Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected with Virus:Win32/Sirefef.R

Started by alvarez1124 , Aug 20 2012 02:59 PM

  • This topic is locked This topic is locked
3 replies to this topic

#1 alvarez1124

alvarez1124

    New Member

  • Members
  • Pip
  • 1 posts

Posted 20 August 2012 - 02:59 PM

Hi:
My computer got infected and everytime i boot Microsoft Security Essential detects 2 infected files and it asks me to reboot. 2 of the files i noticed were Virus:win32/Sirefef.r and Trojan:win32/sirefef.al. Below is the FRST scan result.
Please help me :(


Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 19-08-2012 01
Ran by SYSTEM at 20-08-2012 15:14:43
Running from H:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2012-04-02] (LogMeIn, Inc.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1808784 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Philips Device Listener] "C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [375296 2010-05-27] ()
HKLM\...\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.)
HKLM\...\Run: [com2tcp] C:\Program Files\com0com\hstart.exe /NOCONSOLE "C:\Program Files\com0com\com2tcp.exe --telnet \\.\CNCA0 vcom.batnoc.com 6666" [x]
HKLM\...\Run: [vcomcli] C:\Program Files\com0com\vcomcli.exe [171008 2010-07-22] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [240112 2009-07-24] (Sonic Solutions)
HKLM\...\Run: [CPMonitor] "C:\Program Files\Roxio 2010\5.0\CPMonitor.exe" [84464 2009-07-21] ()
HKLM\...\Run: [Desktop Disc Tool] "C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-22] ()
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]
HKLM\...\Run: [] [x]
HKLM\...\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" [1095560 2012-07-26] (Spigot, Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\LogMeInRemoteUser\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\Owner\...\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-26] (Google Inc.)
HKU\Owner\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Owner\...\Run: [WinFLTray] C:\Windows\system32\WinFLTray.exe [321736 2012-07-10] ( New Softwares.net)
HKU\Owner\...\Run: [FLBackup] C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe [276168 2012-07-10] (New Softwares.net)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\..\Interfaces\{9AF6EF50-F1D9-4B0C-8313-DCEE78E66D7E}: [NameServer]10.1.10.1

================================ Services (Whitelisted) ==================

2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [457200 2009-06-02] ()
2 Application Updater; "C:\Program Files\Application Updater\ApplicationUpdater.exe" [794560 2012-07-26] (Spigot, Inc.)
2 CinemaNow Service; C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [127352 2009-06-23] (CinemaNow, Inc.)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 FLService; C:\Windows\system32\WinFLService.exe [91336 2012-07-10] (New Softwares.net)
2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [309760 2011-01-25] (Microsoft Corporation)
2 LMIGuardianSvc; "C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe" [374184 2012-07-11] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files\LogMeIn\x86\RaMaint.exe" [136616 2012-07-11] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files\LogMeIn\x86\LogMeIn.exe" [390528 2012-04-02] (LogMeIn, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
3 RoxMediaDB12; "C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe" [1116656 2009-07-24] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe" [219632 2009-07-24] (Sonic Solutions)
3 wampapache; "c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice [x]
3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe wampmysqld [x]

========================== Drivers (Whitelisted) =============

3 athrusb; C:\Windows\System32\DRIVERS\athrusb.sys [904192 2008-07-29] (Atheros Communications, Inc.)
3 com0com; C:\Windows\System32\DRIVERS\com0com.sys [61440 2009-12-14] (Vyacheslav Frolov)
3 iscFlash; \??\C:\SwSetup\sp45138\iscflash.sys [13312 2009-06-16] (Insyde Software)
3 libusb0; C:\Windows\System32\drivers\libusb0.sys [28160 2009-07-07] (http://libusb-win32.sourceforge.net)
2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2012-04-02] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [10144 2012-04-02] (LogMeIn, Inc.)
2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2012-04-02] (LogMeIn, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
1 MpKslb631f6cf; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{735458D8-BC55-4ABA-B189-8D2E18875643}\MpKslb631f6cf.sys [29904 2012-08-20] (Microsoft Corporation)
2 NEWDRIVER; \??\C:\Windows\system32\WinVDEdrv6.sys [188176 2012-07-10] ()
3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2011-07-21] (VSO Software)
0 SahdIa32; C:\Windows\System32\Drivers\SahdIa32.sys [21488 2009-06-01] (Sonic Solutions)
0 SaibIa32; C:\Windows\System32\Drivers\SaibIa32.sys [15856 2009-06-01] (Sonic Solutions)
1 SaibVd32; C:\Windows\System32\Drivers\SaibVd32.sys [25584 2009-06-01] (Sonic Solutions)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2011-10-04] (Duplex Secure Ltd.)
3 ss_bus; C:\Windows\System32\DRIVERS\ss_bus.sys [83592 2007-05-02] (MCCI Corporation)
3 ss_mdfl; C:\Windows\System32\DRIVERS\ss_mdfl.sys [15112 2007-05-02] (MCCI Corporation)
3 ss_mdm; C:\Windows\System32\DRIVERS\ss_mdm.sys [109704 2007-05-02] (MCCI Corporation)
1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2012-01-27] ()
1 vmm; \??\C:\Windows\system32\Drivers\vmm.sys [229224 2011-07-25] (Microsoft Corporation)
3 VPCNetS2; C:\Windows\System32\DRIVERS\VMNetSrv.sys [59960 2008-02-04] (Microsoft Corporation)
1 WinFLAdrv; C:\Windows\System32\WinFLAdrv.sys [29696 2012-07-10] ()
2 WinVDEDrv; \??\C:\Windows\system32\WinVDEdrv.sys [228112 2012-07-10] (NewSoftwares.net, Inc.)
4 LMIRfsClientNP; [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-20 15:14 - 2012-08-20 15:14 - 00000000 ____D C:\FRST
2012-08-20 10:08 - 2012-08-20 10:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-20 06:06 - 2012-08-20 06:06 - 00444022 ____A C:\Users\Owner\Downloads\L-579.psd
2012-08-15 09:16 - 2012-08-15 09:23 - 00000000 ____D C:\Users\Owner\Desktop\fmsite
2012-08-15 06:25 - 2012-08-15 06:25 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-11 08:43 - 2012-08-11 08:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Notepad++
2012-08-11 08:43 - 2012-08-11 08:43 - 00001023 ____A C:\Users\Owner\Desktop\Notepad++.lnk
2012-08-11 08:43 - 2012-08-11 08:43 - 00001023 ____A C:\Users\LogMeInRemoteUser\Desktop\Notepad++.lnk
2012-08-11 08:43 - 2012-08-11 08:43 - 00000000 ____D C:\Program Files\Notepad++
2012-08-08 09:44 - 2012-08-08 09:55 - 955088986 ____A C:\Users\Owner\Downloads\Microsoft Office 2011.dmg
2012-08-07 11:30 - 2012-08-16 11:25 - 00011860 ____A C:\Users\Owner\Desktop\Comcast Installation.xlsx
2012-08-07 11:30 - 2012-08-07 11:30 - 00000165 ___AH C:\Users\Owner\Desktop\~$Comcast Installation.xlsx
2012-08-07 10:38 - 2012-08-07 10:38 - 00000000 ____D C:\Users\Owner\Documents\NUNEZ
2012-08-07 09:16 - 2012-08-07 09:00 - 50631418 ____A C:\Users\Owner\Documents\NUNEZ.zip
2012-08-02 12:52 - 2012-08-02 12:53 - 00000000 ____D C:\Users\Owner\Downloads\SUPERAntiSpyware Professional 5.0.1150 Final Multilang
2012-08-01 09:57 - 2012-08-01 09:57 - 01134981 ____A C:\Users\Owner\Downloads\templatemo_343_green_jelly.zip
2012-08-01 09:57 - 2012-08-01 09:57 - 00000000 ____D C:\Users\Owner\Downloads\templatemo_343_green_jelly
2012-07-31 11:29 - 2012-07-28 10:27 - 00143336 ____A C:\Windows\Minidump\072812-24414-01.dmp
2012-07-31 11:29 - 2012-07-28 10:15 - 00143336 ____A C:\Windows\Minidump\072812-24429-01.dmp
2012-07-31 08:26 - 2012-07-31 08:26 - 00000000 ____D C:\Program Files\YTD Toolbar
2012-07-31 08:26 - 2012-07-31 08:26 - 00000000 ____D C:\Program Files\Common Files\Spigot
2012-07-31 08:26 - 2012-07-31 08:26 - 00000000 ____D C:\Program Files\Application Updater
2012-07-30 19:46 - 2012-07-30 19:46 - 00007668 ____N C:\Users\Owner\Desktop\index.html
2012-07-30 10:25 - 2012-07-30 10:25 - 00625696 ____A (InstallBrain) C:\Users\Owner\Downloads\BestCodecsPack.exe
2012-07-30 10:25 - 2012-07-30 10:25 - 00625696 ____A (InstallBrain) C:\Users\Owner\Downloads\BestCodecsPack (1).exe
2012-07-30 09:30 - 2012-07-30 09:37 - 00000000 ____D C:\Users\Owner\Downloads\FalconFour's Ultimate Boot CD v4.5
2012-07-30 07:32 - 2012-07-30 07:33 - 03702784 ____A C:\Users\Owner\Downloads\Windows Password Reset LiveCD.iso
2012-07-30 07:30 - 2012-07-30 07:30 - 00001213 ____A C:\Users\Public\Desktop\Windows Password Reset Professional Demo.lnk
2012-07-30 07:30 - 2012-07-30 07:30 - 00000000 ____D C:\Program Files\Windows Password Reset Professional Demo
2012-07-30 07:29 - 2012-07-30 07:30 - 29575203 ____A (Anmosoft, Inc. ) C:\Users\Owner\Downloads\WindowsPasswordResetProfessionalDemoSetup.exe
2012-07-29 10:07 - 2012-07-29 10:07 - 00000819 ____A C:\Users\Owner\Desktop\Invoices to Email - Shortcut.lnk
2012-07-27 09:09 - 2012-07-27 09:09 - 00000286 ____A C:\Users\Owner\Desktop\DINA-PC.url
2012-07-26 13:16 - 2012-07-26 13:17 - 00000000 ____D C:\Users\Owner\Downloads\Mastering CSS For Web Developer V413HAV
2012-07-26 13:16 - 2012-07-26 13:16 - 00000000 ____D C:\Users\Owner\Downloads\HTML And CSS - Design And Build Websites V413HAV
2012-07-26 13:16 - 2012-07-26 13:16 - 00000000 ____D C:\Users\Owner\Downloads\Course Technology HTML, XHTML and CSS Complete 6th (2011)
2012-07-24 11:48 - 2012-07-24 11:55 - 00012176 ____A C:\Users\Owner\Desktop\stylecontact.css
2012-07-24 06:48 - 2012-07-24 06:48 - 00000000 ____D C:\Users\Owner\AppData\Local\Macromedia
2012-07-23 07:27 - 2012-07-23 07:27 - 15519751 ____A C:\Users\Owner\Desktop\0002.mp4
2012-07-23 07:25 - 2012-07-23 07:25 - 00000000 ____D C:\Users\Owner\Documents\DVDFab

============ 3 Months Modified Files ========================

2012-08-20 11:01 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-20 10:59 - 2012-01-04 10:16 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-20 10:59 - 2011-03-23 14:13 - 01402270 ____A C:\Windows\WindowsUpdate.log
2012-08-20 10:59 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-20 10:59 - 2009-07-13 20:39 - 00052187 ____A C:\Windows\setupact.log
2012-08-20 10:41 - 2012-01-04 10:16 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-20 10:20 - 2012-04-11 06:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-20 10:18 - 2011-07-26 11:43 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-875760788-567163287-2491501109-1000UA.job
2012-08-20 10:08 - 2011-03-28 14:09 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-20 10:08 - 2011-03-23 11:49 - 01800192 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-20 08:18 - 2011-07-26 11:43 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-875760788-567163287-2491501109-1000Core.job
2012-08-20 07:31 - 2011-10-01 06:10 - 00001456 ____A C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-08-20 06:06 - 2012-08-20 06:06 - 00444022 ____A C:\Users\Owner\Downloads\L-579.psd
2012-08-19 15:03 - 2009-07-13 20:34 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-19 15:03 - 2009-07-13 20:34 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-19 14:54 - 2011-03-24 10:09 - 01825526 ____A C:\Windows\PFRO.log
2012-08-16 11:25 - 2012-08-07 11:30 - 00011860 ____A C:\Users\Owner\Desktop\Comcast Installation.xlsx
2012-08-14 11:20 - 2012-04-11 06:22 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-14 11:20 - 2011-07-21 06:46 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-14 10:20 - 2011-07-26 11:44 - 00002411 ____A C:\Users\Owner\Desktop\Google Chrome.lnk
2012-08-11 08:43 - 2012-08-11 08:43 - 00001023 ____A C:\Users\Owner\Desktop\Notepad++.lnk
2012-08-11 08:43 - 2012-08-11 08:43 - 00001023 ____A C:\Users\LogMeInRemoteUser\Desktop\Notepad++.lnk
2012-08-08 09:55 - 2012-08-08 09:44 - 955088986 ____A C:\Users\Owner\Downloads\Microsoft Office 2011.dmg
2012-08-07 11:30 - 2012-08-07 11:30 - 00000165 ___AH C:\Users\Owner\Desktop\~$Comcast Installation.xlsx
2012-08-07 09:00 - 2012-08-07 09:16 - 50631418 ____A C:\Users\Owner\Documents\NUNEZ.zip
2012-08-01 09:57 - 2012-08-01 09:57 - 01134981 ____A C:\Users\Owner\Downloads\templatemo_343_green_jelly.zip
2012-07-31 11:29 - 2012-06-06 13:12 - 00009925 ____A C:\Users\Owner\AppData\Local\Temp8.html
2012-07-31 11:29 - 2012-03-13 05:01 - 00002021 ____A C:\Users\Owner\AppData\Local\Temp1.html
2012-07-30 19:46 - 2012-07-30 19:46 - 00007668 ____N C:\Users\Owner\Desktop\index.html
2012-07-30 10:25 - 2012-07-30 10:25 - 00625696 ____A (InstallBrain) C:\Users\Owner\Downloads\BestCodecsPack.exe
2012-07-30 10:25 - 2012-07-30 10:25 - 00625696 ____A (InstallBrain) C:\Users\Owner\Downloads\BestCodecsPack (1).exe
2012-07-30 07:33 - 2012-07-30 07:32 - 03702784 ____A C:\Users\Owner\Downloads\Windows Password Reset LiveCD.iso
2012-07-30 07:30 - 2012-07-30 07:30 - 00001213 ____A C:\Users\Public\Desktop\Windows Password Reset Professional Demo.lnk
2012-07-30 07:30 - 2012-07-30 07:29 - 29575203 ____A (Anmosoft, Inc. ) C:\Users\Owner\Downloads\WindowsPasswordResetProfessionalDemoSetup.exe
2012-07-29 10:07 - 2012-07-29 10:07 - 00000819 ____A C:\Users\Owner\Desktop\Invoices to Email - Shortcut.lnk
2012-07-28 10:27 - 2012-07-31 11:29 - 00143336 ____A C:\Windows\Minidump\072812-24414-01.dmp
2012-07-28 10:15 - 2012-07-31 11:29 - 00143336 ____A C:\Windows\Minidump\072812-24429-01.dmp
2012-07-27 09:09 - 2012-07-27 09:09 - 00000286 ____A C:\Users\Owner\Desktop\DINA-PC.url
2012-07-24 11:55 - 2012-07-24 11:48 - 00012176 ____A C:\Users\Owner\Desktop\stylecontact.css
2012-07-23 07:27 - 2012-07-23 07:27 - 15519751 ____A C:\Users\Owner\Desktop\0002.mp4
2012-07-15 04:58 - 2012-07-15 04:58 - 00279424 ____A C:\Users\Owner\Downloads\Keygen_exe.exe
2012-07-13 13:30 - 2012-04-28 10:49 - 00000132 ____A C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-07-11 10:05 - 2011-07-21 11:46 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-07-11 10:05 - 2011-07-21 11:46 - 00083392 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-07-11 10:05 - 2011-07-21 11:46 - 00030624 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-07-10 23:26 - 2009-07-13 20:33 - 03828216 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 23:06 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini
2012-07-10 23:02 - 2011-03-23 12:47 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 08:05 - 2012-07-10 07:50 - 1271225440 ____A C:\Users\Owner\Downloads\Adobe After Effects CS5.5.exe
2012-07-10 07:12 - 2012-07-10 06:49 - 00003465 __ASH C:\Windows\System32\win_stlthdb_sys.dat
2012-07-10 07:12 - 2012-07-10 06:49 - 00003465 __ASH C:\Users\Owner\AppData\Local\win_stlthdb_sys.dat
2012-07-10 07:03 - 2012-07-10 06:50 - 00000520 __ASH C:\Users\Owner\AppData\Local\win_fldb_sys.dat
2012-07-10 07:01 - 2012-07-10 06:56 - 00000000 __ASH C:\Users\Owner\AppData\Local\win_lockerdb_sys.dat
2012-07-10 06:49 - 2012-07-10 06:49 - 00002568 __ASH C:\Users\All Users\win_mpwd_sys.dat
2012-07-10 06:46 - 2012-07-10 06:46 - 00228112 ____A (NewSoftwares.net, Inc.) C:\Windows\System32\WinVDEdrv.sys
2012-07-10 06:46 - 2012-07-10 06:46 - 00188176 ____A C:\Windows\System32\WinVDEdrv6.sys
2012-07-10 06:46 - 2012-07-10 06:46 - 00029696 ____A C:\Windows\System32\WinFLAdrv.sys
2012-07-10 06:46 - 2012-07-10 06:46 - 00001105 ____A C:\Users\Public\Desktop\Folder Lock.lnk
2012-07-10 06:45 - 2012-07-10 06:45 - 00321736 ____A ( New Softwares.net) C:\Windows\System32\WinFLTrayShred.exe
2012-07-10 06:45 - 2012-07-10 06:45 - 00321736 ____A ( New Softwares.net) C:\Windows\System32\WinFLTray.exe
2012-07-10 06:45 - 2012-07-10 06:45 - 00091336 ____A (New Softwares.net) C:\Windows\System32\WinFLService.exe
2012-07-10 06:45 - 2012-07-10 06:45 - 00040960 ____A C:\Windows\System32\nwsftUninstall.exe
2012-07-10 06:45 - 2012-07-10 06:45 - 00014024 ____A C:\Windows\System32\WinFLMsgService.exe
2012-07-07 07:43 - 2012-07-07 07:35 - 88030946 ____A C:\Users\Owner\Documents\El Sombrero Azul CORINTO INTERNACIONAL.MPG.avi
2012-07-07 07:41 - 2012-07-07 07:35 - 58487032 ____A C:\Users\Owner\Documents\salvadoreñas coreografia 2011.avi
2012-07-07 07:37 - 2012-07-07 07:35 - 84302788 ____A C:\Users\Owner\Documents\EL CARBONERO.avi
2012-07-07 07:28 - 2012-07-07 07:26 - 28909138 ____A C:\Users\Owner\Documents\salvadoreñas coreografia 2011.flv
2012-07-07 07:28 - 2012-07-07 07:26 - 23639601 ____A C:\Users\Owner\Documents\EL CARBONERO.flv
2012-07-07 07:27 - 2012-07-07 07:25 - 43173010 ____A C:\Users\Owner\Documents\El Sombrero Azul CORINTO INTERNACIONAL.MPG.flv
2012-07-07 07:24 - 2012-07-07 07:24 - 00001247 ____A C:\Users\Public\Desktop\YTD Video Downloader.lnk
2012-07-06 12:43 - 2012-07-06 12:43 - 00823576 ____A (Bandoo Media Inc) C:\Users\Owner\Downloads\iLividSetupV1.exe
2012-07-06 07:29 - 2012-07-06 07:29 - 00502049 ____A C:\Users\Owner\Downloads\zero-zero.c4d
2012-07-06 06:35 - 2012-07-06 06:35 - 00001111 ____A C:\Users\Owner\Desktop\CINEMA 4D.lnk
2012-06-30 12:40 - 2012-06-29 09:05 - 277704501 ____A C:\Users\Owner\Downloads\data1.cab
2012-06-30 11:19 - 2012-06-30 11:19 - 04919784 ____A C:\Users\Owner\Downloads\wordpress-3.4.1.zip
2012-06-30 09:42 - 2012-06-30 09:41 - 00242070 ____A C:\Users\Owner\Downloads\Aurora Products License File By GTecH.exe
2012-06-30 06:57 - 2012-06-30 03:49 - 00381808 ____A (InterVideo Digital Technology Corporation ) C:\Users\Owner\Downloads\setup.exe
2012-06-30 06:56 - 2012-06-30 06:56 - 00921656 ____A C:\Users\Owner\Downloads\Welcome.bmp
2012-06-30 06:56 - 2012-06-30 04:52 - 01708856 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\instmsia.exe
2012-06-30 06:34 - 2012-06-30 04:38 - 02445550 ____A (Macrovision Corporation) C:\Users\Owner\Downloads\ISSetup.dll
2012-06-30 06:34 - 2012-06-30 00:18 - 05018624 ____A C:\Users\Owner\Downloads\Ulead DVD MovieFactory 6.msi
2012-06-30 05:12 - 2012-06-30 04:38 - 01822520 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\instmsiw.exe
2012-06-30 03:49 - 2012-06-30 03:49 - 00029806 ____A C:\Users\Owner\Downloads\ulead.bmp
2012-06-30 03:49 - 2012-06-30 03:49 - 00006129 ____A C:\Users\Owner\Downloads\0x0409.ini
2012-06-30 03:49 - 2012-06-30 03:49 - 00006125 ____A C:\Users\Owner\Downloads\CountryCode.dat
2012-06-30 03:49 - 2012-06-30 03:49 - 00002195 ____A C:\Users\Owner\Downloads\Setup.ini
2012-06-30 03:49 - 2012-06-30 03:49 - 00001238 ____A C:\Users\Owner\Downloads\info.ini
2012-06-30 03:49 - 2012-06-30 03:49 - 00000339 ____A C:\Users\Owner\Downloads\ulAR.cfg
2012-06-30 03:49 - 2012-06-30 03:49 - 00000137 ____A C:\Users\Owner\Downloads\serial.txt
2012-06-30 03:49 - 2012-06-29 09:05 - 00036864 ____A (Ulead Systems) C:\Users\Owner\Downloads\AutoRun.exe
2012-06-30 03:49 - 2012-04-07 07:50 - 00021674 ____A C:\Users\Owner\Downloads\LICENSE.TXT
2012-06-29 09:23 - 2011-03-23 12:39 - 00134856 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-29 09:15 - 2012-06-29 09:15 - 00000024 ____A C:\Windows\System32\DKRNL.JAX
2012-06-29 09:15 - 2012-06-29 06:39 - 00000210 ____A C:\Windows\ulead32.ini
2012-06-29 09:13 - 2012-06-29 09:13 - 00002133 ____A C:\Users\Public\Desktop\Ulead COOL 3D Studio.lnk
2012-06-28 13:55 - 2012-06-28 13:55 - 00000020 ___SH C:\Users\LogMeInRemoteUser\ntuser.ini
2012-06-28 13:48 - 2012-06-28 13:48 - 16151040 ____A C:\Users\Owner\Downloads\LogMeIn.msi
2012-06-27 08:08 - 2012-06-27 08:08 - 00000257 ____A C:\Users\Owner\Desktop\Products Main » Login.url
2012-06-26 09:49 - 2012-06-26 09:49 - 08675131 ____A C:\Users\Owner\Downloads\Superantispyware Pro 4.38.1004 +Serials.rar
2012-06-26 08:18 - 2012-06-26 08:18 - 00879345 ____A C:\Users\Owner\Downloads\UNDER_CONSTRUCTION_by_Creamania.psd
2012-06-22 07:11 - 2012-06-22 07:11 - 00001099 ____A C:\Users\Owner\Desktop\Mixed In Key 4.lnk
2012-06-15 13:19 - 2011-07-25 06:43 - 00059382 ____A C:\Windows\iis7.log
2012-06-11 18:40 - 2012-07-10 23:02 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 20:41 - 2012-07-10 18:03 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 12:09 - 2012-06-08 12:09 - 00001120 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-06-06 13:12 - 2012-06-06 13:12 - 00001007 ____A C:\Users\Owner\Desktop\WhoCrashed.lnk
2012-06-05 21:05 - 2012-07-10 18:03 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-10 18:03 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-10 18:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-02 14:19 - 2012-06-22 18:15 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 18:15 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 18:15 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 18:14 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 18:14 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-22 18:15 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-22 18:14 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-22 18:14 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-22 18:14 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-10 23:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-10 23:07 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-10 23:07 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-10 23:07 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-10 23:07 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 23:07 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-10 23:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-10 23:07 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 23:07 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 23:07 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-10 23:07 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-10 23:07 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 23:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 23:07 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 20:45 - 2012-07-10 18:03 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-10 18:03 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-10 18:03 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-10 18:03 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-10 18:03 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 10:38 - 2012-05-31 10:37 - 00000197 ____A C:\Users\All Users\RmUserCfg.ini
2012-05-31 10:38 - 2012-05-31 10:37 - 00000027 ____A C:\Users\All Users\IpAndPort.fig
2012-05-29 13:21 - 2012-05-15 11:06 - 00011952 ____A C:\Users\Owner\AppData\Local\Temp9.html
2012-05-29 11:42 - 2011-07-21 10:03 - 00002000 ___AH C:\Users\Owner\Documents\Default.rdp


ZeroAccess:
C:\Windows\Installer\{dfc03005-7013-9a10-774d-7b1eb2bb4d0f}
C:\Windows\Installer\{dfc03005-7013-9a10-774d-7b1eb2bb4d0f}\@
C:\Windows\Installer\{dfc03005-7013-9a10-774d-7b1eb2bb4d0f}\L
C:\Windows\Installer\{dfc03005-7013-9a10-774d-7b1eb2bb4d0f}\n
C:\Windows\Installer\{dfc03005-7013-9a10-774d-7b1eb2bb4d0f}\U
C:\Windows\Installer\{dfc03005-7013-9a10-774d-7b1eb2bb4d0f}\U\00000001.@

ZeroAccess:
C:\Users\Owner\AppData\Local\{dfc03005-7013-9a10-774d-7b1eb2bb4d0f}
C:\Users\Owner\AppData\Local\{dfc03005-7013-9a10-774d-7b1eb2bb4d0f}\@
C:\Users\Owner\AppData\Local\{dfc03005-7013-9a10-774d-7b1eb2bb4d0f}\L
C:\Users\Owner\AppData\Local\{dfc03005-7013-9a10-774d-7b1eb2bb4d0f}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 22%
Total physical RAM: 2038.3 MB
Available physical RAM: 1589.78 MB
Total Pagefile: 2038.3 MB
Available Pagefile: 1592.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.3 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:206.34 GB) (Free:68.68 GB) NTFS
2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (Windows 8) (Fixed) (Total:26.44 GB) (Free:12.66 GB) NTFS
5 Drive h: (ARAPIDPC) (Removable) (Total:7.82 GB) (Free:7.13 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (FTP) (Fixed) (Total:465.76 GB) (Free:428.89 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 232 GB 1024 KB
Disk 2 Online 8024 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 465 GB 0 B

==================================================================================

Disk: 0
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 206 GB 101 MB
Partition 3 Primary 26 GB 206 GB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 206 GB Healthy

==================================================================================

Disk: 1
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F Windows 8 NTFS Partition 26 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 8023 MB 31 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H ARAPIDPC FAT32 Removable 8023 MB Healthy

==================================================================================

Last Boot: 2012-08-16 20:31

======================= End Of Log ==========================

 

  • BC Ads
  • BleepingComputer.com

#2 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,750 posts
  • Gender:Male
  • Location:Puerto rico

Posted 21 August 2012 - 12:42 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#3 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,750 posts
  • Gender:Male
  • Location:Puerto rico

Posted 23 August 2012 - 11:31 PM

Hello
48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#4 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,750 posts
  • Gender:Male
  • Location:Puerto rico

Posted 26 August 2012 - 11:37 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·