12/02/2012 at 22:04:42
# Updated 02/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Benjamin - BENJAMIN-LAPTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Benjamin\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\SweetIM
File Deleted : C:\DOCUME~1\Benjamin\LOCALS~1\Temp\Searchqu.ini
File Deleted : C:\DOCUME~1\Benjamin\LOCALS~1\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\DOCUME~1\Benjamin\LOCALS~1\Temp\SetupDataMngr_Searchqu.exe
File Deleted : C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\hugl268y.default\searchplugins\Search_Results.xml
File Deleted : C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\hugl268y.default\searchplugins\SweetIm.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Deleted : C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\hugl268y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Deleted : C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\hugl268y.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Folder Deleted : C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\hugl268y.default\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\Benjamin\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Benjamin\Application Data\Searchqutoolbar
Folder Deleted : C:\Program Files\Windows iLivid Toolbar

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\WINDOW~4\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\searchqutoolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Key Deleted : HKLM\Software\SearchquMediabarTb
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com

-\\ Mozilla Firefox v8.0.1 (sl)

Profile name : default
File : C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\hugl268y.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "SweetIM Search");
Deleted : user_pref("browser.search.order.1", "Search Results");
Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search Results");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Search Results");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.searchqu.com/406");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");

-\\ Google Chrome v23.0.1271.95

File : C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.56] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=102&systemid=406&sr=0&q={searchT[...]

*************************

AdwCleaner[S1].txt - [9625 octets] - [02/12/2012 22:04:42]

########## EOF - C:\AdwCleaner[S1].txt - [9685 octets] ##########


RKreport[2]_D_12022012_02d2221.txt
RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Benjamin [Admin rights]
Mode : Remove -- Date : 12/02/2012 22:21:48

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHV2060AH +++++
--- User ---
[MBR] 392e808cbfdc6a11f62e67439e73419c
[BSP] 41fe7b01133f322b8a70d8e74f5891a0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 56227 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12022012_02d2221.txt >>
RKreport[1]_S_12022012_02d2221.txt ; RKreport[2]_D_12022012_02d2221.txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 02 December 2012 - 05:39 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 benja8151

benja8151
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 02 December 2012 - 06:06 PM

I had no problems, I just had to install the recovery console, no reboot was needed while performing the ComboFix. I see no changes to the computer, atleast the dts search results are still on my laptop and they are cutting off my RAM - I am getting the "virtual memory too low" pop-ups after some time with computer running (I supposed you had known about the behaviour of that infection so I didn't wrote that before).

log.txt:
ComboFix 12-12-02.01 - Benjamin 02.12.2012 23:52:23.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.1022.600 [GMT 1:00]
Running from: c:\documents and settings\Benjamin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{F232C87C-6E92-4775-8210-DFE90B7777D9}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{F232C87C-6E92-4775-8210-DFE90B7777D9}\Setup.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\SET67.tmp
c:\windows\system32\SET68.tmp
c:\windows\system32\SET69.tmp
c:\windows\system32\SET6D.tmp
c:\windows\system32\SET6E.tmp
c:\windows\system32\SET6F.tmp
c:\windows\system32\SET73.tmp
c:\windows\system32\SET75.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
.
.
2012-12-02 10:34 . 2012-12-02 10:34 -------- d-----w- c:\documents and settings\Benjamin\Application Data\DriverCure
2012-12-02 10:34 . 2012-12-02 10:34 -------- d-----w- c:\documents and settings\Benjamin\Application Data\SpeedyPC Software
2012-12-02 10:33 . 2012-12-02 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:37 . 2008-04-13 23:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2008-04-14 03:42 58368 ----a-w- c:\windows\system32\synceng.dll
2011-11-21 04:45 . 2011-11-23 05:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"GC75-Manager-Class"="c:\program files\Dell TrueMobile 5100\GPRSMgr.exe" [2004-03-26 721017]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 86016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-09-14 230696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-26 561213]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-06-20 05:03 110592 ----a-w- c:\windows\system32\LgNotify.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\PowerDVD11.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\PDVD11Serv.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\Common\\MediaServer\\CLMSServerForPDVD11.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [25.3.2012 18:37 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6.10.2011 17:17 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.10.2011 17:17 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.10.2011 17:17 20696]
R2 ccadmin;Client Connector Administrator;c:\program files\Dell\OpenManage\OMCC\iws\bin\win32\omaws32.exe [20.1.2005 16:37 41076]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [26.11.2011 18:20 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [26.11.2011 18:20 75048]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [26.11.2011 18:20 292136]
R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [26.11.2011 18:21 71664]
R2 omccomsad;OMCC OM Common Services;c:\program files\Dell\OpenManage\OMCC\oma\bin\omsad32.exe [20.1.2005 16:32 28794]
R3 dcdbas;System Management Driver;c:\windows\system32\drivers\dcdbas32.sys [19.10.2009 8:10 26624]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1708537768-1202660629-1003Core.job
- c:\documents and settings\Benjamin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-01 14:17]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1708537768-1202660629-1003UA.job
- c:\documents and settings\Benjamin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-01 14:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\hugl268y.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.si/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-02 23:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\antiwpa.dll
c:\windows\system32\LgNotify.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-12-02 23:58:58
ComboFix-quarantined-files.txt 2012-12-02 22:58
.
Pre-Run: 40.008.208.384 bytes free
Post-Run: 41.143.336.960 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 93596BBF7ECBD27277FD29FE3080085C

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 02 December 2012 - 06:39 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 benja8151

benja8151
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 02 December 2012 - 06:54 PM

Hello again.

TDSSKiller found no infections, I also haven't seen aswMBR to have any real work.

TDSSKiller log
00:41:25.0711 3872 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:41:25.0911 3872 ============================================================
00:41:25.0911 3872 Current date / time: 2012/12/03 00:41:25.0911
00:41:25.0911 3872 SystemInfo:
00:41:25.0911 3872
00:41:25.0911 3872 OS Version: 5.1.2600 ServicePack: 3.0
00:41:25.0911 3872 Product type: Workstation
00:41:25.0911 3872 ComputerName: BENJAMIN-LAPTOP
00:41:25.0911 3872 UserName: Benjamin
00:41:25.0911 3872 Windows directory: C:\WINDOWS
00:41:25.0911 3872 System windows directory: C:\WINDOWS
00:41:25.0911 3872 Processor architecture: Intel x86
00:41:25.0911 3872 Number of processors: 1
00:41:25.0911 3872 Page size: 0x1000
00:41:25.0911 3872 Boot type: Normal boot
00:41:25.0911 3872 ============================================================
00:41:27.0874 3872 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:41:27.0894 3872 ============================================================
00:41:27.0894 3872 \Device\Harddisk0\DR0:
00:41:27.0894 3872 MBR partitions:
00:41:27.0894 3872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6DD1BC1
00:41:27.0894 3872 ============================================================
00:41:27.0934 3872 C: <-> \Device\Harddisk0\DR0\Partition1
00:41:27.0934 3872 ============================================================
00:41:27.0934 3872 Initialize success
00:41:27.0934 3872 ============================================================
00:41:36.0296 3868 ============================================================
00:41:36.0296 3868 Scan started
00:41:36.0296 3868 Mode: Manual;
00:41:36.0306 3868 ============================================================
00:41:36.0707 3868 ================ Scan system memory ========================
00:41:37.0658 3868 System memory - ok
00:41:37.0668 3868 ================ Scan services =============================
00:41:37.0798 3868 [ 473F97EDC5A5312F3665AB2921196C0C ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
00:41:37.0798 3868 Aavmker4 - ok
00:41:37.0818 3868 Abiosdsk - ok
00:41:37.0828 3868 abp480n5 - ok
00:41:37.0858 3868 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:41:37.0868 3868 ACPI - ok
00:41:37.0918 3868 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
00:41:37.0918 3868 ACPIEC - ok
00:41:37.0928 3868 adpu160m - ok
00:41:37.0978 3868 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:41:37.0978 3868 aec - ok
00:41:38.0018 3868 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:41:38.0028 3868 AFD - ok
00:41:38.0038 3868 Aha154x - ok
00:41:38.0058 3868 aic78u2 - ok
00:41:38.0068 3868 aic78xx - ok
00:41:38.0109 3868 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:41:38.0109 3868 Alerter - ok
00:41:38.0139 3868 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
00:41:38.0139 3868 ALG - ok
00:41:38.0159 3868 AliIde - ok
00:41:38.0169 3868 amsint - ok
00:41:38.0219 3868 [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
00:41:38.0219 3868 ApfiltrService - ok
00:41:38.0289 3868 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
00:41:38.0289 3868 APPDRV - ok
00:41:38.0369 3868 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:41:38.0379 3868 Apple Mobile Device - ok
00:41:38.0429 3868 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:41:38.0439 3868 AppMgmt - ok
00:41:38.0479 3868 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:41:38.0479 3868 Arp1394 - ok
00:41:38.0489 3868 asc - ok
00:41:38.0499 3868 asc3350p - ok
00:41:38.0519 3868 asc3550 - ok
00:41:38.0649 3868 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
00:41:38.0659 3868 aspnet_state - ok
00:41:38.0709 3868 [ 0AE43C6C411254049279C2EE55630F95 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
00:41:38.0709 3868 aswFsBlk - ok
00:41:38.0759 3868 [ 81E695913FEFD4E23360A69C0F151797 ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
00:41:38.0759 3868 aswKbd - ok
00:41:38.0780 3868 [ 8C30B7DDD2F1D8D138EBE40345AF2B11 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
00:41:38.0790 3868 aswMon2 - ok
00:41:38.0820 3868 [ DA12626FD9A67F4E917E2F2FBE1E1764 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
00:41:38.0820 3868 aswRdr - ok
00:41:38.0890 3868 [ DCB199B967375753B5019EC15F008F53 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
00:41:38.0940 3868 aswSnx - ok
00:41:38.0980 3868 [ B32873E5A1443C0A1E322266E203BF10 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
00:41:39.0000 3868 aswSP - ok
00:41:39.0020 3868 [ 6FF544175A9180C5D88534D3D9C9A9F7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
00:41:39.0020 3868 aswTdi - ok
00:41:39.0080 3868 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:41:39.0090 3868 AsyncMac - ok
00:41:39.0100 3868 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:41:39.0110 3868 atapi - ok
00:41:39.0120 3868 Atdisk - ok
00:41:39.0140 3868 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:41:39.0140 3868 Atmarpc - ok
00:41:39.0180 3868 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:41:39.0180 3868 AudioSrv - ok
00:41:39.0220 3868 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:41:39.0220 3868 audstub - ok
00:41:39.0320 3868 [ 4041D31508A2A084DFB42C595854090F ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
00:41:39.0320 3868 avast! Antivirus - ok
00:41:39.0360 3868 [ 7D465549DFB0ECA6601E9609C72CD20A ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
00:41:39.0360 3868 avast! Firewall - ok
00:41:39.0410 3868 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:41:39.0410 3868 Beep - ok
00:41:39.0481 3868 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
00:41:39.0531 3868 BITS - ok
00:41:39.0581 3868 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
00:41:39.0581 3868 Browser - ok
00:41:39.0591 3868 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
00:41:39.0601 3868 BthEnum - ok
00:41:39.0651 3868 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
00:41:39.0651 3868 BthPan - ok
00:41:39.0721 3868 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
00:41:39.0731 3868 BTHPORT - ok
00:41:39.0781 3868 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
00:41:39.0781 3868 BthServ - ok
00:41:39.0821 3868 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
00:41:39.0821 3868 BTHUSB - ok
00:41:39.0921 3868 [ D5623A2AEE031AC1AD0635B25940622D ] BTKRNL C:\WINDOWS\system32\drivers\btkrnl.sys
00:41:39.0991 3868 BTKRNL - ok
00:41:40.0051 3868 [ E49AEF45C3D7FCE95B58FAFA27E2D1F2 ] btwdins C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
00:41:40.0071 3868 btwdins - ok
00:41:40.0101 3868 [ E3517D21AB97BACEA222E32629722047 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
00:41:40.0101 3868 BTWUSB - ok
00:41:40.0121 3868 bvrp_pci - ok
00:41:40.0212 3868 catchme - ok
00:41:40.0252 3868 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:41:40.0252 3868 cbidf2k - ok
00:41:40.0322 3868 [ 313D5ED3F8C41CFC92007D09C42C93D7 ] ccadmin C:\Program Files\Dell\OpenManage\OMCC\iws\bin\win32\omaws32.exe
00:41:40.0332 3868 ccadmin - ok
00:41:40.0342 3868 cd20xrnt - ok
00:41:40.0382 3868 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:41:40.0382 3868 Cdaudio - ok
00:41:40.0512 3868 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:41:40.0512 3868 Cdfs - ok
00:41:40.0542 3868 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:41:40.0552 3868 Cdrom - ok
00:41:40.0562 3868 Changer - ok
00:41:40.0602 3868 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
00:41:40.0602 3868 CiSvc - ok
00:41:40.0682 3868 [ 43F2E10C73F8B9119AD396830A264FD3 ] CLHNServiceForPowerDVD C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
00:41:40.0692 3868 CLHNServiceForPowerDVD - ok
00:41:40.0722 3868 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:41:40.0722 3868 ClipSrv - ok
00:41:40.0802 3868 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:41:40.0802 3868 clr_optimization_v4.0.30319_32 - ok
00:41:40.0852 3868 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:41:40.0852 3868 CmBatt - ok
00:41:40.0863 3868 CmdIde - ok
00:41:40.0923 3868 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:41:40.0923 3868 Compbatt - ok
00:41:40.0943 3868 COMSysApp - ok
00:41:40.0963 3868 Cpqarray - ok
00:41:40.0993 3868 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:41:40.0993 3868 CryptSvc - ok
00:41:41.0023 3868 [ A5809B65F018A42AFE8847135C124B0D ] CyberLink PowerDVD 11.0 Monitor Service C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
00:41:41.0033 3868 CyberLink PowerDVD 11.0 Monitor Service - ok
00:41:41.0073 3868 [ 1E3BF6BCECD39809546F3C161E293DA2 ] CyberLink PowerDVD 11.0 Service C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
00:41:41.0083 3868 CyberLink PowerDVD 11.0 Service - ok
00:41:41.0093 3868 dac2w2k - ok
00:41:41.0113 3868 dac960nt - ok
00:41:41.0163 3868 [ 7FB585EAAE8C3811571CD169397E7732 ] dcdbas C:\WINDOWS\system32\DRIVERS\dcdbas32.sys
00:41:41.0163 3868 dcdbas - ok
00:41:41.0233 3868 [ 34D4951820B884EB02AFE79A229AF4FD ] dcevt32 C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
00:41:41.0243 3868 dcevt32 - ok
00:41:41.0313 3868 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:41:41.0353 3868 DcomLaunch - ok
00:41:41.0383 3868 [ 35BABD3736B6BCCEC15F1CCDCB6EE5D3 ] dcstor32 C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
00:41:41.0393 3868 dcstor32 - ok
00:41:41.0423 3868 [ D74DE7755676C65567F65A3B2D16E8BF ] DFUBTUSB C:\WINDOWS\system32\Drivers\frmupgr.sys
00:41:41.0423 3868 DFUBTUSB - ok
00:41:41.0473 3868 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:41:41.0483 3868 Dhcp - ok
00:41:41.0513 3868 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:41:41.0513 3868 Disk - ok
00:41:41.0533 3868 dmadmin - ok
00:41:41.0614 3868 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:41:41.0664 3868 dmboot - ok
00:41:41.0684 3868 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:41:41.0694 3868 dmio - ok
00:41:41.0744 3868 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:41:41.0754 3868 dmload - ok
00:41:41.0774 3868 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
00:41:41.0784 3868 dmserver - ok
00:41:41.0814 3868 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:41:41.0824 3868 DMusic - ok
00:41:41.0864 3868 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:41:41.0874 3868 Dnscache - ok
00:41:41.0934 3868 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
00:41:41.0944 3868 Dot3svc - ok
00:41:41.0954 3868 dpti2o - ok
00:41:41.0984 3868 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:41:41.0984 3868 drmkaud - ok
00:41:42.0014 3868 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:41:42.0024 3868 EapHost - ok
00:41:42.0054 3868 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:41:42.0074 3868 ERSvc - ok
00:41:42.0134 3868 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
00:41:42.0154 3868 Eventlog - ok
00:41:42.0204 3868 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
00:41:42.0224 3868 EventSystem - ok
00:41:42.0325 3868 [ C37B83B51CDF10E5BB6F78A7E4FED11A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:41:42.0375 3868 EvtEng - ok
00:41:42.0425 3868 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:41:42.0435 3868 Fastfat - ok
00:41:42.0505 3868 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:41:42.0525 3868 FastUserSwitchingCompatibility - ok
00:41:42.0555 3868 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
00:41:42.0555 3868 Fdc - ok
00:41:42.0575 3868 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:41:42.0585 3868 Fips - ok
00:41:42.0595 3868 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
00:41:42.0605 3868 Flpydisk - ok
00:41:42.0645 3868 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:41:42.0655 3868 FltMgr - ok
00:41:42.0685 3868 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:41:42.0695 3868 Fs_Rec - ok
00:41:42.0725 3868 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:41:42.0735 3868 Ftdisk - ok
00:41:42.0785 3868 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:41:42.0785 3868 GEARAspiWDM - ok
00:41:42.0825 3868 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:41:42.0835 3868 Gpc - ok
00:41:42.0885 3868 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:41:42.0895 3868 helpsvc - ok
00:41:42.0946 3868 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
00:41:42.0956 3868 HidServ - ok
00:41:43.0016 3868 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:41:43.0016 3868 HidUsb - ok
00:41:43.0076 3868 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
00:41:43.0096 3868 hkmsvc - ok
00:41:43.0106 3868 hpn - ok
00:41:43.0166 3868 [ A84BBBDD125D370593004F6429F8445C ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
00:41:43.0176 3868 HSFHWICH - ok
00:41:43.0236 3868 [ B678FA91CF4A1C19B462D8DB04CD02AB ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
00:41:43.0306 3868 HSF_DPV - ok
00:41:43.0356 3868 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:41:43.0366 3868 HTTP - ok
00:41:43.0416 3868 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:41:43.0446 3868 HTTPFilter - ok
00:41:43.0466 3868 i2omgmt - ok
00:41:43.0476 3868 i2omp - ok
00:41:43.0506 3868 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:41:43.0506 3868 i8042prt - ok
00:41:43.0616 3868 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
00:41:43.0677 3868 ialm - ok
00:41:43.0747 3868 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:41:43.0747 3868 Imapi - ok
00:41:43.0787 3868 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
00:41:43.0797 3868 ImapiService - ok
00:41:43.0817 3868 ini910u - ok
00:41:43.0857 3868 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
00:41:43.0857 3868 IntelIde - ok
00:41:43.0897 3868 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:41:43.0907 3868 intelppm - ok
00:41:43.0957 3868 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:41:43.0967 3868 Ip6Fw - ok
00:41:43.0997 3868 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:41:44.0007 3868 IpFilterDriver - ok
00:41:44.0017 3868 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:41:44.0027 3868 IpInIp - ok
00:41:44.0067 3868 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:41:44.0067 3868 IpNat - ok
00:41:44.0147 3868 [ 49918803B661367023BF325CF602AFDC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:41:44.0197 3868 iPod Service - ok
00:41:44.0237 3868 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:41:44.0237 3868 IPSec - ok
00:41:44.0307 3868 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
00:41:44.0307 3868 irda - ok
00:41:44.0348 3868 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:41:44.0348 3868 IRENUM - ok
00:41:44.0388 3868 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
00:41:44.0398 3868 Irmon - ok
00:41:44.0418 3868 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:41:44.0428 3868 isapnp - ok
00:41:44.0468 3868 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:41:44.0478 3868 Kbdclass - ok
00:41:44.0508 3868 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:41:44.0518 3868 kbdhid - ok
00:41:44.0558 3868 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:41:44.0568 3868 kmixer - ok
00:41:44.0588 3868 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:41:44.0598 3868 KSecDD - ok
00:41:44.0638 3868 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
00:41:44.0658 3868 LanmanServer - ok
00:41:44.0708 3868 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:41:44.0738 3868 lanmanworkstation - ok
00:41:44.0748 3868 lbrtfdc - ok
00:41:44.0788 3868 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:41:44.0808 3868 LmHosts - ok
00:41:44.0848 3868 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
00:41:44.0868 3868 LPDSVC - ok
00:41:44.0938 3868 [ 0F528E44CDC78365BE693AE723E3801C ] MDC8021X C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
00:41:44.0938 3868 MDC8021X - ok
00:41:44.0958 3868 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:41:44.0958 3868 mdmxsdk - ok
00:41:45.0008 3868 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:41:45.0028 3868 Messenger - ok
00:41:45.0079 3868 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:41:45.0079 3868 mnmdd - ok
00:41:45.0129 3868 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
00:41:45.0139 3868 mnmsrvc - ok
00:41:45.0169 3868 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:41:45.0169 3868 Modem - ok
00:41:45.0189 3868 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:41:45.0199 3868 Mouclass - ok
00:41:45.0229 3868 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:41:45.0229 3868 mouhid - ok
00:41:45.0269 3868 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:41:45.0279 3868 MountMgr - ok
00:41:45.0289 3868 mraid35x - ok
00:41:45.0309 3868 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:41:45.0319 3868 MRxDAV - ok
00:41:45.0379 3868 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:41:45.0399 3868 MRxSmb - ok
00:41:45.0449 3868 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
00:41:45.0459 3868 MSDTC - ok
00:41:45.0479 3868 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:41:45.0489 3868 Msfs - ok
00:41:45.0499 3868 MSIServer - ok
00:41:45.0529 3868 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:41:45.0529 3868 MSKSSRV - ok
00:41:45.0559 3868 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:41:45.0569 3868 MSPCLOCK - ok
00:41:45.0579 3868 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:41:45.0579 3868 MSPQM - ok
00:41:45.0619 3868 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:41:45.0619 3868 mssmbios - ok
00:41:45.0649 3868 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:41:45.0649 3868 Mup - ok
00:41:45.0699 3868 [ EBBEF7D3DDEB24239AB8D067F3A27CCF ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
00:41:45.0699 3868 NAL - ok
00:41:45.0740 3868 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
00:41:45.0770 3868 napagent - ok
00:41:45.0810 3868 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:41:45.0820 3868 NDIS - ok
00:41:45.0880 3868 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:41:45.0880 3868 NdisTapi - ok
00:41:45.0930 3868 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:41:45.0930 3868 Ndisuio - ok
00:41:45.0940 3868 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:41:45.0950 3868 NdisWan - ok
00:41:46.0010 3868 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:41:46.0010 3868 NDProxy - ok
00:41:46.0050 3868 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:41:46.0060 3868 NetBIOS - ok
00:41:46.0090 3868 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:41:46.0100 3868 NetBT - ok
00:41:46.0140 3868 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
00:41:46.0160 3868 NetDDE - ok
00:41:46.0170 3868 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:41:46.0190 3868 NetDDEdsdm - ok
00:41:46.0240 3868 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
00:41:46.0260 3868 Netlogon - ok
00:41:46.0290 3868 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
00:41:46.0310 3868 Netman - ok
00:41:46.0431 3868 [ 25D4FD2151185172B6643C94F34F36BE ] NetSvc C:\Program Files\Intel\NCS\Sync\NetSvc.exe
00:41:46.0441 3868 NetSvc - ok
00:41:46.0471 3868 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:41:46.0471 3868 NIC1394 - ok
00:41:46.0541 3868 [ 8A6FA8E0B302DF2496802AAFDA5CE810 ] NICCONFIGSVC C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
00:41:46.0561 3868 NICCONFIGSVC - ok
00:41:46.0591 3868 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
00:41:46.0621 3868 Nla - ok
00:41:46.0651 3868 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:41:46.0661 3868 Npfs - ok
00:41:46.0701 3868 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:41:46.0731 3868 Ntfs - ok
00:41:46.0761 3868 [ 170EE229D4DEF31DBE95348C9A88FE74 ] ntk_PowerDVD C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys
00:41:46.0771 3868 ntk_PowerDVD - ok
00:41:46.0801 3868 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
00:41:46.0811 3868 NtLmSsp - ok
00:41:46.0861 3868 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:41:46.0921 3868 NtmsSvc - ok
00:41:46.0981 3868 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
00:41:46.0981 3868 Null - ok
00:41:47.0011 3868 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:41:47.0021 3868 NwlnkFlt - ok
00:41:47.0031 3868 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:41:47.0041 3868 NwlnkFwd - ok
00:41:47.0071 3868 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:41:47.0071 3868 ohci1394 - ok
00:41:47.0132 3868 [ 2B7B4A20EF17FBACCDE5F3224F551F0D ] omccomsad C:\Program Files\Dell\OpenManage\OMCC\oma\bin\omsad32.exe
00:41:47.0142 3868 omccomsad - ok
00:41:47.0182 3868 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
00:41:47.0192 3868 Parport - ok
00:41:47.0232 3868 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:41:47.0232 3868 PartMgr - ok
00:41:47.0262 3868 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:41:47.0262 3868 ParVdm - ok
00:41:47.0282 3868 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:41:47.0292 3868 PCI - ok
00:41:47.0302 3868 PCIDump - ok
00:41:47.0322 3868 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
00:41:47.0322 3868 PCIIde - ok
00:41:47.0342 3868 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
00:41:47.0352 3868 Pcmcia - ok
00:41:47.0362 3868 PDCOMP - ok
00:41:47.0372 3868 PDFRAME - ok
00:41:47.0392 3868 PDRELI - ok
00:41:47.0402 3868 PDRFRAME - ok
00:41:47.0422 3868 perc2 - ok
00:41:47.0432 3868 perc2hib - ok
00:41:47.0492 3868 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
00:41:47.0492 3868 PlugPlay - ok
00:41:47.0522 3868 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
00:41:47.0522 3868 PolicyAgent - ok
00:41:47.0572 3868 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:41:47.0572 3868 PptpMiniport - ok
00:41:47.0592 3868 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:41:47.0592 3868 ProtectedStorage - ok
00:41:47.0602 3868 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:41:47.0612 3868 PSched - ok
00:41:47.0622 3868 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:41:47.0622 3868 Ptilink - ok
00:41:47.0632 3868 ql1080 - ok
00:41:47.0642 3868 Ql10wnt - ok
00:41:47.0652 3868 ql12160 - ok
00:41:47.0662 3868 ql1240 - ok
00:41:47.0672 3868 ql1280 - ok
00:41:47.0682 3868 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:41:47.0682 3868 RasAcd - ok
00:41:47.0712 3868 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:41:47.0722 3868 RasAuto - ok
00:41:47.0762 3868 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
00:41:47.0772 3868 Rasirda - ok
00:41:47.0772 3868 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:41:47.0782 3868 Rasl2tp - ok
00:41:47.0813 3868 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:41:47.0823 3868 RasMan - ok
00:41:47.0833 3868 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:41:47.0833 3868 RasPppoe - ok
00:41:47.0853 3868 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:41:47.0853 3868 Raspti - ok
00:41:47.0883 3868 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:41:47.0883 3868 Rdbss - ok
00:41:47.0903 3868 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:41:47.0913 3868 RDPCDD - ok
00:41:47.0933 3868 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:41:47.0933 3868 rdpdr - ok
00:41:47.0993 3868 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:41:48.0003 3868 RDPWD - ok
00:41:48.0043 3868 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:41:48.0063 3868 RDSessMgr - ok
00:41:48.0093 3868 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:41:48.0093 3868 redbook - ok
00:41:48.0143 3868 [ 91BB86DBC9E098389F9A70B1DC08BC54 ] RegSrvc C:\WINDOWS\system32\RegSrvc.exe
00:41:48.0153 3868 RegSrvc - ok
00:41:48.0193 3868 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:41:48.0203 3868 RemoteAccess - ok
00:41:48.0243 3868 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:41:48.0263 3868 RemoteRegistry - ok
00:41:48.0283 3868 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
00:41:48.0283 3868 RFCOMM - ok
00:41:48.0313 3868 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
00:41:48.0323 3868 RpcLocator - ok
00:41:48.0373 3868 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
00:41:48.0373 3868 RpcSs - ok
00:41:48.0413 3868 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
00:41:48.0423 3868 RSVP - ok
00:41:48.0483 3868 [ 0FCB7EEB0E81A777735A5AF185F56C2B ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
00:41:48.0524 3868 S24EventMonitor - ok
00:41:48.0554 3868 [ 68B465437DCA3ECC717FC315DA7B8762 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
00:41:48.0564 3868 s24trans - ok
00:41:48.0574 3868 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
00:41:48.0584 3868 SamSs - ok
00:41:48.0614 3868 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:41:48.0634 3868 SCardSvr - ok
00:41:48.0694 3868 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:41:48.0714 3868 Schedule - ok
00:41:48.0744 3868 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:41:48.0744 3868 Secdrv - ok
00:41:48.0764 3868 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
00:41:48.0774 3868 seclogon - ok
00:41:48.0794 3868 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
00:41:48.0804 3868 SENS - ok
00:41:48.0844 3868 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
00:41:48.0854 3868 serenum - ok
00:41:48.0874 3868 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
00:41:48.0874 3868 Serial - ok
00:41:48.0954 3868 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:41:48.0954 3868 Sfloppy - ok
00:41:48.0994 3868 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:41:49.0034 3868 SharedAccess - ok
00:41:49.0064 3868 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:41:49.0084 3868 ShellHWDetection - ok
00:41:49.0094 3868 Simbad - ok
00:41:49.0114 3868 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
00:41:49.0124 3868 SMCIRDA - ok
00:41:49.0184 3868 [ 60C377BE6B3CC83F6A8584934B181D2E ] SNMP C:\WINDOWS\System32\snmp.exe
00:41:49.0205 3868 SNMP - ok
00:41:49.0235 3868 [ 80A050795A107A76C2B1CD4CFBE010E6 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
00:41:49.0245 3868 SNMPTRAP - ok
00:41:49.0265 3868 Sparrow - ok
00:41:49.0305 3868 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:41:49.0305 3868 splitter - ok
00:41:49.0365 3868 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:41:49.0385 3868 Spooler - ok
00:41:49.0435 3868 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:41:49.0435 3868 sr - ok
00:41:49.0475 3868 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
00:41:49.0505 3868 srservice - ok
00:41:49.0565 3868 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:41:49.0585 3868 Srv - ok
00:41:49.0645 3868 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:41:49.0665 3868 SSDPSRV - ok
00:41:49.0715 3868 [ 5813D453EF8CE49D607C255CF128ACEB ] STAC97 C:\WINDOWS\system32\drivers\stac97.sys
00:41:49.0725 3868 STAC97 - ok
00:41:49.0795 3868 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:41:49.0845 3868 stisvc - ok
00:41:49.0865 3868 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:41:49.0875 3868 swenum - ok
00:41:49.0885 3868 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:41:49.0895 3868 swmidi - ok
00:41:49.0926 3868 SwPrv - ok
00:41:49.0936 3868 symc810 - ok
00:41:49.0956 3868 symc8xx - ok
00:41:49.0976 3868 sym_hi - ok
00:41:49.0986 3868 sym_u3 - ok
00:41:50.0026 3868 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:41:50.0026 3868 sysaudio - ok
00:41:50.0056 3868 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:41:50.0066 3868 SysmonLog - ok
00:41:50.0106 3868 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:41:50.0126 3868 TapiSrv - ok
00:41:50.0186 3868 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:41:50.0196 3868 Tcpip - ok
00:41:50.0246 3868 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:41:50.0256 3868 TDPIPE - ok
00:41:50.0256 3868 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:41:50.0266 3868 TDTCP - ok
00:41:50.0296 3868 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:41:50.0296 3868 TermDD - ok
00:41:50.0336 3868 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
00:41:50.0356 3868 TermService - ok
00:41:50.0376 3868 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
00:41:50.0386 3868 Themes - ok
00:41:50.0436 3868 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
00:41:50.0446 3868 TlntSvr - ok
00:41:50.0456 3868 TosIde - ok
00:41:50.0486 3868 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:41:50.0496 3868 TrkWks - ok
00:41:50.0516 3868 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:41:50.0526 3868 Udfs - ok
00:41:50.0536 3868 UIUSys - ok
00:41:50.0556 3868 ultra - ok
00:41:50.0617 3868 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
00:41:50.0637 3868 Update - ok
00:41:50.0677 3868 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
00:41:50.0697 3868 upnphost - ok
00:41:50.0717 3868 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
00:41:50.0737 3868 UPS - ok
00:41:50.0777 3868 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
00:41:50.0777 3868 USBAAPL - ok
00:41:50.0807 3868 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:41:50.0817 3868 usbccgp - ok
00:41:50.0877 3868 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:41:50.0887 3868 usbehci - ok
00:41:50.0897 3868 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:41:50.0907 3868 usbhub - ok
00:41:50.0947 3868 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:41:50.0957 3868 usbprint - ok
00:41:50.0977 3868 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:41:50.0977 3868 usbscan - ok
00:41:50.0997 3868 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:41:50.0997 3868 USBSTOR - ok
00:41:51.0037 3868 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:41:51.0037 3868 usbuhci - ok
00:41:51.0077 3868 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:41:51.0087 3868 VgaSave - ok
00:41:51.0097 3868 ViaIde - ok
00:41:51.0127 3868 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:41:51.0137 3868 VolSnap - ok
00:41:51.0177 3868 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
00:41:51.0227 3868 VSS - ok
00:41:51.0378 3868 [ F0608F3B5B6D16F4870E867F9D069B6B ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
00:41:51.0498 3868 w29n51 - ok
00:41:51.0528 3868 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
00:41:51.0558 3868 W32Time - ok
00:41:51.0598 3868 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:41:51.0608 3868 Wanarp - ok
00:41:51.0618 3868 WDICA - ok
00:41:51.0678 3868 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:41:51.0688 3868 wdmaud - ok
00:41:51.0718 3868 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
00:41:51.0748 3868 WebClient - ok
00:41:51.0808 3868 [ 0C5B9CF1BDF998750D9C5EEB5F8C55AC ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:41:51.0848 3868 winachsf - ok
00:41:51.0968 3868 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:41:51.0978 3868 winmgmt - ok
00:41:52.0069 3868 [ C9B9942EECA0B82E35D60627E365510A ] WLANKEEPER C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
00:41:52.0079 3868 WLANKEEPER - ok
00:41:52.0099 3868 wltrysvc - ok
00:41:52.0139 3868 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
00:41:52.0159 3868 WmdmPmSN - ok
00:41:52.0219 3868 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
00:41:52.0249 3868 Wmi - ok
00:41:52.0319 3868 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:41:52.0329 3868 WmiApSrv - ok
00:41:52.0439 3868 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:41:52.0489 3868 WPFFontCache_v0400 - ok
00:41:52.0549 3868 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:41:52.0549 3868 WS2IFSL - ok
00:41:52.0619 3868 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
00:41:52.0649 3868 wscsvc - ok
00:41:52.0680 3868 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
00:41:52.0710 3868 wuauserv - ok
00:41:52.0770 3868 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:41:52.0830 3868 WZCSVC - ok
00:41:52.0870 3868 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:41:52.0910 3868 xmlprov - ok
00:41:52.0940 3868 ================ Scan global ===============================
00:41:53.0000 3868 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
00:41:53.0060 3868 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
00:41:53.0140 3868 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
00:41:53.0190 3868 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
00:41:53.0210 3868 [Global] - ok
00:41:53.0220 3868 ================ Scan MBR ==================================
00:41:53.0240 3868 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
00:41:53.0511 3868 \Device\Harddisk0\DR0 - ok
00:41:53.0521 3868 ================ Scan VBR ==================================
00:41:53.0521 3868 [ 1A4743AB54A25B2B43D359EF85151FE6 ] \Device\Harddisk0\DR0\Partition1
00:41:53.0531 3868 \Device\Harddisk0\DR0\Partition1 - ok
00:41:53.0531 3868 ============================================================
00:41:53.0531 3868 Scan finished
00:41:53.0531 3868 ============================================================
00:41:53.0561 1184 Detected object count: 0
00:41:53.0561 1184 Actual detected object count: 0


aswMBR.txt
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-03 00:44:16
-----------------------------
00:44:16.647 OS Version: Windows 5.1.2600 Service Pack 3
00:44:16.647 Number of processors: 1 586 0xD06
00:44:16.647 ComputerName: BENJAMIN-LAPTOP UserName: Benjamin
00:44:17.157 Initialize success
00:44:17.317 AVAST engine defs: 12120101
00:44:34.021 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:44:34.021 Disk 0 Vendor: FUJITSU_MHV2060AH 000000A0 Size: 57231MB BusType: 3
00:44:34.052 Disk 0 MBR read successfully
00:44:34.052 Disk 0 MBR scan
00:44:34.052 Disk 0 Windows XP default MBR code
00:44:34.052 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 56227 MB offset 63
00:44:34.062 Disk 0 scanning sectors +115153920
00:44:34.152 Disk 0 scanning C:\WINDOWS\system32\drivers
00:44:48.562 Service scanning
00:45:07.520 Modules scanning
00:45:14.209 Disk 0 trace - called modules:
00:45:14.219 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
00:45:14.229 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86756ab8]
00:45:14.229 3 CLASSPNP.SYS[f78c4fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86771b00]
00:45:14.750 AVAST engine scan C:\WINDOWS
00:45:27.789 AVAST engine scan C:\WINDOWS\system32
00:47:34.191 AVAST engine scan C:\WINDOWS\system32\drivers
00:47:46.308 AVAST engine scan C:\Documents and Settings\Benjamin
00:51:06.245 AVAST engine scan C:\Documents and Settings\All Users
00:51:34.817 Scan finished successfully
00:52:39.409 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Benjamin\Desktop\MBR.dat"
00:52:39.409 The log file has been saved successfully to "C:\Documents and Settings\Benjamin\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 02 December 2012 - 08:34 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 08 December 2012 - 02:09 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 benja8151

benja8151
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 08 December 2012 - 05:18 AM

I'm sorry, but I had a lot of work for school in the last days. I think the use of dts-seach as a primary search engine has been fixed (I can use Google search now), but there is still that very long shutdown time and RAM reduction over time.

OTL.txt:
OTL logfile created on: 8.12.2012 10:58:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Benjamin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: d.M.yyyy

1022,21 Mb Total Physical Memory | 527,41 Mb Available Physical Memory | 51,59% Memory free
2,40 Gb Paging File | 1,95 Gb Available in Paging File | 80,98% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54,91 Gb Total Space | 38,48 Gb Free Space | 70,08% Space Free | Partition Type: NTFS

Computer Name: BENJAMIN-LAPTOP | User Name: Benjamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Benjamin\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink)
PRC - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
PRC - C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\OpenManage\OMCC\iws\bin\win32\omaws32.exe (Dell Computer Corporation)
PRC - C:\Program Files\Dell\OpenManage\OMCC\oma\bin\omsad32.exe (Dell Inc.)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
PRC - C:\Program Files\Dell\Bluetooth Software\BTStackServer.exe (WIDCOMM, Inc.)
PRC - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc.)
PRC - C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe (Dell)
PRC - C:\WINDOWS\system32\ZCfgSvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\1XConfig.exe (Intel)
PRC - C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12120701\algo.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
MOD - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\sqlite3.dll ()
MOD - C:\Program Files\Intel\WiFi\bin\iWMSProv.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\WINDOWS\system32\antiwpa.dll ()
MOD - C:\Program Files\Dell\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\system32\C1XStngs.dll ()
MOD - C:\WINDOWS\system32\libeay32.dll ()
MOD - C:\WINDOWS\system32\ssleay32.dll ()


========== Services (SafeList) ==========

SRV - (ccadmin) -- C:\Program Files\Dell\OpenManage\OMCC\iws\bin\win32\omaws32.exe OMACS_KEY_OMA=SOFTWARE\Dell Computer Corporation\Dell OpenManage OMCC\Dell OMA File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (CyberLink PowerDVD 11.0 Service) -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink)
SRV - (CyberLink PowerDVD 11.0 Monitor Service) -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
SRV - (CLHNServiceForPowerDVD) -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
SRV - (dcevt32) -- C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe (Dell Inc.)
SRV - (dcstor32) -- C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe (Dell Inc.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (WLANKEEPER) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (omccomsad) -- C:\Program Files\Dell\OpenManage\OMCC\oma\bin\omsad32.exe (Dell Inc.)
SRV - (btwdins) -- C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc.)
SRV - (RegSrvc) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (UIUSys) -- system32\drivers\UIUSys.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Benjamin\LOCALS~1\Temp\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (MDC8021X) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (ntk_PowerDVD) -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys (Cyberlink Corp.)
DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (dcdbas) -- C:\WINDOWS\system32\drivers\dcdbas32.sys (Dell Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (WIDCOMM, Inc.)
DRV - (DFUBTUSB) -- C:\WINDOWS\system32\drivers\frmupgr.sys (WIDCOMM, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (WIDCOMM, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-854245398-1708537768-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-854245398-1708537768-1202660629-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-854245398-1708537768-1202660629-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-854245398-1708537768-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.si/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.25 18:37:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.21 17:41:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.11.26 17:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Benjamin\Application Data\Mozilla\Extensions
[2012.12.02 22:04:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\hugl268y.default\extensions
[2012.12.08 10:55:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.21 05:45:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.21 02:54:03 | 000,010,799 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ceneji.xml
[2011.11.21 02:54:03 | 000,001,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\najdi-si.xml
[2011.11.21 02:54:03 | 000,003,584 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\odpiralni.xml
[2011.11.21 02:15:19 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011.11.21 02:54:03 | 000,001,328 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sl.xml

========== Chrome ==========

CHR - homepage: http://www.google.si/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.si/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Benjamin\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Benjamin\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Iskanje Google = C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Photo Zoom for Facebook = C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Preverjevalnik za Google Mail = C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Benjamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012.12.02 23:57:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [GC75-Manager-Class] C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe (Dell)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Dell\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-1708537768-1202660629-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-1708537768-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-854245398-1708537768-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-854245398-1708537768-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36D8EC59-F99E-4F29-BDBA-43935ADDA045}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (WIDCOMM, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Antiwpa: DllName - (antiwpa.dll) - C:\WINDOWS\System32\antiwpa.dll ()
O20 - Winlogon\Notify\Sebring: DllName - (C:\WINDOWS\system32\LgNotify.dll) - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.29 20:04:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.08 10:57:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Benjamin\Desktop\OTL (1).exe
[2012.12.05 19:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin\Application Data\Philipp Winterberg
[2012.12.05 19:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Free RAR Extract Frog
[2012.12.05 19:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free RAR Extract Frog
[2012.12.03 20:44:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012.12.03 00:44:10 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Benjamin\Desktop\aswMBR.exe
[2012.12.03 00:41:05 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Benjamin\Desktop\tdsskiller.exe
[2012.12.03 00:40:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.12.02 23:50:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.12.02 23:44:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.12.02 23:44:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.12.02 23:44:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.12.02 23:44:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.12.02 23:44:18 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.12.02 23:43:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.02 23:43:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.12.02 23:42:42 | 005,009,299 | R--- | C] (Swearware) -- C:\Documents and Settings\Benjamin\Desktop\ComboFix.exe
[2012.12.02 22:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin\Desktop\RK_Quarantine
[2012.12.02 12:02:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Benjamin\My Documents\My Videos
[2012.12.02 12:02:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Benjamin\Start Menu\Programs\Administrative Tools
[2012.12.02 11:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin\Application Data\DriverCure
[2012.12.02 11:34:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin\Application Data\SpeedyPC Software
[2012.12.02 11:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012.11.19 17:27:05 | 000,000,000 | ---D | C] -- C:\Config.Msi
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.12.08 10:57:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Benjamin\Desktop\OTL (1).exe
[2012.12.08 10:51:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.12.05 20:11:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1708537768-1202660629-1003UA.job
[2012.12.05 20:11:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1708537768-1202660629-1003Core.job
[2012.12.05 19:28:17 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free RAR Extract Frog.lnk
[2012.12.05 19:15:46 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.12.03 00:52:39 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Benjamin\Desktop\MBR.dat
[2012.12.03 00:43:49 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Benjamin\Desktop\aswMBR.exe
[2012.12.03 00:41:02 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Benjamin\Desktop\tdsskiller.exe
[2012.12.02 23:57:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.12.02 23:51:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.12.02 23:42:39 | 005,009,299 | R--- | M] (Swearware) -- C:\Documents and Settings\Benjamin\Desktop\ComboFix.exe
[2012.12.02 22:20:02 | 000,752,128 | ---- | M] () -- C:\Documents and Settings\Benjamin\Desktop\RogueKiller.exe
[2012.12.02 11:18:44 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Benjamin\Desktop\Google Chrome.lnk
[2012.12.02 11:18:44 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.11.19 18:06:56 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.11.19 17:36:53 | 000,422,402 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.11.19 17:36:53 | 000,062,104 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.11.19 17:17:41 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.12.05 19:28:17 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free RAR Extract Frog.lnk
[2012.12.03 00:52:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Benjamin\Desktop\MBR.dat
[2012.12.02 23:51:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.12.02 23:50:59 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012.12.02 23:44:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.12.02 23:44:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.12.02 23:44:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.12.02 23:44:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.12.02 23:44:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.12.02 22:20:22 | 000,752,128 | ---- | C] () -- C:\Documents and Settings\Benjamin\Desktop\RogueKiller.exe
[2012.09.27 01:14:29 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Benjamin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.16 22:08:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.10.06 17:15:54 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011.10.06 17:15:53 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011.10.06 17:15:53 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011.10.06 17:15:53 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011.10.06 17:15:53 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011.10.06 17:15:53 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011.10.06 17:15:53 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011.10.06 17:15:53 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011.10.06 17:15:53 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011.10.06 17:15:53 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011.10.06 17:15:53 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011.10.06 17:15:53 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011.10.06 17:15:53 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011.10.06 17:15:53 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011.10.06 17:15:53 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011.10.06 17:15:53 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011.10.06 17:15:53 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011.10.06 17:15:53 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011.10.06 17:15:53 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011.10.06 16:09:12 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll
[2011.10.01 14:44:40 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2011.09.29 21:45:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.09.29 21:44:21 | 000,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.09.29 21:27:55 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011.09.29 21:27:54 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011.09.29 21:27:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011.09.29 20:08:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.09.29 20:01:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2011.09.29 21:23:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 21:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 08 December 2012 - 02:19 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    MOD - C:\WINDOWS\system32\antiwpa.dll ()  
    [2011.11.21 02:54:03 | 000,010,799 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ceneji.xml
    [2011.11.21 02:54:03 | 000,001,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\najdi-si.xml
    [2011.11.21 02:54:03 | 000,003,584 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\odpiralni.xml
    [2012.12.02 11:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin\Application Data\DriverCure
    [2012.12.02 11:34:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin\Application Data\SpeedyPC Software
    [2012.12.02 11:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 benja8151

benja8151
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 08 December 2012 - 02:49 PM

I am starting to feel this long shutdown time is an unsolvable problem...

12082012_203623.log.txt
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
C:\Program Files\Mozilla Firefox\searchplugins\ceneji.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\najdi-si.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\odpiralni.xml moved successfully.
C:\Documents and Settings\Benjamin\Application Data\DriverCure folder moved successfully.
C:\Documents and Settings\Benjamin\Application Data\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Documents and Settings\Benjamin\Application Data\SpeedyPC Software folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedyPC Software folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Benjamin\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Benjamin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Benjamin

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Benjamin
->Flash cache emptied: 7018 bytes

User: Default User
->Flash cache emptied: 56475 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12082012_203623

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 08 December 2012 - 03:51 PM

Greetings

The long shutdown may have nothing to do with malware at all - I would start looking in device manager to see if I see anything strange

go into add/remove and uninstall things no longer used like any old printers



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 12 December 2012 - 12:40 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 15 December 2012 - 02:37 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users