BleepingComputer.com: Google redirect, new trojan?

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Google redirect, new trojan?

#1 User is offline   2Sik 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 28-July 11

Posted 31 July 2011 - 12:17 AM

Hi, I was sent here from http://www.bleepingcomputer.com/forums/topic411686.html/page__st__15 . I have not been able to get rid of this virus which is redirecting any websites I click on in my google search. The moderator in the last thread has covered many logs with me which someone can look at. Please get back to me, thanks.

#2 User is offline   2Sik 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 28-July 11

Posted 31 July 2011 - 12:28 PM

Please help!

#3 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 04 August 2011 - 01:54 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply


Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

information and logs:

    In your next post I need the following

    • .logs from DDS
    • log from RKUnHooker
    • let me know of any problems you may have had


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#4 User is offline   2Sik 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 28-July 11

Posted 04 August 2011 - 09:26 PM

1. DDS

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by 2Sik at 19:13:30 on 2011-08-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2668.1577 [GMT -7:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\system32\dleacoms.exe
C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\MSI Game Corner\Game Console\OberonGameConsoleService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\atieclxx.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msi.msn.com
uDefault_Page_URL = hxxp://msi.msn.com
mStart Page = hxxp://msi.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [AdobeBridge]
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
mRun: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\2Sik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\Users\2Sik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPCS~1.LNK - C:\Program Files (x86)\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7E846249-6D0B-4BA9-9078-777476784380} : DhcpNameServer = 10.101.0.1
TCP: Interfaces\{8CA9679E-DB27-4761-B2A5-C023E7F9749B} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8CA9679E-DB27-4761-B2A5-C023E7F9749B}\2375942554635313 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8CA9679E-DB27-4761-B2A5-C023E7F9749B}\34F4D40555455425F5E4564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8CA9679E-DB27-4761-B2A5-C023E7F9749B}\76F676F696E666C696768647 : DhcpNameServer = 172.19.134.2
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
mRun-x64: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\2Sik\AppData\Roaming\Mozilla\Firefox\Profiles\ptbq5j4w.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\Bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-12 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-7-28 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-7-28 269480]
R2 avgntflt;avgntflt;C:\windows\system32\DRIVERS\avgntflt.sys --> C:\windows\system32\DRIVERS\avgntflt.sys [?]
R2 dlea_device;dlea_device;C:\windows\system32\dleacoms.exe -service --> C:\windows\system32\dleacoms.exe -service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-28 366640]
R2 MSI Foundation Service;MSI Foundation Service;C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-7-16 12800]
R2 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\MSI Game Corner\Game Console\OberonGameConsoleService.exe [2011-1-25 44432]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\windows\system32\DRIVERS\usbfilter.sys --> C:\windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2011-8-3 33448]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-03 23:59:27 -------- d-----w- C:\windows\System32\SPReview
2011-08-03 23:43:07 -------- d-----w- C:\ProgramData\Ezprint
2011-08-03 23:38:57 -------- d-----w- C:\ProgramData\Dl_cats
2011-08-03 23:38:33 189440 ----a-w- C:\windows\System32\Spool\prtprocs\x64\dleadrpp.dll
2011-08-03 23:37:10 109056 ----a-w- C:\windows\System32\dleavs.dll
2011-08-03 23:37:06 796160 ----a-w- C:\windows\System32\dleacoin.dll
2011-08-03 23:37:05 1462272 ----a-w- C:\windows\System32\lxk_g.dll
2011-08-03 23:37:03 983121 ----a-w- C:\windows\System32\lxk_gf.dll
2011-08-03 23:37:03 65024 ----a-w- C:\windows\System32\dleagcfg.dll
2011-08-03 23:37:02 399360 ----a-w- C:\windows\System32\dleacui.dll
2011-08-03 23:37:02 148480 ----a-w- C:\windows\System32\dleacuir.dll
2011-08-03 23:36:14 509952 ----a-w- C:\windows\System32\DLEAwupd.dll
2011-08-03 23:36:14 295080 ----a-w- C:\windows\System32\DLEAwupd.exe
2011-08-03 23:34:56 989696 ----a-w- C:\windows\System32\dleapmui.dll
2011-08-03 23:33:14 -------- d-----w- C:\DELL
2011-08-03 22:28:41 -------- d-----w- C:\windows\System32\EventProviders
2011-08-03 22:25:46 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF64EE03-8990-435E-BAD1-E98F9C3CE5B0}\mpengine.dll
2011-08-02 03:10:23 -------- d-----w- C:\Users\2Sik\SiteGrinderData
2011-08-02 03:08:29 -------- d-----w- C:\Program Files (x86)\SiteGrinder 3
2011-07-31 19:26:07 48976 ----a-w- C:\windows\System32\netfxperf.dll
2011-07-31 19:26:07 1942856 ----a-w- C:\windows\System32\dfshim.dll
2011-07-31 19:24:59 955904 ----a-w- C:\windows\System32\localspl.dll
2011-07-31 19:23:59 81920 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadcs.dll
2011-07-31 19:22:58 25600 ----a-w- C:\windows\System32\drivers\es-ES\usbport.sys.mui
2011-07-31 19:22:57 3072 ----a-w- C:\windows\System32\drivers\es-ES\Dot4usb.sys.mui
2011-07-31 19:22:56 399872 ----a-w- C:\windows\System32\dpx.dll
2011-07-31 19:22:56 189952 ----a-w- C:\windows\SysWow64\wdscore.dll
2011-07-31 19:22:32 606208 ----a-w- C:\windows\SysWow64\wbem\fastprox.dll
2011-07-31 19:22:32 363008 ----a-w- C:\windows\SysWow64\wbemcomn.dll
2011-07-31 19:21:06 529408 ----a-w- C:\windows\System32\wbemcomn.dll
2011-07-31 01:50:58 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-07-30 22:48:53 -------- d-----w- C:\Users\2Sik\AppData\Roaming\Adobe Mini Bridge CS5
2011-07-30 22:48:52 -------- d-----w- C:\Users\2Sik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-07-30 20:01:01 -------- d-----w- C:\Users\2Sik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-30 18:39:21 -------- d-----w- C:\Users\2Sik\AppData\Roaming\SUPERAntiSpyware.com
2011-07-30 18:39:21 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-30 18:39:10 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-30 18:39:05 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-07-30 17:47:12 -------- d-----w- C:\windows\SysWow64\Wat
2011-07-30 17:47:12 -------- d-----w- C:\windows\System32\Wat
2011-07-30 17:22:49 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-30 17:05:39 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-07-30 03:59:45 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-07-30 02:20:57 -------- d-----w- C:\Users\2Sik\AppData\Local\Adobe
2011-07-30 02:07:49 -------- d-----w- C:\Program Files (x86)\AdobePS
2011-07-29 22:00:13 94208 ----a-w- C:\windows\SysWow64\wmpuice.dll
2011-07-29 22:00:13 69632 ----a-w- C:\windows\cadSSaver.scr
2011-07-29 22:00:11 -------- d-----w- C:\Program Files (x86)\CD Art Display
2011-07-29 21:46:55 -------- d-----w- C:\Users\2Sik\AppData\Local\Apple Computer
2011-07-29 21:46:29 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2011-07-29 21:46:29 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
2011-07-29 21:46:29 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2011-07-29 21:45:54 -------- d-----w- C:\Program Files\iPod
2011-07-29 21:45:53 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-07-29 21:45:53 -------- d-----w- C:\Program Files\iTunes
2011-07-29 21:45:53 -------- d-----w- C:\Program Files (x86)\iTunes
2011-07-29 21:44:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-07-29 21:44:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-07-29 21:44:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-07-29 21:44:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-07-29 21:44:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-07-29 21:44:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-07-29 21:44:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-07-29 21:43:53 -------- d-----w- C:\Users\2Sik\AppData\Local\Apple
2011-07-29 21:43:11 -------- d-----w- C:\Program Files\Bonjour
2011-07-29 21:43:11 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-07-29 21:31:40 -------- d-----w- C:\Users\2Sik\AppData\Roaming\CD Art Display
2011-07-29 21:10:02 -------- d-----w- C:\Users\2Sik\AppData\Roaming\Rainmeter
2011-07-29 21:09:54 -------- d-----w- C:\Program Files\Rainmeter
2011-07-29 20:05:03 467456 ----a-w- C:\windows\System32\drivers\srv.sys
2011-07-29 20:05:03 410112 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-07-29 20:05:03 168448 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-07-29 19:29:04 30208 ----a-w- C:\windows\System32\dnscacheugc.exe
2011-07-29 19:29:04 28672 ----a-w- C:\windows\SysWow64\dnscacheugc.exe
2011-07-29 19:29:04 183296 ----a-w- C:\windows\System32\dnsrslvr.dll
2011-07-29 19:22:03 715776 ----a-w- C:\windows\System32\kerberos.dll
2011-07-29 19:22:03 542208 ----a-w- C:\windows\SysWow64\kerberos.dll
2011-07-29 19:18:01 5562240 ----a-w- C:\windows\System32\ntoskrnl.exe
2011-07-29 19:16:05 613376 ----a-w- C:\windows\System32\vbscript.dll
2011-07-29 19:16:05 428032 ----a-w- C:\windows\SysWow64\vbscript.dll
2011-07-29 19:15:50 1395712 ----a-w- C:\windows\System32\mfc42.dll
2011-07-29 19:15:50 1359872 ----a-w- C:\windows\System32\mfc42u.dll
2011-07-29 19:15:50 1137664 ----a-w- C:\windows\SysWow64\mfc42.dll
2011-07-29 19:15:49 1164288 ----a-w- C:\windows\SysWow64\mfc42u.dll
2011-07-29 19:15:41 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
2011-07-29 19:15:41 46080 ----a-w- C:\windows\System32\atmlib.dll
2011-07-29 19:15:41 367616 ----a-w- C:\windows\System32\atmfd.dll
2011-07-29 19:15:41 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2011-07-29 19:15:41 294912 ----a-w- C:\windows\SysWow64\atmfd.dll
2011-07-29 19:15:41 100864 ----a-w- C:\windows\System32\fontsub.dll
2011-07-29 19:12:18 64512 ----a-w- C:\windows\SysWow64\devobj.dll
2011-07-29 19:12:18 44544 ----a-w- C:\windows\SysWow64\devrtl.dll
2011-07-29 19:12:18 404480 ----a-w- C:\windows\System32\umpnpmgr.dll
2011-07-29 19:12:18 252928 ----a-w- C:\windows\SysWow64\drvinst.exe
2011-07-29 19:12:18 207872 ----a-w- C:\windows\System32\cfgmgr32.dll
2011-07-29 19:12:18 145920 ----a-w- C:\windows\SysWow64\cfgmgr32.dll
2011-07-29 19:12:16 3137536 ----a-w- C:\windows\System32\win32k.sys
2011-07-29 19:11:18 974336 ----a-w- C:\windows\System32\WFS.exe
2011-07-29 19:11:18 267776 ----a-w- C:\windows\System32\FXSCOVER.exe
2011-07-29 19:11:11 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-07-29 19:11:10 741376 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-07-29 19:10:45 90624 ----a-w- C:\windows\System32\drivers\bowser.sys
2011-07-29 06:22:07 -------- d-----w- C:\Users\2Sik\AppData\Roaming\Malwarebytes
2011-07-29 06:21:39 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-29 06:21:36 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-29 06:21:32 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-07-29 06:21:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-29 05:05:00 -------- d-----w- C:\Users\2Sik\AppData\Roaming\Avira
2011-07-29 03:12:47 -------- d-----w- C:\Users\2Sik\AppData\Local\ODUI
2011-07-29 03:12:41 -------- d-----w- C:\Users\2Sik\AppData\Local\Stardock
2011-07-29 03:10:28 -------- d-----w- C:\Users\2Sik\AppData\Roaming\Stardock
2011-07-29 03:09:53 -------- dc-h--w- C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
2011-07-29 03:09:52 -------- d-----w- C:\ProgramData\Stardock
2011-07-29 03:09:52 -------- d-----w- C:\Program Files (x86)\Common Files\Stardock
2011-07-29 03:09:49 -------- d-----w- C:\Program Files (x86)\Stardock
2011-07-29 03:09:39 -------- d-----w- C:\Users\2Sik\AppData\Local\PackageAware
2011-07-29 01:46:24 -------- d-----w- C:\Users\2Sik\AppData\Roaming\XWindows Dock
2011-07-29 01:46:20 -------- d-----w- C:\Program Files (x86)\XWindows Dock
2011-07-28 23:23:25 332288 ----a-w- C:\windows\System32\uxtheme.dll.backup
2011-07-28 23:23:23 2851328 ----a-w- C:\windows\System32\themeui.dll.backup
2011-07-28 23:23:19 44544 ----a-w- C:\windows\System32\themeservice.dll.backup
2011-07-28 23:20:46 245760 ----a-w- C:\windows\SysWow64\uxtheme.dll.backup
2011-07-28 23:20:43 2755072 ----a-w- C:\windows\SysWow64\themeui.dll.backup
2011-07-28 21:45:17 -------- d-----w- C:\Users\2Sik\AppData\Roaming\OpenOffice.org
2011-07-28 21:43:00 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-07-28 21:42:07 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-07-28 21:09:41 -------- d-----w- C:\Users\2Sik\AppData\Roaming\MAGIX
2011-07-28 21:05:50 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-28 21:04:42 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-07-28 21:04:09 -------- d-----w- C:\Users\2Sik\AppData\Roaming\uTorrent
2011-07-28 21:04:09 -------- d-----w- C:\Users\2Sik\AppData\Local\uTorrent
2011-07-28 21:00:54 270720 ------w- C:\windows\System32\MpSigStub.exe
2011-07-28 20:47:23 88288 ----a-w- C:\windows\System32\drivers\avgntflt.sys
2011-07-28 20:47:22 -------- d-----w- C:\ProgramData\Avira
2011-07-28 20:47:22 -------- d-----w- C:\Program Files (x86)\Avira
2011-07-28 19:45:36 -------- d-----w- C:\windows\SysWow64\RTCOM
2011-07-28 19:45:08 2602528 ----a-w- C:\windows\System32\RtkHDM64.dll
2011-07-28 19:45:08 253728 ----a-w- C:\windows\System32\drivers\RtHDMIVX.sys
2011-07-28 19:45:07 95432 ----a-w- C:\windows\System32\RTEEL64H.dll
2011-07-28 19:45:07 76488 ----a-w- C:\windows\System32\RTEEG64H.dll
2011-07-28 19:45:07 69664 ----a-w- C:\windows\System32\RHCoInst64.dll
2011-07-28 19:45:07 369864 ----a-w- C:\windows\System32\RTEEP64H.dll
2011-07-28 19:45:07 307936 ----a-w- C:\windows\System32\RH3DHT64.dll
2011-07-28 19:45:07 307936 ----a-w- C:\windows\System32\RH3DAA64.dll
2011-07-28 19:45:07 201928 ----a-w- C:\windows\System32\RTEED64H.dll
2011-07-28 19:45:07 1964064 ----a-w- C:\windows\System32\RHDMEx64.dll
2011-07-28 19:45:00 332392 ----a-w- C:\windows\System32\RtlCPAPI64.dll
2011-07-28 19:33:17 307304 ----a-r- C:\windows\System32\drivers\rtsuvstor.sys
2011-07-28 19:33:16 9888360 ----a-w- C:\windows\SysWow64\RtsUVStoricon.dll
2011-07-28 19:29:51 -------- d-----w- C:\CIMTEMP
2011-07-28 19:23:51 -------- d-----w- C:\Users\2Sik\AppData\Local\MSI
2011-07-28 19:22:40 -------- d-----w- C:\Users\2Sik\AppData\Local\ATI
2011-07-28 19:22:34 -------- d-----w- C:\Users\2Sik\AppData\Local\SRS Labs
2011-07-28 19:22:28 -------- d-----w- C:\Users\2Sik\AppData\Roaming\FLEXnet
2011-07-28 19:21:44 -------- d-----w- C:\Users\2Sik\AppData\Local\VirtualStore
2011-07-28 19:20:00 -------- d-----w- C:\Users\2Sik\AppData\Roaming\Zeon
2011-07-28 19:19:59 -------- d-----w- C:\ProgramData\Nuance
2011-07-28 19:19:53 -------- d-----w- C:\Program Files (x86)\Nuance
2011-07-28 19:19:49 -------- d-----w- C:\ProgramData\Downloaded Installations
2011-07-28 19:17:09 4398360 ----a-w- C:\windows\System32\d3dx9_32.dll
2011-07-28 19:17:09 3426072 ----a-w- C:\windows\SysWow64\d3dx9_32.dll
2011-07-28 19:16:32 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-07-28 19:15:35 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-07-28 19:15:16 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-07-28 19:14:32 -------- d-----w- C:\windows\PCHEALTH
2011-07-28 19:14:26 4927864 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\90c436b41cc4d5a\Silverlight.2.0.exe
2011-07-28 19:14:14 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\89caeea81cc4d5a\DSETUP.dll
2011-07-28 19:14:14 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\89caeea81cc4d5a\DXSETUP.exe
2011-07-28 19:14:14 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\89caeea81cc4d5a\dsetup32.dll
2011-07-28 19:13:38 141399376 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc18BD.tmp
2011-07-28 19:13:26 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-07-28 19:12:44 -------- d-----w- C:\ProgramData\MAGIX
2011-07-28 19:12:44 -------- d-----w- C:\Program Files (x86)\MAGIX
2011-07-28 19:10:48 6 ----a-w- C:\windows\silentOnce.tmp
2011-07-28 19:07:52 -------- d-sh--w- C:\Recovery
2011-07-12 18:34:00 96104 ----a-w- C:\windows\System32\dns-sd.exe
2011-07-12 18:34:00 85864 ----a-w- C:\windows\System32\dnssd.dll
2011-07-12 18:34:00 61288 ----a-w- C:\windows\System32\jdns_sd.dll
2011-07-12 18:34:00 212840 ----a-w- C:\windows\System32\dnssdX.dll
2011-07-12 18:20:54 83816 ----a-w- C:\windows\SysWow64\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- C:\windows\SysWow64\dnssd.dll
2011-07-12 18:20:54 50536 ----a-w- C:\windows\SysWow64\jdns_sd.dll
2011-07-12 18:20:54 178536 ----a-w- C:\windows\SysWow64\dnssdX.dll
.
==================== Find3M ====================
.
2011-08-04 00:35:12 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2011-08-04 00:35:11 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-07-28 23:23:25 332288 ----a-w- C:\windows\System32\uxtheme.dll
2011-07-28 23:23:19 44544 ----a-w- C:\windows\System32\themeservice.dll
2011-07-28 23:20:46 245760 ----a-w- C:\windows\SysWow64\uxtheme.dll
2011-06-03 06:56:38 421888 ----a-w- C:\windows\System32\KernelBase.dll
2011-06-03 05:56:11 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-05-28 02:53:58 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-05-14 07:25:06 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-05-14 07:25:06 243200 ----a-w- C:\windows\System32\wow64.dll
2011-05-14 07:25:06 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-05-14 07:24:33 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-05-14 07:22:25 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-05-14 07:16:48 338432 ----a-w- C:\windows\System32\conhost.exe
2011-05-14 06:28:33 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-05-14 06:24:36 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-05-14 06:24:08 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-05-14 06:22:24 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-05-14 04:20:05 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-05-14 04:20:03 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-05-10 15:06:08 51712 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
2011-05-10 15:06:08 4517664 ----a-w- C:\windows\System32\usbaaplrc.dll
2004-03-18 00:13:46 1028368 ----a-w- C:\Program Files (x86)\vbrun60sp6.exe
.
============= FINISH: 19:15:56.35 ===============



2. DDS Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/28/2011 12:08:09 PM
System Uptime: 8/4/2011 6:24:11 AM (37 hours ago)
.
Motherboard: MSI | | MS-16GN
Processor: AMD E-350 Processor | CPU 1 | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 173 GiB total, 120.292 GiB free.
D: is FIXED (NTFS) - 115 GiB total, 115.109 GiB free.
E: is CDROM (CDFS)
W: is FIXED (NTFS) - 10 GiB total, 1.152 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP11: 7/30/2011 3:00:20 AM - Windows Update
RP12: 7/30/2011 10:22:03 AM - Windows Update
RP13: 8/1/2011 10:23:45 AM - Windows Update
RP14: 8/3/2011 3:25:03 PM - Windows Update
RP15: 8/3/2011 3:27:56 PM - Windows Update
RP16: 8/3/2011 4:36:02 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Alice Greenfingers
Apple Application Support
Apple Software Update
Atheros Client Installation Program
Avira AntiVir Personal - Free Antivirus
Battery Calibration
BurnRecovery
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CD Art Display 2.0.1
Chicken Invaders 2
Cinema ProII Setup
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
EasyViewer
Home Sweet Home
i-Charger
Java Auto Updater
Java™ 6 Update 22
Junk Mail filter update
MAGIX Video easy SE
Mahjong Escape Ancient China
Malwarebytes' Anti-Malware version 1.51.1.1800
Media Lab SiteGrinder 3
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 5.0.1 (x86 en-US)
MSI Game Corner Console
MSI HOUSE
msi Software Install
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nuance PDF Reader
ObjectDock Plus 2
OpenOffice.org 3.3
PDF Settings CS5
QuickTime
Rainmeter
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
REALTEK Wireless LAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Stardock Software
VLC media player 1.1.11
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
8/5/2011 6:56:59 PM, Error: RTL8192Ce [0] -
8/4/2011 6:25:42 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect.
8/4/2011 6:25:42 AM, Error: Service Control Manager [7000] - The dleaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/4/2011 6:16:17 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: The process cannot access the file because it is being used by another process.
8/4/2011 6:08:53 AM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
8/3/2011 4:37:26 PM, Error: Microsoft-Windows-Service Pack Installer [6] - The Service Pack cannot be installed when the computer is running on battery power.
8/3/2011 4:35:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.
8/3/2011 4:35:03 PM, Error: Service Control Manager [7030] - The dlea_device service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/3/2011 3:52:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
8/3/2011 3:52:39 PM, Error: Microsoft-Windows-Service Pack Installer [8] - Service Pack installation failed with error code 0x800f0829.
8/1/2011 8:50:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MSI Foundation Service service to connect.
8/1/2011 8:50:40 PM, Error: Service Control Manager [7000] - The MSI Foundation Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/1/2011 8:40:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Oberon Media Game Console service service to connect.
8/1/2011 8:40:48 PM, Error: Service Control Manager [7000] - The Oberon Media Game Console service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/1/2011 10:59:30 AM, Error: Service Control Manager [7034] - The Thread Ordering Server service terminated unexpectedly. It has done this 1 time(s).
7/31/2011 2:09:11 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -86410 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.44:123) is working properly.
.
==== End Of File ===========================


3.Rk hooker is getting an unexpected error

#5 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 04 August 2011 - 09:38 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#6 User is offline   2Sik 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 28-July 11

Posted 04 August 2011 - 11:55 PM

Combofix:

ComboFix 11-08-04.02 - 2Sik 08/05/2011 21:20:45.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2668.1833 [GMT -7:00]
Running from: c:\users\2Sik\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\2Sik\AppData\Roaming\Mozilla\Firefox\Profiles\ptbq5j4w.default\extensions\{737debf1-cfb1-48ff-b03e-bdb4fa7552ac}
c:\users\2Sik\AppData\Roaming\Mozilla\Firefox\Profiles\ptbq5j4w.default\extensions\{737debf1-cfb1-48ff-b03e-bdb4fa7552ac}\chrome.manifest
c:\users\2Sik\AppData\Roaming\Mozilla\Firefox\Profiles\ptbq5j4w.default\extensions\{737debf1-cfb1-48ff-b03e-bdb4fa7552ac}\chrome\xulcache.jar
c:\users\2Sik\AppData\Roaming\Mozilla\Firefox\Profiles\ptbq5j4w.default\extensions\{737debf1-cfb1-48ff-b03e-bdb4fa7552ac}\defaults\preferences\xulcache.js
c:\users\2Sik\AppData\Roaming\Mozilla\Firefox\Profiles\ptbq5j4w.default\extensions\{737debf1-cfb1-48ff-b03e-bdb4fa7552ac}\install.rdf
c:\users\2Sik\AppData\Roaming\Mozilla\Firefox\Profiles\ptbq5j4w.default\extensions\{ba606bb6-d550-42d4-b45d-bd41ad670833}
c:\users\2Sik\AppData\Roaming\Mozilla\Firefox\Profiles\ptbq5j4w.default\extensions\{ba606bb6-d550-42d4-b45d-bd41ad670833}\chrome.manifest
c:\users\2Sik\AppData\Roaming\Mozilla\Firefox\Profiles\ptbq5j4w.default\extensions\{ba606bb6-d550-42d4-b45d-bd41ad670833}\chrome\xulcache.jar
c:\users\2Sik\AppData\Roaming\Mozilla\Firefox\Profiles\ptbq5j4w.default\extensions\{ba606bb6-d550-42d4-b45d-bd41ad670833}\defaults\preferences\xulcache.js
c:\users\2Sik\AppData\Roaming\Mozilla\Firefox\Profiles\ptbq5j4w.default\extensions\{ba606bb6-d550-42d4-b45d-bd41ad670833}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))
.
.
2011-08-06 04:29 . 2011-08-06 04:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-06 02:19 . 2011-08-06 02:25 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-08-03 23:59 . 2011-08-03 23:59 -------- d-----w- c:\windows\system32\SPReview
2011-08-03 23:43 . 2011-08-03 23:43 -------- d-----w- c:\programdata\Ezprint
2011-08-03 23:38 . 2011-08-03 23:45 -------- d-----w- c:\programdata\Dl_cats
2011-08-03 23:38 . 2009-06-19 12:01 189440 ----a-w- c:\windows\system32\Spool\prtprocs\x64\dleadrpp.dll
2011-08-03 23:37 . 2008-03-05 05:55 109056 ----a-w- c:\windows\system32\dleavs.dll
2011-08-03 23:37 . 2009-06-09 20:11 796160 ----a-w- c:\windows\system32\dleacoin.dll
2011-08-03 23:37 . 2008-04-30 09:32 1462272 ----a-w- c:\windows\system32\lxk_g.dll
2011-08-03 23:37 . 2009-05-22 09:59 65024 ----a-w- c:\windows\system32\dleagcfg.dll
2011-08-03 23:37 . 2008-04-30 09:32 983121 ----a-w- c:\windows\system32\lxk_gf.dll
2011-08-03 23:37 . 2009-05-22 10:01 148480 ----a-w- c:\windows\system32\dleacuir.dll
2011-08-03 23:37 . 2009-05-22 10:01 399360 ----a-w- c:\windows\system32\dleacui.dll
2011-08-03 23:36 . 2009-07-01 16:13 295080 ----a-w- c:\windows\system32\DLEAwupd.exe
2011-08-03 23:36 . 2009-04-23 16:38 509952 ----a-w- c:\windows\system32\DLEAwupd.dll
2011-08-03 23:34 . 2009-05-14 18:22 989696 ----a-w- c:\windows\system32\dleapmui.dll
2011-08-03 23:33 . 2011-08-03 23:33 -------- d-----w- C:\DELL
2011-08-03 22:28 . 2011-08-03 22:28 -------- d-----w- c:\windows\system32\EventProviders
2011-08-03 22:25 . 2011-07-20 16:44 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF64EE03-8990-435E-BAD1-E98F9C3CE5B0}\mpengine.dll
2011-08-02 03:08 . 2011-08-02 03:10 -------- d-----w- c:\program files (x86)\SiteGrinder 3
2011-07-31 19:26 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-31 19:26 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-07-31 19:24 . 2010-11-20 13:33 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-07-31 19:23 . 2010-11-20 13:27 172544 ----a-w- c:\windows\system32\twext.dll
2011-07-31 19:22 . 2010-11-20 12:56 25600 ----a-w- c:\windows\system32\drivers\es-ES\usbport.sys.mui
2011-07-31 19:22 . 2010-11-20 13:01 3072 ----a-w- c:\windows\system32\drivers\es-ES\Dot4usb.sys.mui
2011-07-31 19:22 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-07-31 19:22 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-07-31 19:22 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-07-31 19:22 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-07-31 19:21 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-07-31 01:50 . 2011-07-31 01:50 -------- d-----w- c:\program files (x86)\VideoLAN
2011-07-30 18:39 . 2011-07-30 18:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-30 18:39 . 2011-07-30 18:39 -------- d-----w- c:\programdata\!SASCORE
2011-07-30 18:39 . 2011-07-30 18:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-30 17:47 . 2011-07-30 17:47 -------- d-----w- c:\windows\SysWow64\Wat
2011-07-30 17:47 . 2011-07-30 17:47 -------- d-----w- c:\windows\system32\Wat
2011-07-30 17:05 . 2011-07-30 17:05 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-07-30 03:59 . 2011-07-30 03:59 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-07-30 03:22 . 2011-07-30 03:26 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-30 03:20 . 2011-07-30 03:20 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-07-30 03:17 . 2011-07-30 03:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-07-30 03:13 . 2011-07-30 03:59 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-07-29 22:00 . 2009-09-06 03:28 69632 ----a-w- c:\windows\cadSSaver.scr
2011-07-29 22:00 . 2003-01-27 21:27 94208 ----a-w- c:\windows\SysWow64\wmpuice.dll
2011-07-29 22:00 . 2011-07-29 22:00 -------- d-----w- c:\program files (x86)\CD Art Display
2011-07-29 21:46 . 2009-05-18 20:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-29 21:46 . 2008-04-17 19:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-07-29 21:46 . 2008-04-17 19:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-07-29 21:43 . 2011-07-29 21:43 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-29 21:43 . 2011-07-29 21:43 -------- d-----w- c:\program files\Common Files\Apple
2011-07-29 21:43 . 2011-07-29 21:43 -------- d-----w- c:\program files\Bonjour
2011-07-29 21:43 . 2011-07-29 21:43 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-29 21:42 . 2011-08-01 04:03 -------- d-----w- c:\programdata\Apple
2011-07-29 21:42 . 2011-07-29 21:45 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-07-29 21:09 . 2011-07-29 21:09 -------- d-----w- c:\program files\Rainmeter
2011-07-29 20:05 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-07-29 20:05 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-29 20:05 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-29 19:29 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-07-29 19:29 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-07-29 19:29 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-07-29 19:22 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll
2011-07-29 19:22 . 2010-12-17 07:07 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-07-29 19:18 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-07-29 19:16 . 2011-02-18 10:56 613376 ----a-w- c:\windows\system32\vbscript.dll
2011-07-29 19:16 . 2011-02-18 05:43 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-07-29 19:15 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-29 19:15 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-07-29 19:15 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-07-29 19:15 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-07-29 19:15 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-07-29 19:15 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-07-29 19:15 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-07-29 19:15 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-07-29 19:15 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2011-07-29 19:15 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2011-07-29 19:12 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-29 19:12 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-07-29 19:12 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-07-29 19:12 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-07-29 19:12 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-07-29 19:12 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-07-29 19:12 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-07-29 19:11 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-07-29 19:11 . 2010-11-20 13:25 974336 ----a-w- c:\windows\system32\WFS.exe
2011-07-29 19:11 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-29 19:11 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-07-29 19:10 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-07-29 06:21 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-29 06:21 . 2011-07-29 06:21 -------- d-----w- c:\programdata\Malwarebytes
2011-07-29 06:21 . 2011-07-29 06:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-29 06:21 . 2011-07-07 02:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-29 03:09 . 2011-07-29 03:09 -------- dc-h--w- c:\programdata\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
2011-07-29 03:09 . 2011-07-29 03:09 -------- d-----w- c:\programdata\Stardock
2011-07-29 03:09 . 2011-07-29 03:09 -------- d-----w- c:\program files (x86)\Common Files\Stardock
2011-07-29 03:09 . 2011-07-29 03:10 -------- d-----w- c:\program files (x86)\Stardock
2011-07-29 01:46 . 2011-07-29 02:27 -------- d-----w- c:\program files (x86)\XWindows Dock
2011-07-28 23:23 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-07-28 23:23 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2011-07-28 23:20 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup
2011-07-28 21:43 . 2011-07-28 21:43 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-07-28 21:42 . 2011-07-28 21:42 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-28 21:42 . 2011-07-28 21:41 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-28 21:41 . 2011-07-28 21:41 -------- d-----w- c:\program files (x86)\Java
2011-07-28 21:05 . 2011-07-28 21:05 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-28 21:04 . 2011-07-28 21:04 -------- d-----w- c:\program files (x86)\uTorrent
2011-07-28 21:00 . 2011-05-25 02:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-07-28 20:47 . 2011-08-04 03:51 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-28 20:47 . 2011-08-04 03:51 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-28 20:47 . 2011-07-28 20:47 -------- d-----w- c:\programdata\Avira
2011-07-28 20:47 . 2011-07-28 20:47 -------- d-----w- c:\program files (x86)\Avira
2011-07-28 19:45 . 2011-07-28 19:45 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-07-28 19:45 . 2010-05-24 12:13 2602528 ----a-w- c:\windows\system32\RtkHDM64.dll
2011-07-28 19:45 . 2010-05-24 12:07 253728 ----a-w- c:\windows\system32\drivers\RtHDMIVX.sys
2011-07-28 19:45 . 2010-05-24 12:13 1964064 ----a-w- c:\windows\system32\RHDMEx64.dll
2011-07-28 19:45 . 2010-05-24 12:13 69664 ----a-w- c:\windows\system32\RHCoInst64.dll
2011-07-28 19:45 . 2010-01-11 00:41 307936 ----a-w- c:\windows\system32\RH3DHT64.dll
2011-07-28 19:45 . 2010-01-11 00:41 307936 ----a-w- c:\windows\system32\RH3DAA64.dll
2011-07-28 19:45 . 2009-12-15 10:26 95432 ----a-w- c:\windows\system32\RTEEL64H.dll
2011-07-28 19:45 . 2009-12-15 10:26 76488 ----a-w- c:\windows\system32\RTEEG64H.dll
2011-07-28 19:45 . 2009-12-15 10:26 369864 ----a-w- c:\windows\system32\RTEEP64H.dll
2011-07-28 19:45 . 2009-12-15 10:26 201928 ----a-w- c:\windows\system32\RTEED64H.dll
2011-07-28 19:45 . 2010-11-03 10:31 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2011-07-28 19:33 . 2010-11-30 06:40 307304 ----a-r- c:\windows\system32\drivers\rtsuvstor.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-04 00:35 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-04 00:35 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-28 23:23 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2011-07-28 23:23 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2011-07-28 23:20 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2011-05-14 06:24 . 2011-07-29 19:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-10 15:06 . 2011-05-10 15:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 15:06 . 2011-05-10 15:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2004-03-18 00:13 . 2004-03-18 00:13 1028368 ----a-w- c:\program files (x86)\vbrun60sp6.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-10 336384]
"Cinema ProII AP"="c:\program files (x86)\MSI\Cinema ProII\CinemaProII.exe" [2010-10-22 199680]
"Cinema ProII Controler"="c:\program files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe" [2010-06-25 1689600]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
c:\users\2Sik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-7-24 102912]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-7-28 4142448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS PC Sound.lnk - c:\program files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe [2010-12-6 1927528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2009-07-01 33448]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 BlackBox;BlackBox SR2; [x]
R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-12 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2009-07-01 1054888]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-07-17 12800]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\MSI Game Corner\Game Console\OberonGameConsoleService.exe [2010-01-27 44432]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2009-07-10 766632]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2009-07-10 139944]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://msi.msn.com
mStart Page = hxxp://msi.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\2Sik\AppData\Roaming\Mozilla\Firefox\Profiles\ptbq5j4w.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2011-08-05 21:39:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-06 04:39
.
Pre-Run: 129,037,590,528 bytes free
Post-Run: 128,533,741,568 bytes free
.
- - End Of File - - BE7056EDE9A793246B7812A3A2DA9B4D

It says my Avira was on, but I disabled the security option.

This post has been edited by 2Sik: 04 August 2011 - 11:56 PM

#7 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 05 August 2011 - 12:08 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.




These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts


Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files

    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

    I would like you to rerun MBAM

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


"information and logs"

    In your next post I need the following

    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#8 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 08 August 2011 - 12:16 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#9 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 11 August 2011 - 12:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users