Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93124 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Computer Auto Shutting Down, Malwarebyte's finding RootKit.0Access

Started by Socram484 , Jun 24 2012 01:59 AM

  • This topic is locked This topic is locked
27 replies to this topic

#16 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 26 June 2012 - 05:26 AM

Hi,

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
----------

In your next reply please post the logs made by Malwarebytes and ESET online scanner. :)
Posted Image
 
 

    Advertisements

Register to Remove

#17 Socram484

Socram484

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 26 June 2012 - 07:49 AM

I'm leaving the ESET scanner running while I am at work, but here is a clean Malwarebyte's Quick Scan. Thank you so much for your help so far! The auto-restarts have appeared to have stopped and things seems to running overall a lot better already. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.23.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Marcos :: MARCOS-PC [administrator] Protection: Enabled 6/26/2012 8:42:45 AM mbam-log-2012-06-26 (08-42-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208822 Time elapsed: 2 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

#18 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 26 June 2012 - 08:37 AM

Great! Glad to hear things are getting better with your system. When you get the ESET scan be sure to post that and we will go from there. :)
Posted Image
 
 

#19 Socram484

Socram484

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 26 June 2012 - 05:40 PM

Not so much luck with this one. Although I see quite a few false positives. ESETSmartInstaller@High as downloader log: all ok # version=7 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=0ff624cc35c27149aaa3b89b5614789e # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-26 04:02:32 # local_time=2012-06-26 11:02:32 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 28185226 92262289 0 0 # compatibility_mode=8192 67108863 100 0 10862203 10862203 0 0 # scanned=678321 # found=23 # cleaned=0 # scan_time=7713 C:\Qoobox\Quarantine\C\Users\Marcos\AppData\Local\{5289e239-1d10-a468-cbdf-061c682fa27e}\n.vir Win64/Sirefef.W trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\Marcos\AppData\Local\{5289e239-1d10-a468-cbdf-061c682fa27e}\U\00000001.@.vir Win64/Sirefef.AI trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\Marcos\AppData\Local\{5289e239-1d10-a468-cbdf-061c682fa27e}\U\80000000.@.vir Win64/Sirefef.AE trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Windows\Installer\{5289e239-1d10-a468-cbdf-061c682fa27e}\n.vir Win64/Sirefef.W trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Windows\Installer\{5289e239-1d10-a468-cbdf-061c682fa27e}\U\00000001.@.vir Win64/Sirefef.AI trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Windows\Installer\{5289e239-1d10-a468-cbdf-061c682fa27e}\U\80000000.@.vir Win64/Sirefef.AE trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan (unable to clean) 00000000000000000000000000000000 I C:\TDSSKiller_Quarantine\10.02.2012_02.45.25\tdlfs0000\tsk0000.dta a variant of Win32/Kryptik.BMZ trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7FWME2B\brand_psf20[1].htm JS/Iframe.CV trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYFBDFAY\brand_psf20[1].htm JS/Iframe.CV trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7FWME2B\brand_psf20[1].htm JS/Iframe.CV trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYFBDFAY\brand_psf20[1].htm JS/Iframe.CV trojan (unable to clean) 00000000000000000000000000000000 I E:\Downloads\MinerWars_01_074_006_Setup.exe Win32/TrojanDownloader.Autoit.NGW trojan (unable to clean) 00000000000000000000000000000000 I E:\Programs\Steam\steamapps\common\borderlands\Prerequisites\LangSelect.exe a variant of Win32/Expiro.T virus (unable to clean) 00000000000000000000000000000000 I E:\Programs\Steam\steamapps\common\grand theft auto san andreas\gta-sa.exe a variant of Win32/Expiro.T virus (unable to clean) 00000000000000000000000000000000 I E:\Programs\Steam\steamapps\common\grand theft auto san andreas\testapp.exe a variant of Win32/Expiro.T virus (unable to clean) 00000000000000000000000000000000 I E:\Programs\Steam\steamapps\common\grand theft auto vice city\gta-vc.exe a variant of Win32/Expiro.T virus (unable to clean) 00000000000000000000000000000000 I E:\Programs\Steam\steamapps\common\grand theft auto vice city\testapp.exe a variant of Win32/Expiro.T virus (unable to clean) 00000000000000000000000000000000 I E:\Programs\Steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe a variant of Win32/Expiro.T virus (unable to clean) 00000000000000000000000000000000 I E:\Programs\Steam\steamapps\common\trackmania nations forever\testapp.exe a variant of Win32/Expiro.T virus (unable to clean) 00000000000000000000000000000000 I E:\Programs\Steam\steamapps\common\trackmania nations forever\TmForever.exe a variant of Win32/Expiro.T virus (unable to clean) 00000000000000000000000000000000 I E:\Programs\Steam\steamapps\socram484\source sdk base\hl2.exe a variant of Win32/Expiro.T virus (unable to clean) 00000000000000000000000000000000 I E:\Programs\Steam\steamapps\socram484\source sdk base 2007\hl2.exe a variant of Win32/Expiro.T virus (unable to clean) 00000000000000000000000000000000 I

#20 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 26 June 2012 - 06:19 PM

Hi,

Let's get a different look.

Download CKScanner by askey127 from Here & save it to your Desktop.
  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
----------
Posted Image
 
 

#21 Socram484

Socram484

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 26 June 2012 - 08:58 PM

I never understood this scan, it seems like it just searches for files that contain key or crack in the file name... more false positives. CKScanner - Additional Security Risks - These are not necessarily bad c:\program files\autodesk\maya2012\brushes\fun\cracks.mel c:\program files\autodesk\maya2012\brushes\fun\cracks.mel.icon c:\program files\autodesk\maya2012\presets\nparticles\examples\crackegg.ma c:\program files\autodesk\maya2012\presets\nparticles\examples\.mayaswatches\crackegg.ma.swatch c:\program files\autodesk\maya2012\resources\l10n\ja_jp\scripts\crackshatter.res.mel c:\program files\autodesk\maya2012\scripts\others\crackshatter.mel c:\program files\autodesk\maya2012\scripts\others\crackshatter.res.mel c:\program files (x86)\android\android-sdk\docs\reference\java\security\spec\rsakeygenparameterspec.html c:\program files (x86)\android\android-sdk\docs\reference\javax\crypto\keygenerator.html c:\program files (x86)\android\android-sdk\docs\reference\javax\crypto\keygeneratorspi.html c:\program files (x86)\android\android-sdk\sources\android-15\java\security\spec\rsakeygenparameterspec.java c:\program files (x86)\android\android-sdk\sources\android-15\javax\crypto\keygenerator.java c:\program files (x86)\android\android-sdk\sources\android-15\javax\crypto\keygeneratorspi.java c:\program files (x86)\android\android-sdk\sources\android-15\org\apache\harmony\crypto\tests\javax\crypto\keygeneratorspitest.java c:\program files (x86)\android\android-sdk\sources\android-15\org\apache\harmony\crypto\tests\javax\crypto\keygeneratortest.java c:\program files (x86)\android\android-sdk\sources\android-15\org\apache\harmony\crypto\tests\javax\crypto\func\keygeneratorfunctionaltest.java c:\program files (x86)\android\android-sdk\sources\android-15\org\apache\harmony\crypto\tests\javax\crypto\func\keygeneratorthread.java c:\program files (x86)\android\android-sdk\sources\android-15\org\apache\harmony\crypto\tests\support\mykeygeneratorspi.java c:\program files (x86)\common files\native instruments\shared content\sounds\massive\crackle carl.ksd c:\program files (x86)\common files\native instruments\shared content\sounds\massive\digitoy crackle.ksd c:\program files (x86)\data realms\cortex command\base.rte\activities\unused\coalition crackdown.lua c:\program files (x86)\digipen\nitronic rush\effects\tvscreen_cracked.fx c:\program files (x86)\digipen\nitronic rush\effects\tvscreen_cracked.fxo c:\program files (x86)\digipen\nitronic rush\textures\cracked_diff.tga c:\program files (x86)\digipen\nitronic rush\textures\cracked_norm.tga c:\program files (x86)\digipen\nitronic rush\textures\road_crack_diff.tga c:\program files (x86)\digipen\nitronic rush\textures\road_crack_emit.tga c:\program files (x86)\microsoft directx sdk (june 2010)\samples\c++\direct3d\uvatlas\crackdecl.cpp c:\program files (x86)\microsoft directx sdk (june 2010)\samples\c++\direct3d\uvatlas\crackdecl.h c:\program files (x86)\wolfire\overgrowth\data\objects\sounds\icecrack.xml c:\program files (x86)\wolfire\overgrowth\data\sounds\ambient\amb_ice_crack.xml c:\program files (x86)\wolfire\overgrowth\data\textures\terrain\detailtextures\cracked_ground.tga_converted.dds c:\program files (x86)\wolfire\overgrowth\data\textures\terrain\detailtextures\cracked_ground_normal.tga_converted.dds c:\users\marcos\desktop\project zomboid v0.2.0q\media\sound\crackwood.ogg c:\users\marcos\documents\ableton\library\presets\audio effects\vinyl distortion\crack.adv scanner sequence 3.ZZ.11.IXCANI ----- EOF -----

#22 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 27 June 2012 - 05:30 AM

Hi,

Thanks for getting me that. :)
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    ClearJavaCache::

File::
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7FWME2B\brand_psf20[1].htm	
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYFBDFAY\brand_psf20[1].htm	
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7FWME2B\brand_psf20[1].htm	
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYFBDFAY\brand_psf20[1].htm	
E:\Downloads\MinerWars_01_074_006_Setup.exe	
E:\Programs\Steam\steamapps\common\borderlands\Prerequisites\LangSelect.exe	
E:\Programs\Steam\steamapps\common\grand theft auto san andreas\gta-sa.exe	
E:\Programs\Steam\steamapps\common\grand theft auto san andreas\testapp.exe	
E:\Programs\Steam\steamapps\common\grand theft auto vice city\gta-vc.exe	
E:\Programs\Steam\steamapps\common\grand theft auto vice city\testapp.exe	
E:\Programs\Steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe	
E:\Programs\Steam\steamapps\common\trackmania nations forever\testapp.exe	
E:\Programs\Steam\steamapps\common\trackmania nations forever\TmForever.exe	
E:\Programs\Steam\steamapps\socram484\source sdk base\hl2.exe	
E:\Programs\Steam\steamapps\socram484\source sdk base 2007\hl2.exe
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
Posted Image
 
 

#23 Socram484

Socram484

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 28 June 2012 - 10:57 AM

ComboFix 12-06-28.01 - Marcos 06/28/2012 11:35:28.7.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6412 [GMT -5:00] Running from: c:\users\Marcos\Desktop\vageta.com.exe Command switches used :: c:\users\Marcos\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7FWME2B\brand_psf20[1].htm" "c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYFBDFAY\brand_psf20[1].htm" "c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7FWME2B\brand_psf20[1].htm" "c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYFBDFAY\brand_psf20[1].htm" "e:\downloads\MinerWars_01_074_006_Setup.exe" "e:\programs\Steam\steamapps\common\borderlands\Prerequisites\LangSelect.exe" "e:\programs\Steam\steamapps\common\grand theft auto san andreas\gta-sa.exe" "e:\programs\Steam\steamapps\common\grand theft auto san andreas\testapp.exe" "e:\programs\Steam\steamapps\common\grand theft auto vice city\gta-vc.exe" "e:\programs\Steam\steamapps\common\grand theft auto vice city\testapp.exe" "e:\programs\Steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe" "e:\programs\Steam\steamapps\common\trackmania nations forever\testapp.exe" "e:\programs\Steam\steamapps\common\trackmania nations forever\TmForever.exe" "e:\programs\Steam\steamapps\socram484\source sdk base 2007\hl2.exe" "e:\programs\Steam\steamapps\socram484\source sdk base\hl2.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7FWME2B\brand_psf20[1].htm c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYFBDFAY\brand_psf20[1].htm e:\downloads\MinerWars_01_074_006_Setup.exe e:\programs\Steam\steamapps\common\borderlands\Prerequisites\LangSelect.exe e:\programs\Steam\steamapps\common\grand theft auto san andreas\gta-sa.exe e:\programs\Steam\steamapps\common\grand theft auto san andreas\testapp.exe e:\programs\Steam\steamapps\common\grand theft auto vice city\gta-vc.exe e:\programs\Steam\steamapps\common\grand theft auto vice city\testapp.exe e:\programs\Steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe e:\programs\Steam\steamapps\common\trackmania nations forever\testapp.exe e:\programs\Steam\steamapps\common\trackmania nations forever\TmForever.exe e:\programs\Steam\steamapps\socram484\source sdk base 2007\hl2.exe e:\programs\Steam\steamapps\socram484\source sdk base\hl2.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 ))))))))))))))))))))))))))))))) . . 2012-06-28 16:42 . 2012-06-28 16:42 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-06-28 16:42 . 2012-06-28 16:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-27 03:54 . 2012-06-27 03:54 -------- d-----w- c:\program files\KeyShot3 2012-06-27 02:51 . 2008-01-30 22:36 90112 ----a-w- c:\windows\unvise32.exe 2012-06-27 02:51 . 2012-06-27 02:51 -------- d-----w- c:\users\Marcos\AppData\Local\Datacolor 2012-06-27 02:50 . 2012-06-27 02:51 -------- d-----w- c:\program files (x86)\Datacolor 2012-06-25 06:45 . 2012-06-25 06:45 -------- d-----w- c:\program files (x86)\MagicalTimeBean 2012-06-25 06:09 . 2012-06-25 06:09 -------- d-----w- c:\program files (x86)\ExamDiff 2012-06-23 17:14 . 2012-06-23 17:14 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-06-23 17:14 . 2012-06-14 22:20 85472 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll 2012-06-23 17:14 . 2012-06-14 22:20 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-06-23 17:14 . 2012-06-14 22:20 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-06-23 17:14 . 2012-06-14 22:19 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-23 17:14 . 2012-06-14 22:19 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-18 23:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-18 23:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-18 23:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-18 23:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-18 23:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-18 23:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-18 23:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-18 23:12 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-18 23:12 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-13 23:48 . 2012-06-13 23:48 -------- d-----w- c:\users\Marcos\AppData\Local\Macromedia 2012-06-10 19:09 . 2012-06-10 21:38 -------- d-----w- c:\users\Marcos\AppData\Roaming\Mathematica 2012-06-10 19:09 . 2012-06-10 19:24 -------- d-----w- c:\users\Marcos\AppData\Local\Mathematica 2012-06-10 18:59 . 2011-02-24 00:40 465936 ----a-w- c:\windows\system32\mltcpip64.mlp 2012-06-10 18:59 . 2011-02-24 00:40 103440 ----a-w- c:\windows\system32\mltcp64.mlp 2012-06-10 18:59 . 2011-02-24 00:40 99344 ----a-w- c:\windows\system32\mlshm64.mlp 2012-06-10 18:59 . 2011-02-24 00:40 203792 ----a-w- c:\windows\system32\mlmodule64.dll 2012-06-10 18:59 . 2011-02-24 00:40 436240 ----a-w- c:\windows\system32\ml64i3.dll 2012-06-10 18:59 . 2011-02-24 00:40 302608 ----a-w- c:\windows\system32\ml64i2.dll 2012-06-09 18:50 . 2012-06-09 18:50 -------- d-----w- c:\program files\Common Files\Wolfram Research 2012-06-09 18:50 . 2012-06-09 18:50 -------- d-----w- c:\program files (x86)\Common Files\ResearchSoft 2012-06-09 18:47 . 2012-06-09 18:50 -------- d-----w- c:\program files (x86)\Common Files\Wolfram Research 2012-06-09 18:47 . 2012-06-10 19:25 -------- d-----w- c:\programdata\Mathematica 2012-06-09 18:47 . 2011-10-03 23:45 334352 ----a-w- c:\windows\SysWow64\mltcpip32.mlp 2012-06-09 18:47 . 2011-10-03 23:45 93712 ----a-w- c:\windows\SysWow64\mltcp32.mlp 2012-06-09 18:47 . 2011-10-03 23:45 88080 ----a-w- c:\windows\SysWow64\mlshm32.mlp 2012-06-09 18:47 . 2011-10-03 23:45 163344 ----a-w- c:\windows\SysWow64\mlmodule32.dll 2012-06-09 18:47 . 2011-10-03 23:45 79376 ----a-w- c:\windows\SysWow64\mlmap32.mlp 2012-06-09 18:47 . 2011-10-03 23:45 370704 ----a-w- c:\windows\SysWow64\ml32i3.dll 2012-06-09 18:47 . 2011-10-03 23:45 260112 ----a-w- c:\windows\SysWow64\ml32i2.dll 2012-06-09 18:47 . 2011-10-03 23:45 253968 ----a-w- c:\windows\SysWow64\ml32i1.dll 2012-06-09 18:46 . 2012-06-09 18:46 -------- d-----w- c:\program files (x86)\Wolfram Research 2012-06-07 06:09 . 2012-06-07 06:09 -------- d-----w- c:\users\Marcos\AppData\Local\DDMSettings 2012-06-07 06:00 . 2012-06-07 06:00 -------- d-----w- c:\users\Marcos\AppData\Roaming\DivX 2012-06-07 05:59 . 2012-06-07 05:59 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine 2012-06-07 05:59 . 2012-06-07 05:59 -------- d-----w- c:\program files\DivX 2012-06-07 05:59 . 2012-06-07 05:59 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared 2012-06-07 05:58 . 2012-06-07 06:00 -------- d-----w- c:\program files (x86)\DivX 2012-06-07 05:57 . 2012-06-07 06:08 -------- d-----w- c:\programdata\DivX 2012-06-06 04:04 . 2012-06-06 04:04 -------- d-----w- c:\users\Marcos\AppData\Local\Redlynx 2012-06-06 04:03 . 2012-06-06 04:05 -------- d-----w- c:\program files (x86)\Trials 2 Second Edition 2012-06-03 02:46 . 2012-06-03 02:46 -------- d-----w- c:\windows\system32\appmgmt 2012-06-03 01:59 . 2012-06-03 02:47 111960 ----a-w- c:\windows\dxsdkuninst.exe 2012-06-03 01:59 . 2012-06-03 02:02 -------- d-----w- c:\program files (x86)\Microsoft DirectX SDK (June 2010) 2012-06-01 19:42 . 2012-06-01 19:42 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-05-31 18:05 . 2012-05-31 18:05 -------- d-----w- c:\program files\7-Zip 2012-05-31 18:02 . 2012-05-31 18:02 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-05-31 18:02 . 2012-05-31 18:02 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll 2012-05-31 18:02 . 2012-05-31 18:02 -------- d-----w- C:\usb_driver 2012-05-31 17:44 . 2012-05-31 17:44 -------- d-----w- c:\users\Marcos\AppData\Local\Wondershare 2012-05-31 17:44 . 2012-05-31 17:44 -------- d-----w- c:\program files (x86)\Common Files\Wondershare 2012-05-31 17:44 . 2012-05-31 17:44 -------- d-----w- c:\users\Marcos\AppData\Roaming\Wondershare 2012-05-31 17:44 . 2012-05-31 17:44 -------- d-----w- c:\program files (x86)\Wondershare 2012-05-31 16:52 . 2011-06-02 05:47 177640 ----a-w- c:\windows\system32\drivers\ssadmdm.sys 2012-05-31 16:52 . 2011-06-02 05:47 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys 2012-05-31 16:52 . 2011-06-02 05:47 157672 ----a-w- c:\windows\system32\drivers\ssadbus.sys 2012-05-31 16:52 . 2011-06-02 05:47 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys 2012-05-31 16:52 . 2011-06-02 05:47 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys 2012-05-31 16:52 . 2010-12-21 05:55 36328 ----a-w- c:\windows\system32\drivers\ssadadb.sys 2012-05-31 16:52 . 2010-12-21 05:55 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys 2012-05-31 16:52 . 2010-12-21 05:55 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys 2012-05-31 16:52 . 2010-12-21 05:55 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys 2012-05-31 16:52 . 2010-12-21 05:55 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys 2012-05-31 16:52 . 2010-12-21 05:55 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys 2012-05-31 16:24 . 2012-05-23 23:49 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll 2012-05-31 16:06 . 2012-05-31 16:06 -------- d-----w- c:\program files\CCleaner . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 16:55 . 2012-04-26 01:11 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-23 16:55 . 2011-07-04 21:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-23 23:50 . 2011-08-27 18:51 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll 2012-05-23 23:49 . 2012-05-23 23:49 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2012-05-23 23:49 . 2012-05-23 23:49 325552 ----a-w- c:\windows\MASetupCaller.dll 2012-05-23 23:49 . 2012-05-23 23:49 30568 ----a-w- c:\windows\MusiccityDownload.exe 2012-05-23 23:49 . 2012-05-23 23:49 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll 2012-05-15 06:17 . 2011-07-07 06:17 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2012-05-15 06:17 . 2011-07-07 06:17 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2012-05-15 06:17 . 2011-07-07 06:17 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-05-15 06:17 . 2011-07-07 06:17 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-05-05 05:18 . 2012-04-26 01:18 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-04 20:56 . 2012-01-20 18:32 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2012-02-06 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2012-02-06 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll . ((((((((((((((((((((((((((((( SnapShot@2012-06-24_23.38.54 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-04 20:48 . 2012-06-28 16:45 61782 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-28 16:45 28460 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2012-06-24 23:41 28460 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-07-04 19:57 . 2012-06-28 16:45 20778 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1943473726-2824459890-2441723098-1000_UserData.bin - 2009-07-14 05:30 . 2012-05-31 18:32 86016 c:\windows\system32\DriverStore\infpub.dat + 2009-07-14 05:30 . 2012-06-27 03:04 86016 c:\windows\system32\DriverStore\infpub.dat + 2011-07-12 20:00 . 2011-06-02 20:56 15360 c:\windows\system32\DriverStore\FileRepository\spyder4.inf_amd64_neutral_7196bd54599a549c\amd64\dccmtr.sys + 2011-07-12 20:00 . 2011-06-02 20:56 15360 c:\windows\system32\drivers\dccmtr.sys - 2011-07-04 21:08 . 2012-06-24 23:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-07-04 21:08 . 2012-06-28 16:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:46 . 2012-06-25 13:22 90152 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2011-07-04 21:08 . 2012-06-24 23:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-07-04 21:08 . 2012-06-28 16:45 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-07-04 21:08 . 2012-06-24 23:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-07-04 21:08 . 2012-06-28 16:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-07-04 21:08 . 2012-06-24 23:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-07-04 21:08 . 2012-06-28 16:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-07-04 21:08 . 2012-06-24 23:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-07-04 21:08 . 2012-06-28 16:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-07-05 08:51 . 2012-06-27 07:34 3036 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2012-06-24 23:38 . 2012-06-24 23:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-28 16:43 . 2012-06-28 16:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-28 16:43 . 2012-06-28 16:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-24 23:38 . 2012-06-24 23:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-06-24 08:06 726452 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-27 14:21 726452 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-06-24 08:06 146470 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-06-27 14:21 146470 c:\windows\system32\perfc009.dat + 2009-07-14 05:30 . 2012-06-27 03:04 239616 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-05-31 18:32 239616 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2012-06-27 02:51 143360 c:\windows\system32\DriverStore\infstor.dat - 2009-07-14 05:30 . 2012-05-31 18:32 143360 c:\windows\system32\DriverStore\infstor.dat - 2011-07-04 20:37 . 2012-06-24 23:38 901120 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-07-04 20:37 . 2012-06-28 16:43 901120 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 05:01 . 2012-06-24 23:37 397868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-06-28 16:43 397868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-02-20 04:08 . 2011-02-20 04:08 163840 c:\windows\Installer\ab19b2.msi + 2011-02-20 03:57 . 2011-02-20 03:57 177664 c:\windows\Installer\aaf35d.msi + 2012-06-15 19:18 . 2012-06-15 19:18 664576 c:\windows\Installer\9c9b6a.msi + 2012-06-25 06:45 . 2012-06-25 06:45 112303 c:\windows\Installer\{B7417088-3CD3-49E9-990A-6E84C04BC800}\EscapeGoatIcon.exe + 2011-07-12 20:00 . 2011-06-23 14:46 1912800 c:\windows\system32\WdfCoinstaller01001.dll + 2011-07-12 20:00 . 2011-06-23 14:46 1912800 c:\windows\system32\DriverStore\FileRepository\spyder4.inf_amd64_neutral_7196bd54599a549c\amd64\WdfCoinstaller01001.dll + 2012-02-21 16:56 . 2012-06-28 16:43 9928704 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-02-21 16:56 . 2012-06-24 23:38 9928704 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-24 23:38 7389184 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-06-28 16:43 7389184 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:45 . 2012-06-25 13:21 5976658 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-06-02 17:26 5976658 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2012-06-24 18:34 . 2012-06-24 18:34 7937024 c:\windows\Installer\36d8ab.msi + 2011-07-04 20:40 . 2012-06-28 08:27 14913548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1943473726-2824459890-2441723098-1000-12288.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SpyderUtility.lnk - c:\program files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe [2012-2-8 8241767] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer8"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328] R3 ANTS Memory Profiler 7 Service;ANTS Memory Profiler 7 Service;c:\program files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe [2012-01-16 164792] R3 ANTS Performance Profiler 6 Service;ANTS Performance Profiler 6 Service;c:\program files\Red Gate\ANTS Performance Profiler 6\RedGate.Profiler.IISService.exe [2012-01-16 145408] R3 AXIOM;Service for M-Audio Axiom;c:\windows\system32\DRIVERS\MAudioAxiom.sys [2010-02-19 137736] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-04 1431888] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-07-14 30192] R3 MAUSBPRODUCER;Service for M-Audio Producer;c:\windows\system32\DRIVERS\MAudioProducer.sys [2010-03-09 187912] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 Spyder4;Datacolor Spyder4;c:\windows\system32\DRIVERS\dccmtr.sys [2011-06-02 15360] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-11-02 13312] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-06 1255736] R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [2011-01-31 49256] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 3d-io License Server v2.0;3d-io License Server v2.0;c:\program files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2011-03-31 34816] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AxiomAudioDevMon;Axiom Audio Device Monitor;c:\program files (x86)\M-Audio\Axiom\AudioDevMon.exe [2010-02-19 1632776] S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-07-06 2304912] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-06-24 8704] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848] S3 balancesvc;Propellerhead Balance Driver;c:\windows\system32\DRIVERS\balance.sys [2011-08-18 204160] S3 BalanceWdmService;Balance Wdm Audio;c:\windows\system32\DRIVERS\BalanceWdm.sys [2011-08-18 112000] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [2009-06-02 438784] . . Contents of the 'Scheduled Tasks' folder . 2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 16:55] . 2012-06-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1943473726-2824459890-2441723098-1000Core.job - c:\users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 20:07] . 2012-06-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1943473726-2824459890-2441723098-1000UA.job - c:\users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 20:07] . 2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1943473726-2824459890-2441723098-1000Core.job - c:\users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 18:04] . 2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1943473726-2824459890-2441723098-1000UA.job - c:\users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 18:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AtiPcie . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\81uu70zs.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1943473726-2824459890-2441723098-1000\Software\SecuROM\License information*] "datasecu"=hex:48,3d,44,b1,2b,cd,bd,b0,f5,3a,d9,c8,ec,44,6a,ec,b4,58,2a,16,52, db,68,43,df,c5,d4,88,4d,46,b1,0d,90,06,67,81,a3,09,55,a5,f7,ab,53,66,40,b0,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Completion time: 2012-06-28 11:52:43 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-28 16:52 ComboFix2.txt 2012-06-26 01:53 ComboFix3.txt 2012-06-24 23:46 . Pre-Run: 12,426,874,880 bytes free Post-Run: 10,408,275,968 bytes free . - - End Of File - - 0EDF9C147F452979051C55AEA1349730

#24 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 28 June 2012 - 11:48 AM

How is your system running?
Posted Image
 
 

#25 Socram484

Socram484

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 28 June 2012 - 02:54 PM

It appears to be running great, no more signs of malware.

    Advertisements

Register to Remove

#26 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 28 June 2012 - 03:50 PM

Great! Glad to hear it.

You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader X (10.1.2) first. Be sure to move any PDF documents to another folder first though.
----------

Please download JavaRa to your desktop and unzip it to its own
folder
  • Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then
    click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest
    Java Runtime Environment (JRE) version for your computer.
----------

In your next reply please let me know if you have any problems with the above instructions.
Posted Image
 
 

#27 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 30 June 2012 - 01:26 PM

Hi, Are you still with me? :)
Posted Image
 
 

#28 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 01 July 2012 - 12:00 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
Posted Image
 
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·