Jump to content

rundll32 not responding when shut down/restart


Recommended Posts

This recently happened so I tried to google for a solution. Came here and followed the instructions. 

I did a scan with malwarebytes, some suspicious files came up and I deleted it but problem wasn't resolved. So here's my dds.txt and attach.txt

 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by Fahmy at 21:13:00 on 2013-06-30
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.989.453 [GMT 8:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled* 
.
============== Running Processes ================
.
C:\windows\system32\ibmpmsvc.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Dokan\DokanLibrary\mounter.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\windows\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Documents and Settings\All Users\Application Data\AutoStarter\AutoStarter.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k Akamai
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {B3312915-9368-4FE4-8D4E-B60E5B36D0FF} - <orphaned>
BHO: {D5D33A26-F043-4808-B335-6B10630E04F8} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\LVOSDSVC.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LFKA] "c:\program files\lenovo\atk hotkey\LFKA.exe"
mRun: [LCONTROL] "c:\program files\lenovo\atk hotkey\LCONTROL.exe"
mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [AutoStarter] c:\documents and settings\all users\application data\autostarter\AutoStarter.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableLUA = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - <no file>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
TCP: Interfaces\{42281D50-611A-4652-82C0-ED6485807A8B} : NameServer = 164.78.237.13,164.78.239.13
TCP: Interfaces\{95A970BB-78A2-40CF-94AB-8CF092328EC2} : NameServer = 10.79.32.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: KuGoo - <Clsid value has no data>
Handler: KuGoo3 - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\fahmy\application data\mozilla\firefox\profiles\kfqewfqi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\fahmy\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\fahmy\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\garena messenger\bbtalk\plugins\npplugin\npGarenaTalkPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-6-28 13560]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-9-30 14656]
R1 FNETVDDA;FNETVDDA;c:\windows\system32\drivers\FNETVDDA.SYS [2012-9-30 35552]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-13 13480]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-4-25 16688]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2013-6-28 22064]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-6-13 1236336]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-11-28 20328]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-7-5 84608]
R2 DokanMounter;DokanMounter;c:\program files\dokan\dokanlibrary\mounter.exe [2010-7-5 22016]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-11-27 53248]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2013-6-28 66344]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2011-9-7 22016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-29 275968]
S3 bpenum;Intel® WiMAX Link Enumerator;c:\windows\system32\drivers\bpenum.sys [2009-2-2 163840]
S3 cpuz132;cpuz132;\??\c:\docume~1\auslan~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\auslan~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-2-7 36608]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\fahmy\locals~1\temp\mpwbc.tmp --> c:\docume~1\fahmy\locals~1\temp\MPWBC.tmp [?]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-6-28 41584]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena messenger\room\safedrv.sys --> c:\program files\garena messenger\room\safedrv.sys [?]
S3 hipeer20;Remobo Instant Private Network;c:\windows\system32\drivers\remobo32.sys [2010-8-2 26112]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2011-9-7 22016]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-11-9 18432]
S3 tcpip helper;tcpip helper;\??\c:\program files\garena messenger\x86\tcpiphlp.sys --> c:\program files\garena messenger\x86\tcpiphlp.sys [?]
S3 TDEIO;TDEIO;c:\drivers\flash\6auj15us\TdeIo.sys [2008-4-25 15488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 
 
753504]
S4 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-10-6 288088]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S4 HWDeviceService.exe;HWDeviceService.exe;"c:\documents and settings\all users\application data\datacardservice\hwdeviceservice.exe" -/service --> c:\documents and 
 
settings\all users\application data\datacardservice\HWDeviceService.exe [?]
S4 LFKAS;Service of LFKA;c:\program files\lenovo\atk hotkey\LFKAS.exe [2010-2-4 208896]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S4 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-6-17 434864]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-06-29 15:53:23 -------- d-----w- c:\documents and settings\fahmy\application data\Malwarebytes
2013-06-29 15:53:15 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-29 15:53:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-29 15:53:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-27 17:48:40 41584 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-06-27 17:33:33 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Antivirus
2013-06-27 17:26:31 66344 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2013-06-27 17:26:30 22064 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2013-06-27 17:26:25 -------- d-----w- c:\windows\system32\drivers\VDD
2013-06-27 17:26:24 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-06-27 17:25:35 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations
2013-06-27 17:25:34 -------- d-----w- c:\documents and settings\fahmy\local settings\application data\adawarebp
2013-06-27 17:25:34 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2013-06-27 17:25:32 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2013-06-27 17:25:28 -------- d-----w- c:\program files\adawaretb
2013-06-27 17:25:28 -------- d-----w- c:\documents and settings\fahmy\application data\adawaretb
2013-06-27 17:25:27 -------- d-----w- c:\program files\Toolbar Cleaner
2013-06-27 17:24:10 -------- d-----w- c:\documents and settings\fahmy\application data\LavasoftStatistics
2013-06-27 17:23:00 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-06-27 17:22:58 -------- d-----w- c:\documents and settings\fahmy\application data\Ad-Aware Antivirus
2013-06-26 15:46:17 -------- d-----w- c:\windows\system32\NtmsData
2013-06-01 03:36:57 -------- d-----w- c:\documents and settings\fahmy\My Vaults
.
==================== Find3M  ====================
.
2013-06-20 01:36:08 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-20 01:36:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-03 21:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 21:13:52.67 ===============
 
Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/4/2010 10:12:01 AM
System Uptime: 6/30/2013 8:55:35 PM (1 hours ago)
.
Motherboard: LENOVO                        |  | 2743RS6   
Processor: Intel Pentium III Xeon processor | Socket 478 | 2094/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 4.904 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2802&SUBSYS_80860101&REV_1000\4&847CD8C&0&0201
Manufacturer: 
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2802&SUBSYS_80860101&REV_1000\4&847CD8C&0&0201
Service: 
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP876: 6/12/2013 9:29:04 PM - System Checkpoint
RP877: 6/14/2013 12:53:01 AM - System Checkpoint
RP878: 6/15/2013 4:27:06 AM - System Checkpoint
RP879: 6/21/2013 4:04:54 PM - System Checkpoint
RP880: 6/23/2013 4:24:43 PM - Software Distribution Service 3.0
RP881: 6/27/2013 4:39:53 AM - System Checkpoint
RP882: 6/28/2013 12:56:12 AM - Removed Angry Birds Space
RP883: 6/28/2013 1:00:36 AM - Removed Lynx SSC 32 Terminal
RP884: 6/28/2013 1:05:08 AM - Removed Windows Mobile 5.0 SDK R2 for Pocket PC
RP885: 6/28/2013 1:08:06 AM - Removed Windows Mobile 5.0 SDK R2 for Smartphone
RP886: 6/29/2013 1:15:45 PM - System Checkpoint
RP887: 6/30/2013 5:32:23 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20
Access Help
Acrobat.com
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.7)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Autodesk Design Review 2011
Binreader
Bonjour
Canon MP Navigator 2.0
Canon MP500
CCleaner
CD-LabelPrint
Cisco AnyConnect VPN Client
Conexant HD Audio
Connect
ConvertXtoDVD 4.1.19.365
Counter-Strike Source version 1.0.0.58
CPUID CPU-Z 1.56
Dassault Systemes Software B19
Dassault Systemes Software Prerequisites x86
Defraggler
DivX Setup
Dokan Library 0.5.3
DVD Decrypter (Remove Only)
Easy-WebPrint
Far Cry (Patch 1.4)
FARO LS 1.1.406.58
Freemake Video Converter version 3.0.0
Garena - League of Legends
Garena Plus
gen_msn_adv 1.1
Google Chrome
Google Update Helper
HI-TECH C51-lite V9.60PL0
HI-TECH PICC lite V9.60PL0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotspot Shield 2.09
ImgBurn
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software
iTunes
Java 7 Update 21
Java Auto Updater
Junk Mail filter update
K-Lite Mega Codec Pack 6.3.5
kuler
Lenovo System Interface Driver
Lenovo_ATK_Package
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft IntelliPoint 8.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
Microsoft WinUsb 1.0
mIRC
Mozilla Firefox 21.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
NVIDIA Drivers
NVIDIA PhysX
Octoshape Streaming Services
OmniPage SE 2.0
On Screen Display
OpenAL
PasswordProtectionManager
PC Connectivity Solution
PDF Settings CS4
Photoshop Camera Raw
Presentation Director
QuickPar 0.9
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Respondus LockDown Browser
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
SanDiskSecureAccess_Manager.exe
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 suites (KB2596595) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Segoe UI
Skype™ 5.10
SMS Advanced Client
SopCast 3.5.0
Suite Shared Configuration CS4
swMSM
System Update
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
ThinkPad EasyEject Utility 
ThinkPad FullScreen Magnifier
ThinkPad Power Management Driver for SL Series
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Active Protection System
Unlocker 1.8.9
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
User Companion for DMU V5R19 - CD2
User Companion Server Code V5R19
Users Companion for DMU V5R19 - CD1
VC80CRTRedist - 8.0.50727.6195
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - v9.0.30729.4148
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 2.0.5
WebFldrs XP
Windows Driver Package - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Service Pack 3
WinHTTrack Website Copier 3.45-4
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
6/30/2013 8:46:06 PM, information: Windows File Protection [64002]  - File replacement was attempted on the protected system file c:\windows\system32\setup.exe. This 
 
file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
6/27/2013 8:21:32 PM, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following 
 
corrective action will be taken in 0 milliseconds: Restart the service.
6/27/2013 8:21:30 PM, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
6/26/2013 8:22:02 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: 
 
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
6/26/2013 11:21:50 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Mobile Broadband Modem. OUC service to connect.
6/26/2013 11:21:50 PM, error: Service Control Manager [7000]  - The Mobile Broadband Modem. OUC service failed to start due to the following error:  The service did not 
 
respond to the start or control request in a timely fashion.
6/26/2013 11:02:14 PM, error: DCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
 
 {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services 
 
administrative tool.
6/24/2013 12:16:00 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
.
==== End Of File ===========================
 
 
Link to post
Share on other sites

Hello muhdfahmy25 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall this application: Ad-Aware Browsing Protection

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Rootkit log
  • a new fresh DDS log
Link to post
Share on other sites

JRT log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Fahmy on Mon 07/01/2013 at  4:22:05.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.eb_explorerbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.eb_explorerbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.ipm_printlistitem
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.ipm_printlistitem.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_launcher
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_launcher.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_printmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_printmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_bindstatuscallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_bindstatuscallback.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_cancelbuttoneventhandler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_cancelbuttoneventhandler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.tbtoolband
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.tbtoolband.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.useroptions
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.useroptions.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2704262
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\blekko toolbars"
Successfully deleted: [Folder] "C:\Documents and Settings\Fahmy\Application Data\adawaretb"
Successfully deleted: [Folder] "C:\Documents and Settings\Fahmy\Application Data\pricegong"
Successfully deleted: [Folder] "C:\Documents and Settings\Fahmy\Local Settings\Application Data\adawarebp"
Successfully deleted: [Folder] "C:\Documents and Settings\Fahmy\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Program Files\adawaretb"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files\ask.com"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\privatesearch.xml"
Successfully deleted: [File] C:\Documents and Settings\Fahmy\Application Data\mozilla\firefox\profiles\kfqewfqi.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Fahmy\Application Data\mozilla\firefox\profiles\kfqewfqi.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Documents and Settings\Fahmy\Application Data\mozilla\firefox\profiles\kfqewfqi.default\searchplugins\bing-zugo.xml
Successfully deleted: [File] C:\Documents and Settings\Fahmy\Application Data\mozilla\firefox\profiles\kfqewfqi.default\searchplugins\mystart search.xml
Successfully deleted the following from C:\Documents and Settings\Fahmy\Application Data\mozilla\firefox\profiles\kfqewfqi.default\prefs.js

user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");

user_pref("smartbar.machineId", "RK/SU9HECFMCREC0NV3USKZJUROSGWB28CUWXP2HNOHLHBD1V87K5CNQLUJGEMLZZYY3XIYOCHGLAN661XVU7W");
Emptied folder: C:\Documents and Settings\Fahmy\Application Data\mozilla\firefox\profiles\kfqewfqi.default\minidumps [11 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/01/2013 at  4:24:21.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

ADW CLEANER log

 

# AdwCleaner v2.303 - Logfile created 07/01/2013 at 04:25:22
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Fahmy - DSMAE-NB1003059
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Fahmy\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Fahmy\Application

Data\Mozilla\Firefox\Profiles\kfqewfqi.default\adawaretb
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com

***** [Registry] *****

Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-

95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-

7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-

4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-

06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-

F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-

BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-

4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-

0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-

76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-

502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-

7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-

4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-

06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-

F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5812E8F-0E16-4C65-88F7-

492D36174CB2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-

BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-

4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-

0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-

76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113

-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-

2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow

Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-

9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-

892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-

9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-

2AA2D567BF5C}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Restore] =



-\\ Mozilla Firefox v21.0 (en-GB)

File : C:\Documents and Settings\Fahmy\Application Data\Mozilla\Firefox\Profiles\kfqewfqi.default\prefs.js

Deleted : user_pref("CT2704262_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading

toolbar\",\"time\"[...]
Deleted : user_pref("ct2704262.UserID", "UN37786012733052011");

-\\ Google Chrome v27.0.1453.116

File : C:\Documents and Settings\Fahmy\Local Settings\Application Data\Google\Chrome\User

Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [5257 octets] - [01/07/2013 04:25:22]

########## EOF - C:\AdwCleaner[s1].txt - [5317 octets] ##########
 

Malwarebytes Anti-rootkit log

 

mbar-log-2013-07-01 (04-32-19)

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.30.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Fahmy :: DSMAE-NB1003059 [administrator]

7/1/2013 4:32:19 AM
mbar-log-2013-07-01 (04-32-19).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 224377
Time elapsed: 23 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

System log

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 1037283328, free: 452423680

Downloaded database version: v2013.06.30.07
Initializing...
------------ Kernel report ------------
     07/01/2013 04:32:12
------------ Loaded modules -----------
\windows\system32\ntkrnlpa.exe
\windows\system32\hal.dll
\windows\system32\KDCOM.DLL
\windows\system32\BOOTVID.dll
spzs.sys
\windows\System32\Drivers\WMILIB.SYS
\windows\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
ohci1394.sys
\windows\system32\DRIVERS\1394BUS.SYS
isapnp.sys
gfibto.sys
compbatt.sys
\windows\system32\DRIVERS\BATTC.SYS
pciide.sys
\windows\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
ACPIEC.sys
\windows\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\windows\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Apsx86.sys
ApsHM86.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\ao5gta5j.SYS
\SystemRoot\System32\Drivers\a22sdhix.SYS
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\A0101X32.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\HssDrv.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\taphss.sys
\SystemRoot\system32\DRIVERS\ndisrd.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\wsimd.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\CHDAU32.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\FNETURPX.SYS
\SystemRoot\System32\drivers\FNETVDDA.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\drivers\TSMAPIP.SYS
\SystemRoot\System32\drivers\Tppwrif.sys
\SystemRoot\system32\DRIVERS\TPHKDRV.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\??\C:\windows\system32\drivers\LUMDriver.sys
\SystemRoot\system32\DRIVERS\smiif32.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\arp1394.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\??\C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\adfs.SYS
\??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys
\??\C:\windows\system32\drivers\dokan.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
\Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86836ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff868c6940
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi is hooked
IRP handler 2 of \Driver\atapi is hooked
IRP handler 14 of \Driver\atapi is hooked
IRP handler 15 of \Driver\atapi is hooked
IRP handler 22 of \Driver\atapi is hooked
IRP handler 23 of \Driver\atapi is hooked
IRP handler 27 of \Driver\atapi is hooked
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86836ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff868c6940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86836ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86835e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff868bd9e8, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xffffffff86836ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff869174b0, DeviceName: \Device\0000009c\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff868c6940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\Shockprf\
Upper DeviceData: 0xffffffffe244def0, 0xffffffff86836ab8, 0xffffffff85157040
Lower DeviceData: 0xffffffffe1178888, 0xffffffff868c6940, 0xffffffff851fb7e8
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\windows\system32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E3E57052

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 312560577
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
 

 

DDS log

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by Fahmy at 13:20:07 on 2013-07-01
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.989.528 [GMT 8:00]
.
.
============== Running Processes ================
.
C:\windows\system32\ibmpmsvc.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Dokan\DokanLibrary\mounter.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\windows\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\system32\wscntfy.exe
C:\windows\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\igfxpers.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Documents and Settings\All Users\Application Data\AutoStarter\AutoStarter.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k Akamai
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {B3312915-9368-4FE4-8D4E-B60E5B36D0FF} - <orphaned>
BHO: {D5D33A26-F043-4808-B335-6B10630E04F8} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\LVOSDSVC.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LFKA] "c:\program files\lenovo\atk hotkey\LFKA.exe"
mRun: [LCONTROL] "c:\program files\lenovo\atk hotkey\LCONTROL.exe"
mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [AutoStarter] c:\documents and settings\all users\application data\autostarter\AutoStarter.exe
mRunOnce: [A0] cmd /c "c:\documents and settings\fahmy\my documents\downloads\mbar-1.06.0.1004\mbar\mbar.exe" /r /s
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableLUA = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - <no file>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab














TCP: NameServer = 192.168.1.254
TCP: Interfaces\{42281D50-611A-4652-82C0-ED6485807A8B} : NameServer = 164.78.237.13,164.78.239.13
TCP: Interfaces\{6F108800-3DC0-4E63-86B7-35F7A3798F26} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{95A970BB-78A2-40CF-94AB-8CF092328EC2} : NameServer = 10.79.32.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: KuGoo - <Clsid value has no data>
Handler: KuGoo3 - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\fahmy\application data\mozilla\firefox\profiles\kfqewfqi.default\
FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\fahmy\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\fahmy\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\garena messenger\bbtalk\plugins\npplugin\npGarenaTalkPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-6-28 13560]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-9-30 14656]
R1 FNETVDDA;FNETVDDA;c:\windows\system32\drivers\FNETVDDA.SYS [2012-9-30 35552]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-13 13480]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-4-25 16688]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-11-28 20328]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-7-5 84608]
R2 DokanMounter;DokanMounter;c:\program files\dokan\dokanlibrary\mounter.exe [2010-7-5 22016]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-11-27 53248]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-7-1 35144]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2011-9-7 22016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-29 275968]
S3 bpenum;Intel® WiMAX Link Enumerator;c:\windows\system32\drivers\bpenum.sys [2009-2-2 163840]
S3 cpuz132;cpuz132;\??\c:\docume~1\auslan~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\auslan~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-2-7 36608]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\fahmy\locals~1\temp\mpwbc.tmp --> c:\docume~1\fahmy\locals~1\temp\MPWBC.tmp [?]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-6-28 41584]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena messenger\room\safedrv.sys --> c:\program files\garena messenger\room\safedrv.sys [?]
S3 hipeer20;Remobo Instant Private Network;c:\windows\system32\drivers\remobo32.sys [2010-8-2 26112]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2011-9-7 22016]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-11-9 18432]
S3 tcpip helper;tcpip helper;\??\c:\program files\garena messenger\x86\tcpiphlp.sys --> c:\program files\garena messenger\x86\tcpiphlp.sys [?]
S3 TDEIO;TDEIO;c:\drivers\flash\6auj15us\TdeIo.sys [2008-4-25 15488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]
S4 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-10-6 288088]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S4 HWDeviceService.exe;HWDeviceService.exe;"c:\documents and settings\all users\application data\datacardservice\hwdeviceservice.exe" -/service --> c:\documents and

settings\all users\application data\datacardservice\HWDeviceService.exe [?]
S4 LFKAS;Service of LFKA;c:\program files\lenovo\atk hotkey\LFKAS.exe [2010-2-4 208896]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S4 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-6-17 434864]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-06-30 20:32:12    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-06-30 20:31:12    35144    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-06-30 20:28:38    --------    d-----w-    c:\documents and settings\fahmy\local settings\application data\adawarebp
2013-06-30 20:21:54    --------    d-----w-    c:\windows\ERUNT
2013-06-30 20:21:36    --------    d-----w-    C:\JRT
2013-06-29 15:53:23    --------    d-----w-    c:\documents and settings\fahmy\application data\Malwarebytes
2013-06-29 15:53:15    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-06-29 15:53:14    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-29 15:53:14    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-06-27 17:48:40    41584    ----a-w-    c:\windows\system32\drivers\gfiark.sys
2013-06-27 17:33:33    --------    d-----w-    c:\documents and settings\all users\application data\Ad-Aware Antivirus
2013-06-27 17:26:24    --------    d-----w-    c:\program files\Ad-Aware Antivirus
2013-06-27 17:25:35    --------    d-----w-    c:\documents and settings\all users\application data\Downloaded Installations
2013-06-27 17:25:32    --------    d-----w-    c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2013-06-27 17:25:27    --------    d-----w-    c:\program files\Toolbar Cleaner
2013-06-27 17:24:10    --------    d-----w-    c:\documents and settings\fahmy\application data\LavasoftStatistics
2013-06-27 17:23:00    13560    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-06-27 17:22:58    --------    d-----w-    c:\documents and settings\fahmy\application data\Ad-Aware Antivirus
2013-06-26 15:46:17    --------    d-----w-    c:\windows\system32\NtmsData
.
==================== Find3M  ====================
.
2013-06-20 01:36:08    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-20 01:36:07    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30:06    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-05-07 22:30:05    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29    385024    ----a-w-    c:\windows\system32\html.iec
2013-05-03 01:30:20    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31:19    1876352    ----a-w-    c:\windows\system32\win32k.sys
2013-04-03 21:35:08    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 13:22:31.17 ===============


 

 

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

I followed the instructions for ComboFix up till the Recovery Console part but I wasn't asked for it? It continued on,restarted then i got a BSOD 'SESSION5_INITIALIZATION_FAILED' error. So i went into Safe Mode with networking, the ComboFix prompt came out and I obtained the log. After that, I tried restarted again, this time booting into Normal Mode and the BSOD went away....don't know if thats suppose to happen lol. Anyway's here's the log:

 

ComboFix 13-06-30.01 - Fahmy 07/02/2013  18:06:25.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.989.346 [GMT 8:00]
Running from: c:\documents and settings\Fahmy\My Documents\Downloads\ComboFix.exe
 * Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Fahmy\Application Data\7za.exe
c:\documents and settings\Fahmy\WINDOWS
c:\windows\system32\frapsvid.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-02 to 2013-07-02  )))))))))))))))))))))))))))))))
.
.
2013-06-30 20:32 . 2013-07-01 04:35    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-30 20:28 . 2013-07-01 04:35    --------    d-----w-    c:\documents and settings\Fahmy\Local Settings\Application Data\adawarebp
2013-06-30 20:21 . 2013-06-30 20:21    --------    d-----w-    c:\windows\ERUNT
2013-06-30 20:21 . 2013-06-30 20:21    --------    d-----w-    C:\JRT
2013-06-29 15:53 . 2013-06-29 15:53    --------    d-----w-    c:\documents and settings\Fahmy\Application Data\Malwarebytes
2013-06-29 15:53 . 2013-06-29 15:53    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-06-29 15:53 . 2013-06-29 15:53    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-06-29 15:53 . 2013-04-04 06:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-27 17:48 . 2013-04-11 03:06    41584    ----a-w-    c:\windows\system32\drivers\gfiark.sys
2013-06-27 17:33 . 2013-06-27 17:33    --------    d-----w-    c:\documents and settings\All Users\Application Data\Ad-Aware Antivirus
2013-06-27 17:26 . 2013-06-30 20:13    --------    d-----w-    c:\program files\Ad-Aware Antivirus
2013-06-27 17:25 . 2013-06-27 17:25    --------    d-----w-    c:\documents and settings\All Users\Application Data\Downloaded Installations
2013-06-27 17:25 . 2013-06-27 17:25    --------    d-----w-    c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2013-06-27 17:25 . 2013-06-27 17:25    --------    d-----w-    c:\program files\Toolbar Cleaner
2013-06-27 17:24 . 2013-06-30 20:13    --------    d-----w-    c:\documents and settings\Fahmy\Application Data\LavasoftStatistics
2013-06-27 17:23 . 2013-06-27 17:24    13560    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-06-27 17:22 . 2013-06-28 04:31    --------    d-----w-    c:\documents and settings\Fahmy\Application Data\Ad-Aware Antivirus
2013-06-26 15:46 . 2013-06-26 20:17    --------    d-----w-    c:\windows\system32\NtmsData
2013-06-09 11:12 . 2013-07-01 18:16    --------    d-----w-    c:\documents and settings\Fahmy\Application Data\vlc
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-20 01:36 . 2012-04-12 03:04    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-20 01:36 . 2011-06-20 05:03    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30 . 2004-08-04 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2004-08-04 12:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2004-08-04 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-04 12:00    385024    ----a-w-    c:\windows\system32\html.iec
2013-05-03 01:30 . 2004-08-04 12:00    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-03 22:59    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31 . 2004-08-04 12:00    1876352    ----a-w-    c:\windows\system32\win32k.sys
2013-04-03 21:35 . 2013-05-04 16:44    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-03 62240]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848]
"LFKA"="c:\program files\Lenovo\ATK Hotkey\LFKA.exe" [2008-04-16 315392]
"LCONTROL"="c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe" [2008-03-20 77824]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2013-05-15 554408]
"AutoStarter"="c:\documents and settings\All Users\Application Data\AutoStarter\AutoStarter.exe" [2013-06-30 1419328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2009-05-22 04:48    34080    ----a-w-    c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Fahmy^Start Menu^Programs^Startup^Funshion.lnk]
backup=c:\windows\pss\funshion.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Fahmy^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Fahmy\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Fahmy^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk]
backup=c:\windows\pss\ViiKiiDesktopPlugin.lnkStartup
path=c:\documents and settings\Fahmy\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Background Service
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2009-06-07 22:52    611712    ----a-w-    c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-11-10 15:36    3303000    ----a-w-    c:\documents and settings\Fahmy\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21    203928    ----a-w-    c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 05:08    59720    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStarter]
2013-06-30 11:06    1419328    ----a-w-    c:\documents and settings\All Users\Application Data\AutoStarter\AutoStarter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12    110592    ----a-w-    c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxoft Tools]
2010-12-15 08:21    514048    -c--a-w-    c:\documents and settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12    15360    ----a-w-    c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16    357696    ----a-w-    c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08    1259376    ----a-w-    c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
2008-10-08 10:38    256576    ------w-    c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus]
2013-06-19 03:38    9873200    ----a-w-    c:\program files\Garena Messenger\GarenaMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-14 11:17    136176    ----atw-    c:\documents and settings\Fahmy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 10:36    30040    -c--a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 04:35    152392    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 14:12    3872080    ----a-w-    c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44    70936    ----a-w-    c:\documents and settings\Fahmy\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 03:00    49152    -c--a-w-    c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
2010-08-24 17:28    517480    -c----w-    c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-24 19:12    421888    -c--a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanDiskSecureAccess_Manager.exe]
2011-06-29 02:56    27311232    ----a-w-    c:\documents and settings\Fahmy\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-11 23:32    253816    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-10 23:55    524288    ----a-w-    c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2008-04-10 23:56    122880    ----a-w-    c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
2010-07-01 11:25    337256    ----a-w-    c:\windows\system32\TpShocks.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2008-03-04 02:34    487424    -c--a-w-    c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"vpnagent"=2 (0x2)
"Updater Service for StartNow Toolbar"=2 (0x2)
"npggsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MSSQL$SQLEXPRESS"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LFKAS"=2 (0x2)
"HssWd"=2 (0x2)
"HssTrayService"=3 (0x3)
"HssSrv"=2 (0x2)
"hshld"=2 (0x2)
"gusvc"=3 (0x3)
"SUService"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"WSearch"=2 (0x2)
"HWDeviceService.exe"=2 (0x2)
"ServiceLayer"=3 (0x3)
"TVT Scheduler"=2 (0x2)
"idsvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Documents and Settings\\Fahmy\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Dassault Systemes\\B1925\\intel_a\\code\\bin\\orbixd.exe"=
"c:\\Program Files\\Dassault Systemes\\B1925\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Program Files\\Dassault Systemes\\B1925\\intel_a\\code\\bin\\CATSysDemon.exe"=
"c:\\Documents and Settings\\Fahmy\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Fahmy\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Garena Messenger\\Room\\garena_room.exe"=
"c:\\Program Files\\GarenaLoL\\GameData\\Apps\\LoL\\Air\\LolClient.exe"=
"c:\\Program Files\\GarenaLoL\\GameData\\Apps\\LoL\\Game\\League of Legends.exe"=
"c:\\Program Files\\WARP\\Binaries\\Win32\\Warp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\Mimo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Garena Messenger\\bbtalk\\BBTalk.exe"=
"c:\\Program Files\\Garena Messenger\\GarenaMessenger.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Garena Messenger\\UpdateManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"6896:TCP"= 6896:TCP:League of Legends Launcher
"6896:UDP"= 6896:UDP:League of Legends Launcher
"6930:TCP"= 6930:TCP:League of Legends Launcher
"6930:UDP"= 6930:UDP:League of Legends Launcher
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [6/28/2013 1:23 AM 13560]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/2/2010 1:50 PM 691696]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [6/16/2010 1:44 PM 20592]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [9/30/2012 4:51 PM 14656]
R1 FNETVDDA;FNETVDDA;c:\windows\system32\drivers\FNETVDDA.SYS [9/30/2012 4:51 PM 35552]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [5/13/2008 10:04 AM 13480]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [4/25/2007 12:52 AM 16688]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 8:00 PM 14336]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [11/28/2010 9:47 AM 20328]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [7/5/2010 8:39 PM 84608]
R2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [7/5/2010 8:39 PM 22016]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [11/27/2010 1:56 PM 53248]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [9/7/2011 11:46 PM 22016]
S3 bpenum;Intel® WiMAX Link Enumerator;c:\windows\system32\drivers\bpenum.sys [2/2/2009 10:39 AM 163840]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2/7/2010 12:08 PM 36608]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Fahmy\LOCALS~1\Temp\MPWBC.tmp --> c:\docume~1\Fahmy\LOCALS~1\Temp\MPWBC.tmp [?]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [6/28/2013 1:48 AM 41584]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Messenger\Room\safedrv.sys --> c:\program files\Garena Messenger\Room\safedrv.sys [?]
S3 hipeer20;Remobo Instant Private Network;c:\windows\system32\drivers\remobo32.sys [8/2/2010 5:01 AM 26112]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [9/7/2011 11:46 PM 22016]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [11/9/2011 2:38 AM 18432]
S3 tcpip helper;tcpip helper;\??\c:\program files\Garena Messenger\x86\tcpiphlp.sys --> c:\program files\Garena Messenger\x86\tcpiphlp.sys [?]
S3 TDEIO;TDEIO;c:\drivers\FLASH\6auj15us\TdeIo.sys [4/25/2008 7:18 AM 15488]
S4 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [10/6/2011 8:21 AM 288088]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
S4 HWDeviceService.exe;HWDeviceService.exe;"c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe" -/service --> c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [?]
S4 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [2/4/2010 10:21 AM 208896]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S4 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [6/17/2009 2:17 PM 434864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 01:36]
.
2013-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:57]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab6f4996ee4dc.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 08:56]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cab6f499d7cc54.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 08:56]
.
2013-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-796845957-1801674531-1003Core.job
- c:\documents and settings\Fahmy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-27 11:17]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-796845957-1801674531-1003UA.job
- c:\documents and settings\Fahmy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-27 11:17]
.
2011-05-06 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-01-07 07:56]
.
2011-09-13 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-11-27 17:28]
.
2013-07-01 c:\windows\Tasks\User_Feed_Synchronization-{120D770A-8978-4246-81DD-3348BA8BD31D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
2013-07-02 c:\windows\Tasks\User_Feed_Synchronization-{24EC0812-05FC-45CF-A35B-8710832E1608}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki...
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{42281D50-611A-4652-82C0-ED6485807A8B}: NameServer = 164.78.237.13,164.78.239.13
TCP: Interfaces\{95A970BB-78A2-40CF-94AB-8CF092328EC2}: NameServer = 10.79.32.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab

FF - ProfilePath - c:\documents and settings\Fahmy\Application Data\Mozilla\Firefox\Profiles\kfqewfqi.default\
FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{B3312915-9368-4FE4-8D4E-B60E5B36D0FF} - (no file)
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-iDownloader Task - c:\program files\iDownloader\IDStarter.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-02 19:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Fahmy\LOCALS~1\Temp\MPWBC.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1068)
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
- - - - - - - > 'explorer.exe'(2952)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-07-02  19:16:10 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-02 11:15
.
Pre-Run: 4,410,531,840 bytes free
Post-Run: 4,434,776,064 bytes free
.
- - End Of File - - 0C37D7963E4C7215861B108188560E84
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites

It is due to malware infection.

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

  • Link 2

    Link 3

    Link 4

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • RKill log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Fahmy on Tue 07/02/2013 at 20:11:36.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Fahmy\Local Settings\Application Data\adawarebp"



~~~ FireFox

Emptied folder: C:\Documents and Settings\Fahmy\Application Data\mozilla\firefox\profiles\kfqewfqi.default\minidumps [11 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/02/2013 at 20:14:01.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v2.303 - Logfile created 07/02/2013 at 20:17:52
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Fahmy - DSMAE-NB1003059
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Fahmy\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-GB)

File : C:\Documents and Settings\Fahmy\Application Data\Mozilla\Firefox\Profiles\kfqewfqi.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Documents and Settings\Fahmy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [5386 octets] - [01/07/2013 04:25:22]
AdwCleaner[s2].txt - [959 octets] - [02/07/2013 20:17:52]

########## EOF - C:\AdwCleaner[s2].txt - [1018 octets] ##########
 

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/02/2013 08:26:23 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

Checking Windows Service Integrity:

 * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [incorrect ImagePath]

Searching for Missing Digital Signatures:

 * C:\windows\System32\drivers\mqac.sys [NoSig]
 +-> C:\windows\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 07:30 PM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
 +-> C:\windows\ServicePackFiles\i386\mqac.sys : 92,544 : 04/14/2008 00:39 AM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
 +-> C:\windows\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 07:48 PM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 07/02/2013 08:27:45 PM
Execution time: 0 hours(s), 1 minute(s), and 22 seconds(s)
 

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\System Volume Information\_restore{0413713D-67DB-4455-968A-CC1124625479}\RP885\A0289437.dll    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{0413713D-67DB-4455-968A-CC1124625479}\RP885\A0289439.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.