Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

nasty win32/renos.jm that I can't get rid of


  • This topic is locked This topic is locked
6 replies to this topic

#1 bjlarson

bjlarson

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 23 November 2009 - 03:39 PM

I have this trojan called win32/renos.jm that wont go away. it changed all the permissions for my AVG and malware remover so they wont even open or scan, nor will hijack this. I ran a Win32diag scan and this is what it came up with. Can someone please help me. Thanks.


Running from: C:\Users\blarson.LARSON\Desktop\Win32kDiag.exe

Log file at : C:\Users\blarson.LARSON\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.GpmgmtLib\2.0.0.0__31bf3856ad364e35\2.0.0.0__31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Private.GpmgmtpLib\2.0.0.0__31bf3856ad364e35\2.0.0.0__31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\GAC_32\Microsoft.Web.Administration-NonMSIL\6.0.6000.16386__31bf3856ad364e35\6.0.6000.16386__31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\GAC_32\Microsoft.Web.Management-NonMSIL\6.0.6000.16386__31bf3856ad364e35\6.0.6000.16386__31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\GAC_32\Microsoft.Web.Management.Aspnet-NonMSIL\6.0.6000.16386__31bf3856ad364e35\6.0.6000.16386__31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\GAC_32\Microsoft.Web.Management.AspnetClient-NonMSIL\6.0.6000.16386__31bf3856ad364e35\6.0.6000.16386__31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\GAC_32\Microsoft.Web.Management.Iis-NonMSIL\6.0.6000.16386__31bf3856ad364e35\6.0.6000.16386__31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\GAC_32\Microsoft.Web.Management.IisClient-NonMSIL\6.0.6000.16386__31bf3856ad364e35\6.0.6000.16386__31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\GAC_MSIL\Microsoft.GroupPolicy.GPOAdminGrid\2.0.0.0__31bf3856ad364e35\2.0.0.0__31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F81.tmp\ZAP1F81.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3EF6.tmp\ZAP3EF6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP862F.tmp\ZAP862F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9169.tmp\ZAP9169.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAE77.tmp\ZAPAE77.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD6AF.tmp\ZAPD6AF.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE4F1.tmp\ZAPE4F1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPED3B.tmp\ZAPED3B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\Administrator\Administrator

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\akintz\akintz

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\amonroe\amonroe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\amorris\amorris

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\apedersen\apedersen

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\apederson\apederson

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\bcorley\bcorley

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\bhandy\bhandy

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\bhayes\bhayes

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\bherceg\bherceg

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\blabadie\blabadie

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\cgriffin\cgriffin

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\cguerrero\cguerrero

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\cstringer\cstringer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\czimmerman\czimmerman

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\darnold\darnold

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\dday\dday

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\dgross\dgross

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\drestum\drestum

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\eahumada\eahumada

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\egutierrez\egutierrez

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\gallen\gallen

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\gatkinson\gatkinson

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\gharris\gharris

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\ghobbs\ghobbs

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\gparrish\$RECYCLE.BIN\$I0DLXIK

[1] 2007-09-20 18:53:12 544 C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\gparrish\$RECYCLE.BIN\$I0DLXIK ()



Cannot access: C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\gparrish\$RECYCLE.BIN\$IC0ERZR.mdb

[1] 2007-09-20 18:53:29 544 C:\Windows\CSC\v2.0.6\namespace\dc1\users\personal\gparrish\$RECYCLE.BIN\$IC0ERZR.mdb ()

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,191 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:00 PM

Posted 23 November 2009 - 04:12 PM

Hi, bjlarson

Welcome

Please run Win32kDiag.exe once again. This time around, allow the application to finish. You will know as the last sentence in the report will be "Finished".

Post the contents of the Win32kDiag.txt in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 bjlarson

bjlarson
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 24 November 2009 - 09:26 AM

ok, i've been running this since 8:30pm ET last night and it's still not finished. how long should it take? it keeps getting to files that it cannot access lek the last few ones listed on this last scan.

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,191 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:00 PM

Posted 24 November 2009 - 01:27 PM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" .
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 bjlarson

bjlarson
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 24 November 2009 - 03:29 PM

ok, here it is.

ComboFix 09-11-23.06 - blarson 11/24/2009 14:52.5.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1013.343 [GMT -5:00]
Running from: c:\users\blarson.LARSON\Desktop\Combo-Fix.exe
SP: AVG Anti-Spyware *enabled* (Updated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2565561958-2937897943-2911279747-500
c:\$recycle.bin\S-1-5-21-3169146002-4131633123-3543035742-500
c:\$recycle.bin\S-1-5-21-703957162-3266838910-2795822906-1006
c:\$recycle.bin\S-1-5-21-703957162-3266838910-2795822906-500
c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500
c:\program files\PCHealthCenter
c:\windows\BMf1c04c40.txt
c:\windows\system32\tmp.reg

Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
.

2009-11-24 20:08 . 2009-11-24 20:08 -------- d-----w- c:\users\TEMP.LARSON.004\AppData\Local\temp
2009-11-24 20:08 . 2009-11-24 20:08 -------- d-----w- c:\users\TEMP.LARSON.003\AppData\Local\temp
2009-11-24 20:08 . 2009-11-24 20:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-24 20:08 . 2009-11-24 20:15 -------- d-----w- c:\users\blarson.LARSON\AppData\Local\temp
2009-11-24 20:08 . 2009-11-24 20:08 -------- d-----w- c:\users\gparrish.CORPORATE\AppData\Local\temp
2009-11-24 20:08 . 2009-11-24 20:08 -------- d-----w- c:\users\TEMP.LARSON.001\AppData\Local\temp
2009-11-24 20:08 . 2009-11-24 20:08 -------- d-----w- c:\users\blarson\AppData\Local\temp
2009-11-24 20:08 . 2009-11-24 20:08 -------- d-----w- c:\users\administrator\AppData\Local\temp
2009-11-24 13:17 . 2009-11-24 13:17 17237488 ----a-w- c:\users\blarson.LARSON\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold.exe
2009-11-24 13:17 . 2009-11-24 13:17 8405312 ----a-w- c:\users\blarson.LARSON\AppData\Roaming\Real\Update\setup3.09\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-11-24 13:17 . 2009-11-24 13:17 149000 ----a-w- c:\users\blarson.LARSON\AppData\Roaming\Real\Update\setup3.09\chr_helper\LaunchHelper.exe
2009-11-24 13:17 . 2009-11-24 13:17 10309448 ----a-w- c:\users\blarson.LARSON\AppData\Roaming\Real\Update\setup3.09\chr\ChromeInstaller.exe
2009-11-24 13:17 . 2009-11-24 13:17 79368 ----a-w- c:\users\blarson.LARSON\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
2009-11-24 13:17 . 2009-11-24 13:17 64000 ----a-w- c:\users\blarson.LARSON\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gcapi_dll.dll
2009-11-24 13:17 . 2009-11-24 13:17 52288 ----a-w- c:\users\blarson.LARSON\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gtapi.dll
2009-11-24 13:17 . 2009-11-24 13:17 50688 ----a-w- c:\users\blarson.LARSON\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\fftbapi.dll
2009-11-24 13:17 . 2009-11-24 13:17 118784 ----a-w- c:\users\blarson.LARSON\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\compat.dll
2009-11-24 05:16 . 2009-11-24 05:16 439816 ----a-w- c:\users\blarson.LARSON\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-23 19:41 . 2009-11-23 19:42 -------- d-----w- c:\program files\McAfee.com
2009-11-23 19:41 . 2009-11-23 19:42 -------- d-----w- c:\program files\McAfee
2009-11-23 04:28 . 2009-11-24 19:40 0 ----a-r- c:\windows\win32k.sys
2009-11-23 03:43 . 2009-11-23 03:43 -------- dc----w- C:\Combo-Fix
2009-11-23 03:42 . 2008-01-19 07:33 318976 ----a-w- c:\windows\system32\CF22162.exe
2009-11-22 23:45 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-22 23:45 . 2009-11-23 22:51 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-22 23:45 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 22:18 . 2009-11-22 22:18 117760 ----a-w- c:\users\blarson.LARSON\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-22 22:18 . 2009-11-22 22:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-22 22:16 . 2009-11-24 20:04 4096 d-----w- c:\program files\SUPERAntiSpyware
2009-11-22 22:16 . 2009-11-22 22:16 -------- d-----w- c:\users\blarson.LARSON\AppData\Roaming\SUPERAntiSpyware.com
2009-11-22 22:03 . 2009-11-22 22:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-22 19:29 . 2009-11-22 19:32 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-22 17:00 . 2009-11-23 03:52 -------- dc----w- C:\$AVG8.VAULT$
2009-11-22 05:55 . 2009-11-23 19:11 -------- d-----w- c:\programdata\AVG7
2009-11-22 05:52 . 2009-11-22 05:52 -------- d-----w- c:\program files\AVG
2009-11-18 20:26 . 2009-11-18 20:26 -------- d-----w- c:\windows\system32\Adobe
2009-11-18 20:24 . 2009-11-18 20:24 -------- d-----w- c:\users\blarson.LARSON\AppData\Local\Deployment
2009-11-17 08:21 . 2009-11-17 08:21 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 08:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 08:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 08:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 08:02 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-17 08:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 08:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 08:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-14 00:23 . 2009-11-14 00:23 -------- d-----w- c:\users\blarson.LARSON\AppData\Local\Apps
2009-11-11 12:21 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 12:18 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 02:49 . 2009-11-10 02:49 -------- d-----w- c:\users\blarson.LARSON\AppData\Roaming\ICAClient
2009-11-10 02:49 . 2009-11-10 02:49 -------- d-----w- c:\program files\Allstate
2009-10-28 04:19 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 04:19 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-23 22:51 . 2007-02-14 17:42 4096 d-----w- c:\programdata\pdf995
2009-11-23 19:42 . 2009-09-11 23:18 4096 d-----w- c:\programdata\McAfee
2009-11-22 05:56 . 2008-04-03 00:12 20480 d-----w- c:\users\blarson.LARSON\AppData\Roaming\AVG7
2009-11-22 05:56 . 2008-04-02 03:32 -------- d-----w- c:\programdata\Grisoft
2009-11-18 20:31 . 2006-12-19 04:14 4096 d-----w- c:\program files\Java
2009-11-17 08:21 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 08:21 . 2009-11-17 08:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 08:20 . 2009-11-17 08:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-14 19:53 . 2008-10-09 01:31 8192 d-----w- c:\users\blarson.LARSON\AppData\Roaming\LimeWire
2009-11-12 08:20 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-12 08:04 . 2006-12-29 06:09 8192 d-----w- c:\programdata\Microsoft Help
2009-11-03 01:42 . 2009-10-02 19:15 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-25 14:51 . 2009-10-24 18:58 256 ----a-w- c:\windows\system32\pool.bin
2009-10-24 19:32 . 2008-11-24 15:19 -------- d-----w- c:\programdata\NCH Swift Sound
2009-10-24 19:32 . 2008-11-24 15:19 -------- d-----w- c:\users\blarson.LARSON\AppData\Roaming\NCH Swift Sound
2009-10-24 19:31 . 2008-11-24 15:19 -------- d-----w- c:\program files\NCH Swift Sound
2009-10-24 19:28 . 2009-10-24 19:24 -------- d-----w- c:\users\blarson.LARSON\AppData\Roaming\WaveMax Sound Editor
2009-10-24 19:16 . 2009-10-24 18:59 -------- d-----w- c:\users\blarson.LARSON\AppData\Roaming\Roxio
2009-10-24 18:58 . 2009-10-24 18:58 -------- d-----w- c:\users\blarson.LARSON\AppData\Roaming\Research In Motion
2009-10-24 18:46 . 2007-11-07 00:55 192632 ----a-w- c:\users\blarson.LARSON\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-24 18:37 . 2009-10-24 18:37 -------- d-----w- c:\programdata\InstallShield
2009-10-24 18:37 . 2007-02-14 02:14 -------- d-----w- c:\programdata\Roxio
2009-10-24 18:35 . 2006-12-29 06:37 4096 d-----w- c:\program files\Common Files\Roxio Shared
2009-10-24 18:35 . 2009-10-24 18:35 4096 d-----w- c:\program files\Common Files\PX Storage Engine
2009-10-24 18:34 . 2009-10-24 18:34 4096 d-----w- c:\program files\Roxio
2009-10-24 18:34 . 2009-10-24 18:34 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-10-24 18:34 . 2006-12-19 04:19 4096 d-----w- c:\program files\Common Files\InstallShield
2009-10-24 18:25 . 2009-10-24 18:25 4096 d-----w- c:\program files\Common Files\Research In Motion
2009-10-23 23:26 . 2009-10-23 23:26 -------- d-----w- c:\users\blarson.LARSON\AppData\Roaming\DJ ToneXpress
2009-10-23 23:26 . 2009-10-23 23:26 8192 d-----w- c:\program files\DJ ToneXpress 4
2009-10-23 22:53 . 2009-10-23 22:53 8192 d-----w- c:\program files\Safari
2009-10-14 07:10 . 2006-12-19 04:58 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-11 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-11 17:18 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-10-11 17:18 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-10-11 17:18 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-10-11 17:17 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-10-11 09:17 . 2008-12-11 19:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-01 01:02 . 2009-11-17 08:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 08:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 08:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 08:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 08:02 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 08:02 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 08:02 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 08:02 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 08:02 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 08:02 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-17 08:02 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-17 08:02 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-17 08:02 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-17 08:02 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-17 08:02 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-27 22:26 . 2009-09-27 22:26 -------- d-----w- c:\users\blarson.LARSON\AppData\Roaming\InterVideo
2009-09-25 02:10 . 2009-11-17 08:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 08:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 08:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 08:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 08:03 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 08:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 08:03 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 08:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 08:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 08:03 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 08:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 08:03 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 08:03 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 08:03 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 08:03 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 08:03 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 08:03 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 08:03 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 08:03 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-17 08:03 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-17 08:03 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 08:03 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 08:03 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 08:03 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 08:03 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-17 08:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-17 08:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-14 06:49 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-14 06:49 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41 . 2009-10-14 06:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-09-02 22:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 22:35 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-14 06:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 06:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 06:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 06:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-11 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-13 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-13 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-13 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-13 81920]
"IndexTray"="c:\program files\Sharp\Sharpdesk\IndexTray.exe" [2004-09-14 106496]
"Indexer"="c:\program files\Sharp\Sharpdesk\Indexer.exe" [2004-09-14 184320]
"SharpTray"="c:\program files\Sharp\Sharpdesk\SharpTray.exe" [2004-09-14 32768]
"TypeRegChecker"="c:\program files\Sharp\Sharpdesk\TypeRegChecker.exe" [2004-09-14 57344]
"FtpServer.exe"="c:\program files\Sharp\Sharpdesk\FtpServer.exe" [2004-09-13 626688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-07 185872]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"AllstateGateway"="c:\program files\allstate\go gateway install\gogatewaymove.exe" [2009-06-26 40624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-16 3784704]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-6-6 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 18:36 73728 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:51,ee,1e,31,98,4a,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-703957162-3266838910-2795822906-1011]
"EnableNotificationsRef"=dword:00000001

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 AM 74480]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 2:27 AM 29262680]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\ssport.sys [7/16/2007 11:17 AM 5120]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [12/18/2006 10:50 PM 227328]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [5/21/2008 3:08 PM 21504]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 AM 7408]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [12/29/2006 1:44 AM 741376]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [12/29/2006 1:43 AM 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [12/29/2006 1:43 AM 1089536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6CDAA4F1-94E1-4EA2-0744-7668B0DFE7DB}]
c:\windows\system32:explorer.exe
.
Contents of the 'Scheduled Tasks' folder

2009-11-24 c:\windows\Tasks\User_Feed_Synchronization-{2CAB3664-3B60-457E-B0E5-456FAA7F861A}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]

2009-11-24 c:\windows\Tasks\User_Feed_Synchronization-{D9B7DF11-104D-4E24-B0BF-177DA5F406D0}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 192.168.1.*;*.local;127.0.0.*;10.0.0.*;192.168.5.*;169.254.128.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: accessallstate.com
Trusted Zone: allstate.com
Trusted Zone: allstate.com\agencygateway
Trusted Zone: allstate.com\agencygateway1
Trusted Zone: allstate.com\agencygateway2
Trusted Zone: allstate.com\allianceweb
Trusted Zone: allstate.com\mymail
Trusted Zone: allstatehelp.com
Trusted Zone: custhelp.com
Trusted Zone: gotoassist.com
Trusted Zone: insmark.com
Trusted Zone: insmark.us
Trusted Zone: insmarkstore.com
Trusted Zone: sumtotalsystems.com
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AllstateGateway32 - %ProgramFiles (x86)%\allstate\go gateway install\gogatewaymove.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4892)
c:\program files\RhinoSoft.com\FTP Voyager\ftpshext.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CISVC.EXE
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Sharp\Sharpdesk\nsapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2009-11-24 15:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-24 20:27
ComboFix2.txt 2008-04-14 21:12
ComboFix3.txt 2008-04-10 22:58
ComboFix4.txt 2008-04-10 17:00
ComboFix5.txt 2009-11-24 19:49

Pre-Run: 52,822,994,944 bytes free
Post-Run: 58,484,355,072 bytes free

- - End Of File - - AF6CF51D1D6E8C7859B3FBF90C0BCF32

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,191 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:00 PM

Posted 24 November 2009 - 06:56 PM

Hi, bjlarson

Please run Win32kDiag.exe once again. This time around, allow the application to finish. You will know as the last sentence in the report will be "Finished".

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,191 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:00 PM

Posted 01 December 2009 - 11:45 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users