Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

LOTS of problems with Open Cloud AV


  • This topic is locked This topic is locked
97 replies to this topic

#1 Criminalicious

Criminalicious

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 04 October 2011 - 07:42 PM

Bleeping Computer Administrators,

I know there are other posts very well explaining how to get out of the terrible situation that is Open Cloud AV. I've dealt with a VERY similar malicious program before. I dealt with it my running Rkill and then Malwarebyte's Anti-Malware. I have recently been infected with Open Cloud AV. I looked up how to remove it, and seeing as the steps were the same, I did the same. Rkill terminated the process, but MBAM would close unexpectedly. I tried to open it with some 'Inherit.exe' but that didn't work. I download Anvira, which I was told worked as well, and that program didn't find Open Cloud on a full scan. I restarted my computer and tried it all again, still to no avail.
I still can't open MBAM, and Rkill doesn't find/doesn't terminate Open Cloud AV.
Also, when trying to create a gmer.exe log, this process was terminated after a few seconds as well.

I'm pretty desperate, and I'm not great with computers.

Thanks for your time,
-Dylan

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_25
Run by Dylan at 18:29:54 on 2011-10-04
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.844 [GMT -6:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\2790989627:3303056473.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Windows\vmsnap3.exe
C:\Windows\Domino.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.bing.com/?pc=Z006&form=ZGAPHP
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hypercam toolbar\tbcore3.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hypercam toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [EADM] "c:\program files\electronic arts\eadm\eadmui\EADMUI.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [VMSnap3] c:\windows\VMSnap3.exe
mRun: [Domino] c:\windows\Domino.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [KYCekIVrzNx0c2b8234A] c:\windows\system32\aibF3pnG5Q6W7R9.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.36.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.87.85.102 68.87.69.150
TCP: Interfaces\{2A115AA3-4A49-4DEC-AF3A-6263B222042B} : DhcpNameServer = 192.168.1.1 68.87.85.102 68.87.69.150
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dylan\appdata\roaming\mozilla\firefox\profiles\gccomtf4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\users\dylan\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-7-13 25896]
R2 5016;5016;c:\windows\temp\5016.sys [2011-10-4 137216]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-6-19 176128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-3 136360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-3 66616]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-12-2 483688]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-8-30 62776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]
R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-4-9 656752]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-3-20 12920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-26 102448]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-12-2 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-12-2 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-12-2 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-12-2 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-12-2 209768]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-10-4 269480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-5-9 2240944]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-3 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2009-12-25 475136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [2009-12-25 1474560]
.
=============== Created Last 30 ================
.
2011-10-04 23:30:25 -------- d-----w- c:\users\dylan\appdata\roaming\ZK8fRL9hTqUeIrO
2011-10-04 23:30:25 -------- d-----w- c:\users\dylan\appdata\roaming\jyxA0uvS2b3n5Q6
2011-10-04 23:10:05 -------- d-----w- c:\users\dylan\appdata\roaming\RqhYXwkUVlB
2011-10-04 23:10:05 -------- d-----w- c:\users\dylan\appdata\roaming\olOBtxP0ySiDoFa
2011-10-04 23:08:19 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5793725a-3241-4794-9629-07d6b5e8d472}\offreg.dll
2011-10-04 22:56:08 -------- d-----w- c:\users\dylan\appdata\roaming\lobF3pmG5Q6W
2011-10-04 22:56:08 -------- d-----w- c:\users\dylan\appdata\roaming\CXwjUCelIrPyAu
2011-10-04 22:56:04 2398208 ----a-w- c:\windows\system32\aibF3pnG5Q6W7R9.exe
2011-10-04 22:53:03 -------- d-----w- c:\users\dylan\appdata\roaming\BwjUVNyc1v2FpGs
2011-10-04 22:53:02 -------- d-----w- c:\users\dylan\appdata\roaming\YERhwVlOBz0c1
2011-10-04 12:39:41 -------- d-----w- c:\users\dylan\appdata\roaming\udEK8fRZ9TwUeIr
2011-10-04 12:39:41 -------- d-----w- c:\users\dylan\appdata\roaming\PNycA1uvDoFpGsJ
2011-10-04 05:22:47 -------- d-----w- c:\users\dylan\appdata\roaming\Avira
2011-10-04 05:15:57 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-04 05:15:56 -------- d-----w- c:\programdata\Avira
2011-10-04 05:15:56 -------- d-----w- c:\program files\Avira
2011-10-04 04:38:54 2398208 ----a-w- c:\users\dylan\appdata\roaming\firefox.exe
2011-10-04 04:37:52 -------- d-----w- c:\users\dylan\appdata\roaming\I6dWK8fRL
2011-10-04 04:37:52 -------- d-----w- c:\users\dylan\appdata\roaming\chTXqjUCeIrOyAu
2011-10-04 04:33:07 -------- d-----w- c:\users\dylan\appdata\roaming\HlIIBBrzPNyx1u
2011-10-04 04:33:07 -------- d-----w- c:\users\dylan\appdata\roaming\F222oobF3pmGaQ6
2011-10-04 04:33:03 -------- d-----w- c:\users\dylan\appdata\roaming\X99hhTXXqjUekBr
2011-10-04 04:33:03 -------- d-----w- c:\users\dylan\appdata\roaming\A0uuvvS2ibF3
2011-10-01 00:30:41 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5793725a-3241-4794-9629-07d6b5e8d472}\mpengine.dll
2011-09-17 00:56:49 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-09-17 00:56:49 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-09-17 00:56:49 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2011-09-17 00:56:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-09-17 00:56:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-09-17 00:56:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-09-17 00:56:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-09-17 00:56:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-09-17 00:56:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-09-17 00:56:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-09-12 04:31:41 -------- d-----w- c:\users\dylan\appdata\local\CrashRpt
2011-09-12 04:30:51 -------- d-----w- c:\users\dylan\appdata\local\Procaster
2011-09-12 04:30:50 -------- d-----w- c:\program files\Livestream Procaster
.
==================== Find3M ====================
.
2011-09-19 01:55:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-13 05:44:15 0 ----a-w- c:\programdata\tmhf.exe
2011-08-13 05:44:15 0 ----a-w- c:\programdata\eyiy.exe
2011-08-13 05:44:15 0 ----a-w- c:\programdata\cbpj.exe
2011-08-13 05:44:14 0 ----a-w- c:\programdata\yndh.exe
2011-07-12 17:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 17:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
.
============= FINISH: 18:31:53.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Criminalicious

Criminalicious
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 04 October 2011 - 11:14 PM

UPDATE: After a few hours, Open Cloud AV seems to have stopped working. Perhaps I was impatient with Rkill.
But Alas, MBAM still crashes as soon as it starts scanning!
I'd much appreciate any help.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 AM

Posted 08 October 2011 - 02:05 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Please download DummyCreator.zip and unzip it.
  • Run the tool.
  • Copy and paste the following into the edit box:

    C:\Windows\2790989627
  • Press Create button and post the content of the Result.txt.

    Important: Restart the computer.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Criminalicious

Criminalicious
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 08 October 2011 - 04:56 PM

Thanks so much, Gringo! Working on it right now
Here's the DummyCreator log:

DummyCreator by Farbar
Ran by Dylan (administrator) on 08-10-2011 at 15:54:55
**************************************************************

C:\Windows\2790989627 [08-10-2011 15:54:56]

== End of log ==

About to restart and run combofix

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 AM

Posted 08 October 2011 - 05:00 PM

ok let me have the report when complete


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Criminalicious

Criminalicious
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 08 October 2011 - 06:44 PM

So. Combofix ran smoothly until this "rootkit zero access" alert came up and it had me reboot.
My computer refuses to start now. It tries to start, but says it has errors and tries to use system restore. It fails. I've tried this many times and I have no idea what to do. Using another computer. Please help :(

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 AM

Posted 08 October 2011 - 08:27 PM

Fix MBR Vista

1.Start your computer from the Windows Vista Installation DVD
2.Press a key when prompted to continue
3.Choose your language, time, keyboard and click Next:
4.Next, click "Repair your Computer":
5.Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:
6.From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
7.Type the following into the "Command Prompt Window": and press enter after each line
bootrec.exe /fixmbr

[/list]
If you have problems booting the computer after you have run that command boot back into the System Recovery Environment and Type the following into the "Command Prompt Window": and press enter

bootrec.exe /fixboot

[/list]8.Remove the Vista Installation DVD and restart your PC.
[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Criminalicious

Criminalicious
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 09 October 2011 - 07:49 PM

So I don't actually have the Vista CD it turns out. I got to the command prompt and ran those .exe's anyways because I'm dumb. Didn't seem to change anything.
In summary: No CD, still locked out of the computer.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 AM

Posted 09 October 2011 - 07:55 PM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Criminalicious

Criminalicious
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 11 October 2011 - 07:20 PM

Working on this now. This doesn't put the clean computer at risk, does it?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 AM

Posted 11 October 2011 - 07:42 PM

no it will not


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Criminalicious

Criminalicious
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 11 October 2011 - 07:43 PM

Seemed to go smoothly! Here's the .txt, should I reboot the sick computer?

Attached Files



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 AM

Posted 11 October 2011 - 07:46 PM

can you paste the report here - you have wordwrap checked and I can't read the report

you can shut it down for now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Criminalicious

Criminalicious
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 11 October 2011 - 07:55 PM

Sure thing.

Tue Oct 11 18:31:47 UTC 2011
Driver report for /mnt/sda2/Windows/System32/drivers
c70a96e788d972a3458e9d51a7258519 fbd.sys has NO Company Name!
5a511ea02adb74cc303578c127f30975 PnkBstrK.sys has NO Company Name!
fa45ba1719ccd5d9df2ce17cb7413a43 taishop.sys has NO Company Name!

b46aa621e7bd4fe150bcc140daceda1b 1394bus.sys
Microsoft Corporation

82b296ae1892fe3dbee00c9cf92f8ac7 acpi.sys
Microsoft Corporation

04f0fcac69c7c71a3ac4eb97fafc8303 adp94xx.sys
Adaptec

60505e0041f7751bdbb80f88bf45c2ce adpahci.sys
Adaptec

8a42779b02aec986eab64ecfc98f8bd7 adpu160m.sys
Adaptec

241c9e37f8ce45ef51c3de27515ca4e5 adpu320.sys
Adaptec

a201207363aa900abf1a388468688570 afd.sys
Microsoft Corporation

13f9e33747e6b41a3ff305c37db0d360 AGP440.sys
Microsoft Corporation

ce91b158fa490cf4c4d487a4130f4660 AGRSM.sys
Agere Systems

9eaef5fc9b8e351afa7e78a6fae91f91 aliide.sys
Acer Laboratories

c47344bc706e5f0b9dce369516661578 AMDAGP.SYS
Microsoft Corporation

9b78a39a4c173fdbc1321e0dd659b34c amdide.sys
Microsoft Corporation

18f29b49ad23ecee3d2a826c725c8d48 amdk7.sys
Microsoft Corporation

93ae7f7dd54ab986a6f1a1b37be7442d amdk8.sys
Microsoft Corporation

5e2a321bd7c8b3624e41fdec3e244945 arcsas.sys
Adaptec

5d2888182fb46632511acee92fdad522 arc.sys
Adaptec

53b202abee6455406254444303e87be1 asyncmac.sys
Microsoft Corporation

1f05b78ab91c9075565a9d8a4b880bc4 atapi.sys
Microsoft Corporation

64b0052340b8ec28fa8a56b708ae71cc ataport.sys
Microsoft Corporation

53df058c7115b3e6259954d2a2dbf8e9 atikmdag.sys
ATI Technologies

5a1465ad2e7c1bc39cda12a355329096 AtiPcie.sys
ATI Technologies

1e4114685de1ffa9675e09c6a1fb3f4b avgntflt.sys
Avira Gmb

0f78d3dae6dedd99ae54c9491c62adf2 avipbb.sys
Avira Gmb

2b8a5a8879238c3ba9a89a8e3ac4e45d battc.sys
Microsoft Corporation

9f5f8f2318dfa3974a6f6a5602733929 bdasup.sys
Microsoft Corporation

67e506b75bd5326a3ec7b70bd014dfb6 beep.sys
Microsoft Corporation

d4df28447741fd3d953526e33a617397 blbdrive.sys
Microsoft Corporation

74b442b2be1260b7588c136177ceac66 bowser.sys
Microsoft Corporation

9f9acc7f7ccde8a15c282d3f88b43309 BrFiltLo.sys
Brother Industries

56801ad62213a41f6497f96dee83755a BrFiltUp.sys
Brother Industries

b1564976d98e91fc764d5dc28a0297da bridge.sys
Microsoft Corporation

b304e75cff293029eddf094246747113 BrSerId.sys
Brother Industries

203f0b1e73adadbbb7b7b1fabd901f6b BrSerWdm.sys
Brother Industries

bd456606156ba17e60a04e18016ae54b BrUsbMdm.sys
Brother Industries

af72ed54503f717a43268b3cc5faec2e BrUsbSer.sys
Brother Industries

ad07c1ec6665b8b35741ab91200c6b68 bthmodem.sys
Microsoft Corporation

7add03e75beb9e6dd102c3081d29840a cdfs.sys
Microsoft Corporation

bf79e659c506674c0497cc9c61f1a165 cdr4_xp.sys
Sonic Solutions

2c41cd49d82d5fd85c72d57b6ca25471 cdralw2k.sys
Sonic Solutions

6b4bffb9becd728097024276430db314 cdrom.sys
Microsoft Corporation

e5d4133f37219dbcfe102bc61072589d circlass.sys
Microsoft Corporation

0767b09c74d935a590b4879d14463b64 Classpnp.sys
Microsoft Corporation

99afc3795b58cc478fbbbcdc658fcb56 CmBatt.sys
Microsoft Corporation

0ca25e686a4928484e9fdabd168ab629 cmdide.sys
CMD Technology

6186b6b953bdc884f0f379b84b3e3a98 COH_Mon.sys
Symantec Corporation

6afef0b60fa25de07c0968983ee4f60a compbatt.sys
Microsoft Corporation

36975327ef03949cc378ab01e316b574 crashdmp.sys
Microsoft Corporation

741e9dff4f42d2d8477d0fc1dc0df871 crcdisk.sys
Microsoft Corporation

1f07becdca750766a96cda811ba86410 crusoe.sys
Microsoft Corporation

218d8ae46c88e82014f5d73d0236d9b2 dfsc.sys
Microsoft Corporation

494075282e23d838f43a4c9fb7143959 Diskdump.sys
Microsoft Corporation

5d4aefc3386920236a548271f8f1af6a disk.sys
Microsoft Corporation

ae1fdf7bf7bb6c6a70f67699d880592a djsvs.sys
Adaptec

80bf3ba09f6f2523c8f6b7cc6dbf7bd5 Dot4Prt.sys
Microsoft Corporation

4f59c172c094e1a1d46463a8dc061cbd Dot4.sys
Microsoft Corporation

c55004ca6b419b6695970dfe849b122f Dot4usb.sys
Microsoft Corporation

97fef831ab90bee128c9af390e243f80 drmkaud.sys
Microsoft Corporation

7be5a3c671a2cb56e94403bfc2020a0d drmk.sys
Microsoft Corporation

c67ebf9c05531c406e1e079ff669a2e6 Dumpata.sys
Microsoft Corporation

eaaafef04fbb45665c9576e525d45a12 dxapi.sys
Microsoft Corporation

5c7e2097b91d689ded7a6ff90f0f3a25 dxgkrnl.sys
Microsoft Corporation

c8d5369bfe193b5fb53337dce77ce314 dxg.sys
Microsoft Corporation

5425f74ac0c1dbd96a1e04f17d63f94c E1G60I32.sys
Intel Corporation

7f64ea048dcfac7acf8b4d7b4e6fe371 ecache.sys
Microsoft Corporation

23b62471681a124889978f6295b3f4c6 elxstor.sys
Emulex

3db974f3935483555d7148663f726c61 errdev.sys
Microsoft Corporation

22b408651f9123527bcee54b4f6c5cae exfat.sys
Microsoft Corporation

1e9b9a70d332103c52995e957dc09ef8 fastfat.sys
Microsoft Corporation

c70a96e788d972a3458e9d51a7258519 fbd.sys

afe1e8b9782a0dd7fb46bbd88e43f89a fdc.sys
Microsoft Corporation

a8c0139a884861e3aae9cfe73b208a9f fileinfo.sys
Microsoft Corporation

0ae429a696aecbc5970e3cf2c62635ae filetrace.sys
Microsoft Corporation

85b7cf99d532820495d68d747fda9ebd flpydisk.sys
Microsoft Corporation

01334f9ea68e6877c4ef05d3ea8abb05 fltMgr.sys
Microsoft Corporation

65ea8b77b5851854f0c55c43fa51a198 fs_rec.sys
Microsoft Corporation

cbc22823628544735625b280665e434e FwLnk.sys
Toshiba Corporation

73594dbc99e22958150192ee99bc48ce FWPKCLNT.SYS
Microsoft Corporation

34582a6e6573d54a07ece5fe24a126b5 GAGP30KX.SYS
Microsoft Corporation

8182ff89c65e4d38b2de4bb0fb18564e GEARAspiWDM.sys
GEAR Software

062452b7ffd68c8c042a6261fe8dff4a hdaudbus.sys
Microsoft Corporation

cb04c744be0a61b1d648faed182c3b59 HdAudio.sys
Microsoft Corporation

1338520e78d90154ed6be8f84de5fceb hidbth.sys
Microsoft Corporation

5961cadb7cad938368d2028725ef771d hidclass.sys
Microsoft Corporation

ff3160c3a2445128c5a6d9b076da519e hidir.sys
Microsoft Corporation

175444d3a01ca45d0e1c5dc5f48df7cd hidparse.sys
Microsoft Corporation

cca4b519b17e23a00b826c55716809cc hidusb.sys
Microsoft Corporation

16ee7b23a009e00d835cdb79574a91a6 HpCISSs.sys
Hewlett-Packard

4d6eb87dcabfd66221822f49cfd79077 http.sys
Microsoft Corporation

95bd3ea81ebe6b8cacafdb6cdab3586c i2omgmt.sys
Microsoft Corporation

c6b032d69650985468160fc9937cf5b4 i2omp.sys
Microsoft Corporation

22d56c8184586b7a1f6fa60be5f5a2bd i8042prt.sys
Microsoft Corporation

54155ea1b0df185878e0fc9ec3ac3a14 iaStorV.sys
Intel Corporation

2d077bf86e843f901d8db709c95b49a5 iirsp.sys
Intel Corp

83aa759f3189e6370c30de5dc5590718 intelide.sys
Microsoft Corporation

224191001e78c89dfa78924c3ea595ff intelppm.sys
Microsoft Corporation

62c265c38769b864cb25b4bcf62df6c3 ipfltdrv.sys
Microsoft Corporation

b25aaf203552b7b3491139d582b39ad1 IPMIDrv.sys
Microsoft Corporation

8793643a67b42cec66490b2a0cf92d68 ipnat.sys
Microsoft Corporation

e50a95179211b12946f7e035d60af560 irda.sys
Microsoft Corporation

109c0dfb82c3632fbd11949b73aeeac9 irenum.sys
Microsoft Corporation

6c70698a3e5c4376c6ab5c7c17fb0614 isapnp.sys
Microsoft Corporation

bced60d16156e428f8df8cf27b0df150 iteatapi.sys
Integrated Technology Express

06fa654504a498c30adca8bec4e87e7e iteraid.sys
Integrated Technology Express

37605e0a8cf00cbba538e753e4344c6e kbdclass.sys
Microsoft Corporation

18247836959ba67e3511b62846b9c2e0 kbdhid.sys
Microsoft Corporation

86165728af9bf72d6442a894fdfb4f8b ksecdd.sys
Microsoft Corporation

ef73c1e29fbe7b0fd0274bf4394e346a ks.sys
Microsoft Corporation

9419faac6552a51542dbba02971c841c lgusbbus.sys
tH`,bbVS_VERSION_INFOtt?hStringFileInfoDbCommentsHCompanyNameLGElectronicsInc.l"FileDescriptionLGCDMAUSBMultifunctionDriverbFileVersionVer....aInternalNameUSBBUSh"LegalCopyrightLGElectronicsInc.Seoul,Korea.l"LegalTrademarksLGElectronicsInc.Seoul,Korea.BrOriginalFilenamelgusbbus.sysPrivateBuildd"ProductNameLGCDMAUSBMultifunctionDriver<bProductVersionVer...SpecialBuildDVarFileInfo$TranslationtlCb

c0a466fa4ffec464320e159bc1bbdc0c lgusbdiag.sys
tH`EVS_VERSION_INFOtt?dStringFileInfo@bCommentsHCompanyNameLGElectronicsInc.fFileDescriptionLGCDMAUSBDiagnosticsDriverbFileVersionVer...nInternalNameLGUSBDIAGh"LegalCopyrightLGElectronicsInc.Seoul,Korea.l"LegalTrademarksLGElectronicsInc.Seoul,Korea.DOriginalFilenamelgusbdiag.sysPrivateBuild^ProductNameLGCDMAUSBDiagnosticsDriver<bProductVersionVer...SpecialBuildDVarFileInfo$TranslationtOYd

f74a54774a9b0afeb3c40adec68aa600 lgusbmodem.sys
tHWVS_VERSION_INFOtt?TStringFileInfobCommentsHCompanyNameLGElectronicsInc.ZFileDescriptionLGCDMAUSBModemDriverbFileVersionVer...vInternalNameLGUSBMODEMh"LegalCopyrightLGElectronicsInc.Seoul,Korea.l"LegalTrademarksLGElectronicsInc.Seoul,Korea.FOriginalFilenamelgusbmodem.sysPrivateBuildRProductNameLGCDMAUSBModemDriver<bProductVersionVer...SpecialBuildDVarFileInfo$Translationt*

d1c5883087a0c3f1344d9d55a44901f6 lltdio.sys
Microsoft Corporation

c7e15e82879bf3235b559563d4185365 lsi_fc.sys
LSI Logic

ee01ebae8c9bf0fa072e0ff68718920a lsi_sas.sys
LSI Logic

912a04696e9ca30146a62afa1463dd5c lsi_scsi.sys
LSI Logic

8f5c7426567798e62a3b3614965d62cc luafv.sys
Microsoft Corporation

0905dc0814d738cff53577a59ccd81e0 mbamswissarmy.sys
Malwarebytes Corporation

69a6268d7f81e53d568ab4e7e991caf3 mbam.sys
Malwarebytes Corporation

b271ec02e71271a2da28b3b7bc4e4f15 mcd.sys
Microsoft Corporation

0001ce609d66632fa17b84705f658879 megasas.sys
LSI Corporation

c252f32cd9a49dbfc25ecf26ebd51a99 MegaSR.sys
LSI Corporation

e13b5ea0f51ba5b1512ec671393d09ba modem.sys
Microsoft Corporation

0a9bb33b56e294f686abb7c1e4e2d8a8 monitor.sys
Microsoft Corporation

5bf6a1326a335c5298477754a506d263 mouclass.sys
Microsoft Corporation

93b8d4869e12cfbe663915502900876f mouhid.sys
Microsoft Corporation

bdafc88aa6b92f7842416ea6a48e1600 mountmgr.sys
Microsoft Corporation

511d011289755dd9f9a7579fb0b064e6 mpio.sys
Microsoft Corporation

22241feba9b2defa669c8cb0a8dd7d2e mpsdrv.sys
Microsoft Corporation

4fbbb70d30fd20ec51f80061703b001e Mraid35x.sys
LSI Logic

82cea0395524aacfeb58ba1448e8325c mrxdav.sys
Microsoft Corporation

346611d7523b520faa86b76753cc9874 mrxsmb10.sys
Microsoft Corporation

c70c50d101b92b45c42ba11ea9fe6cd1 mrxsmb20.sys
Microsoft Corporation

66de1a2b389a1969ca1751b276108e45 mrxsmb.sys
Microsoft Corporation

5457dcfa7c0da43522f4d9d4049c1472 msahci.sys
Microsoft Corporation

4468b0f385a86ecddaf8d3ca662ec0e7 msdsm.sys
Microsoft Corporation

a9927f4a46b816c92f461acb90cf8515 msfs.sys
Microsoft Corporation

0f400e306f385c56317357d6dea56f62 msisadrv.sys
Microsoft Corporation

232fa340531d940aac623b121a595034 msiscsi.sys
Microsoft Corporation

d8c63d34d9c9e56c059e24ec7185cc07 mskssrv.sys
Microsoft Corporation

1d373c90d62ddb641d50e55b9e78d65e mspclock.sys
Microsoft Corporation

b572da05bf4e098d4bba3a4734fb505b mspqm.sys
Microsoft Corporation

b49456d70555de905c311bcda6ec6adb msrpc.sys
Microsoft Corporation

e384487cb84be41d09711c30ca79646c mssmbios.sys
Microsoft Corporation

7199c1eec1e4993caf96b8c0a26bd58a mstee.sys
Microsoft Corporation

6a57b5733d4cb702c8ea4542e836b96c mup.sys
Microsoft Corporation

1357274d1883f68300aeadd15d7bbb42 ndis.sys
Microsoft Corporation

0e186e90404980569fb449ba7519ae61 ndistapi.sys
Microsoft Corporation

d6973aa34c4d5d76c0430b181c3cd389 ndisuio.sys
Microsoft Corporation

818f648618ae34f729fdb47ec68345c3 ndiswan.sys
Microsoft Corporation

71dab552b41936358f3b541ae5997fb3 ndproxy.sys
Microsoft Corporation

bcd093a5a6777cf626434568dc7dba78 netbios.sys
Microsoft Corporation

ecd64230a59cbd93c85f1cd1cab9f3f6 netbt.sys
Microsoft Corporation

063ee4d3cb88a14eab9901875cee98b1 netio.sys
Microsoft Corporation

2e7fb731d4790a1bc6270accefacb36e nfrd960.sys
IBM Corp

d36f239d7cce1931598e8fb90a0dbc26 npfs.sys
Microsoft Corporation

609773e344a97410ce4ebf74a8914fcf nsiproxy.sys
Microsoft Corporation

6a4a98cee84cf9e99564510dda4baa47 ntfs.sys
Microsoft Corporation

e875c093aec0c978a90f30c9e0dfbb72 ntrigdigi.sys
N-trig Innovative Technologies

c5dbbcda07d780bda9b685df333bb41e null.sys
Microsoft Corporation

18bbdf913916b71bd54575bdb6eeac0b NV_AGP.SYS
Microsoft Corporation

2edf9e7751554b42cbb60116de727101 nvraid.sys
NVIDIA Corporation

abed0c09758d1d97db0042dbb2688177 nvstor.sys
NVIDIA Corporation

85c44fdff9cf7e72a40dcb7ec06a4416 nwifi.sys
Microsoft Corporation

be32da025a0be1878f0ee8d6d9386cd5 ohci1394.sys
Microsoft Corporation

99514faa8df93d34b5589187db3aa0ba pacer.sys
Microsoft Corporation

0fa9b5055484649d63c303fe404e5f4d parport.sys
Microsoft Corporation

57389fa59a36d96b3eb09d0cb91e9cdc partmgr.sys
Microsoft Corporation

4f9a6a8a31413180d0fcb279ad5d8112 parvdm.sys
Microsoft Corporation

1636d43f10416aeb483bc6001097b26c pciide.sys
Microsoft Corporation

6429d10c5d149ac9eb2d95052a390cff pciidex.sys
Microsoft Corporation

941dc1d19e7e8620f40bbc206981efdb pci.sys
Microsoft Corporation

e6f3fb1b86aa519e7698ad05e58b04e5 pcmcia.sys
Microsoft Corporation

6349f6ed9c623b44b52ea3c63c831a92 PEAuth.sys
Microsoft Corporation

5a511ea02adb74cc303578c127f30975 PnkBstrK.sys

218286724ec530ff252648369e05b090 portcls.sys
Microsoft Corporation

2027293619dd0f047c584cf2e7df4ffd processr.sys
Microsoft Corporation

49452bfcec22f36a7a9b9c2181bc3042 pxhelp20.sys
Sonic Solutions

0a6db55afb7820c99aa1f3a1d270f4f6 ql2300.sys
QLogic Corporation

81a7e5c076e59995d54bc1ed3a16e60b ql40xx.sys
QLogic Corporation

9f5e0e1926014d17486901c88eca2db7 qwavedrv.sys
Microsoft Corporation

147d7f9c556d259924351feb0de606c3 rasacd.sys
Microsoft Corporation

a214adbaf4cb47dd2728859ef31f26b0 rasl2tp.sys
Microsoft Corporation

509a98dd18af4375e1fc40bc175f1def raspppoe.sys
Microsoft Corporation

ecfffaec0c1ecd8dbc77f39070ea1db1 raspptp.sys
Microsoft Corporation

2005f4a1e05fa09389ac85840f0a9e4d rassstp.sys
Microsoft Corporation

b14c9d5b9add2f84f70570bbbfaa7935 rdbss.sys
Microsoft Corporation

89e59be9a564262a3fb6c4f4f1cd9899 RDPCDD.sys
Microsoft Corporation

fbc0bacd9c3d7f6956853f64a66e252d rdpdr.sys
Microsoft Corporation

9d91fe5286f748862ecffa05f8a0710c RDPENCDD.sys
Microsoft Corporation

30bfbdfb7f95559ede971f9ddb9a00ba rdpwd.sys
Microsoft Corporation

eec7ee5675294b03e88aa868540007c1 rmcast.sys
Microsoft Corporation

d9225d107e40d0fa5c5069446759c8e9 RNDISMP.sys
Microsoft Corporation

75e8a6bfa7374aba833ae92bf41ae4e6 rootmdm.sys
Microsoft Corporation

9c508f4074a39e8b4b31d27198146fad rspndr.sys
Microsoft Corporation

3d40dd1831ed82a9ff660949506aad56 RTKVHDA.sys
Realtek Semiconductor

68f6a5488432f4c8d73e9a9d405f11d6 RTL8187Se.sys
Realtek Semiconductor

470253597930e765dd08b30e723c1fa2 Rtlh86.sys
?bStringFileInfoBCompanyNameRealtek*

0d60b8c10a2c5e8dd620b3fdeb1cda64 RtlProt.sys
?b"StringFileInfoBv+CompanyNameWindows®CodenameLonghornDDKprovider^FileDescriptionRealtekUtilityI/ODriver`FileVersion...builtby:WinDDKbInternalNameRTLPROT.SYS.LegalCopyrightMicrosoftCorporation.Allrightsreserved.@bOriginalFilenameRTLPROT.SYSr)ProductNameWindows®CodenameLonghornDDKdriverBProductVersion...DVarFileInfo$Translation*

f5825e41286556ddb8cc83a91d88f3c6 RTSTOR.sys
Realtek Semiconductor

3ce8f073a557e172b330109436984e30 sbp2port.sys
Microsoft Corporation

6f5ca34ae885645acf8a20d564db976c scsiport.sys
Microsoft Corporation

90a3935d05b494a5a39d37e71f09a677 secdrv.sys
Macrovision Corporation

68e44e331d46f0fb38f0863a84cd1a31 serenum.sys
Microsoft Corporation

c70d69a918b178d3c3b06339b40c2e1b serial.sys
Microsoft Corporation

8af3d28a879bf75db53a0ee7a4289624 sermouse.sys
Microsoft Corporation

3efa810bdca87f6ecc24f9832243fe86 sffdisk.sys
Microsoft Corporation

e95d451f7ea3e583aec75f3b3ee42dc5 sffp_mmc.sys
Microsoft Corporation

3d0ea348784b7ac9ea9bd9f317980979 sffp_sd.sys
Microsoft Corporation

46ed8e91793b2e6f848015445a0ac188 sfloppy.sys
Microsoft Corporation

74744f4d9eb18ddd0eb45e03cfdd648e Sftfslh.sys
Microsoft Corporation

cbc5be6f81e86cc73656e61767002da9 Sftplaylh.sys
Microsoft Corporation

961e50666e6d6949328b1ffbc33adf43 Sftredirlh.sys
Microsoft Corporation

c8c02c8fe267751ec62b7e7d8d214c63 Sftvollh.sys
Microsoft Corporation

1d76624a09a054f682d746b924e2dbc3 SISAGP.SYS
Microsoft Corporation

43cb7aa756c7db280d01da9b676cfde2 sisraid2.sys
Microsoft Corporation

a99c6c8b0baa970d8aa59ddc50b57f94 sisraid4.sys
Silicon Integrated Systems

7b75299a4d201d6a6533603d6914ab04 smb.sys
Microsoft Corporation

a7d7ea1771d2ed6f39a8063e79b6c3e8 smclib.sys
Microsoft Corporation

7aebdeef071fe28b0eef2cdd69102bff spldr.sys
Microsoft Corporation

a7f8bad9590addc425b4003e94780dfa spsys.sys
Microsoft Corporation

c668edee729925635c254b04e70f9493 srtspl.sys
Symantec Corporation

11564fd80e0d2fc80b904a5bcbf8d761 srtsp.sys
Symantec Corporation

73d9add286baebdbf636eb53acf64e12 srtspx.sys
Symantec Corporation

6b6f3658e0a58c6c50c5f7fbdf3df633 srv2.sys
Microsoft Corporation

0c5ab1892ae0fa504218db094bf6d041 srvnet.sys
Microsoft Corporation

0debafcc0e3591fca34f077cab62f7f7 srv.sys
Microsoft Corporation

a36ee93698802cd899f98bfd553d8185 ssmdrv.sys
Avira Gmb

47e55afe1ed1d5aff09690db226f4a7a Storport.sys
Microsoft Corporation

70a92e46a2f459cdede3ca558cb26b6a stream.sys
Microsoft Corporation

7ba58ecf0c0a9a69d44b3dca62becf56 swenum.sys
Microsoft Corporation

192aa3ac01df071b541094f251deed10 symc8xx.sys
LSI Logic

1d8fb1e5d6859d38e3ebca5febc6839f symdns.sys
Symantec Corporation

e03ee3ef1037099554d17bed99545a5e SYMEVENT.SYS
Symantec Corporation

91fcddf2cbaf898126ae7dfa5ce570ed symfw.sys
Symantec Corporation

8c8eb8c76736ebaf3b13b633b2e64125 sym_hi.sys
LSI Logic

9584e278787ad65e82eec5694f77cb54 symids.sys
Symantec Corporation

60350bc7919e6e45dd8130ad55665f48 symndisv.sys
Symantec Corporation

9181892e5af5df8d2ac3d9d2cea48afd symredrv.sys
Symantec Corporation

d539f317e6caaa4e08911a84c2180938 symtdi.sys
Symantec Corporation

8072af52b5fd103bbba387a1e49f62cb sym_u3.sys
LSI Logic

8fe2c9649ffe62143965f8d16b08be28 SynTP.sys
Synaptics

47e40b633e93f5b8d4e16b60cb972c7b SysPlant.sys
Symantec Corporation

fa45ba1719ccd5d9df2ce17cb7413a43 taishop.sys

1239fd18895040d97b7cdbc19bc2075e tape.sys
Microsoft Corporation

608c345a255d82a6289c2d468eb41fd7 tcpipreg.sys
Microsoft Corporation

da467e7619ae5f4588e6262c13c8940a tcpip.sys
Microsoft Corporation

6fdfba25002ce4bac463ac866ae71405 tdcmdpst.sys
Toshiba Corporation

77937eff009ac696b90e09f671f9d0a4 tdi.sys
Microsoft Corporation

5dcf5e267be67a1ae926f2df77fbcc56 tdpipe.sys
Microsoft Corporation

389c63e32b3cefed425b61ed92d3f021 tdtcp.sys
Microsoft Corporation

76b06eb8a01fc8624d699e7045303e54 tdx.sys
Microsoft Corporation

94fb26d72326851e914b9fd988e1aa47 Teefer2.sys
Symantec Corporation

3cad38910468eab9a6479e2f01db43c7 termdd.sys
Microsoft Corporation

4399a9bf7d8f49991a07fd86590a1619 tos_sps32.sys
Toshiba Corporation

dcf0f056a2e4f52287264f5ab29cf206 tssecsrv.sys
Microsoft Corporation

caecc0120ac49e3d2f758b9169872d38 TUNMP.SYS
Microsoft Corporation

119b8184e106baedc83fce5ddf3950da tunnel.sys
Microsoft Corporation

009aecd4c19209b09669a6615ea1e889 TVALZFL.sys
Toshiba Corporation

792a8b80f8188aba4b2be271583f3e46 TVALZ_O.SYS
Toshiba Corporation

7d33c4db2ce363c8518d2dfcf533941f UAGP35.SYS
Microsoft Corporation

d9728af68c4c7693cb100b8441cbdec6 udfs.sys
Microsoft Corporation

b0acfdc9e4af279e9116c03e014b2b27 ULIAGPKX.SYS
Microsoft Corporation

9224bb254f591de4ca8d572a5f0d635c uliahci.sys
ULi Electronics

38c3c6e62b157a6bc46594fada45c62b ulsata2.sys
Promise Technology

8514d0e5cd0534467c5fc61be94a569f ulsata.sys
Promise Technology

32cff9f809ae9aed85464492bf3e32d2 umbus.sys
Microsoft Corporation

88bd96a1baeed33ee8bdf9499c07a841 umpass.sys
Microsoft Corporation

830d5d8456b822c1247c1e59b4c464fa usb8023.sys
Microsoft Corporation

83cafcb53201bbac04d822f32438e244 usbaapl.sys
Apple

32db9517628ff0d070682aab61e688f0 USBAUDIO.sys
Microsoft Corporation

eae017d3aa298374a1967b96c379c5ab USBCAMD2.sys
Microsoft Corporation

d06f193f3e9cc3b356df97f6a43c054a USBCAMD.sys
Microsoft Corporation

caf811ae4c147ffcd5b51750c7f09142 usbccgp.sys
Microsoft Corporation

e9476e6c486e76bc4898074768fb7131 usbcir.sys
Microsoft Corporation

790fdac6d0c762df9047c3c625a6ff6c usbd.sys
Microsoft Corporation

79e96c23a97ce7b8f14d310da2db0c9b usbehci.sys
Microsoft Corporation

4673bbcb006af60e7abddbe7a130ba42 usbhub.sys
Microsoft Corporation

ce697fee0d479290d89bec80dfe793b7 usbohci.sys
Microsoft Corporation

a1c100a87d981ad0774fbc0b4b82e913 usbport.sys
Microsoft Corporation

e75c4b5269091d15a2e7dc0b6d35f2f5 usbprint.sys
Microsoft Corporation

a508c9bd8724980512136b039bba65e9 usbscan.sys
Microsoft Corporation

be3da31c191bc222d9ad503c5224f2ad USBSTOR.SYS
Microsoft Corporation

814d653efc4d48be3b04a307eceff56f usbuhci.sys
Microsoft Corporation

e67998e8f14cb0627a769f6530bcb352 usbvideo.sys
Microsoft Corporation

b250b8e44e6e05a0f237c258d0b7f10c usbVM303.sys
?StringFileInfobbCommentssupportVA,multi-camera,noexpire,finalversionHCompanyNameVimicroCorporation|*FileDescriptionVideostreamingandCaptureDeviceDriver>FileVersion,,,nLegalCopyrightVM..BrOriginalFilenameusbVM.sysBProductVersion,,,DVarFileInfo$Translationt*

87b06e1f30b749a114f74622d013f8d4 vgapnp.sys
Microsoft Corporation

2e93ac0a1d8c79d019db6c51f036636c vga.sys
Microsoft Corporation

5d7159def58a800d5781ba3a879627bc VIAAGP.SYS
Microsoft Corporation

c4f3a691b5bad343e6249bd8c2d45dee viac7.sys
Microsoft Corporation

aadf5587a4063f52c2c3fed7887426fc viaide.sys
VIA Technologies

c048d2c33d27441a0cdcaae2651eb03d videoprt.sys
Microsoft Corporation

69503668ac66c77c6cd7af86fbdf8c43 volmgr.sys
Microsoft Corporation

23e41b834759917bfd6b9a0d625d0c28 volmgrx.sys
Microsoft Corporation

147281c01fcb1df9252de2a10d5e7093 volsnap.sys
Microsoft Corporation

587253e09325e6bf226b299774b728a9 vsmraid.sys
VIA Technologies

b952b84bf21c13027258a3f027511dda vvftav303.sys
bH)aVS_VERSION_INFObaXStringFileInfobHCompanyNameVimicroCorporationJFileDescriptionFilterPrototypebFileVersion...vInternalNamefilter.sysr'LegalCopyrightCopyright©VimicroCorporation>vOriginalFilenamefilter.sysvProductNameFilter,ProductVersion.DVarFileInfo$Translationt*

48dfee8f1af7c8235d4e626f0c4fe031 wacompen.sys
Microsoft Corporation

55201897378cca7af8b5efd874374a26 wanarp.sys
Microsoft Corporation

4a5c31e2c1646034e6a60eba4c747ff6 watchdog.sys
Microsoft Corporation

b6f0a7ad6d4bd325fbcd8bac96cd8d96 Wdf01000.sys
Microsoft Corporation

b4fc6dd9167b058e6dbe6cb14acfa2cb WdfLdr.sys
Microsoft Corporation

78fe9542363f297b18c027b2d7e7c07f wd.sys
Microsoft Corporation

72b5b3c935cc0e38272387fc7b6dce34 WGX.SYS
Symantec Corporation

2e7255d172df0b8283cdfb7b433b864e wmiacpi.sys
Microsoft Corporation

c546864eed786304762d030febf6b411 wmilib.sys
Microsoft Corporation

b0c73e3c023e4014866966a615d7db5e WPSDRVnt.sys
Symantec Corporation

476c96adf6824a79707d131c00d6beaf WpsHelper.sys
Symantec Corporation

e3a3cb253c0ec2494d4a61f5e43a389c ws2ifsl.sys
Microsoft Corporation

13b5f255e90624a5ba0441d39cfb6be2 WUDFPf.sys
Microsoft Corporation

ac13cb789d93412106b0fb6c7eb2bcb6 WUDFRd.sys
Microsoft Corporation

Hope you know what that means, 'cause I don't hahah. Thanks again for the help, you are a life saver.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 AM

Posted 11 October 2011 - 07:58 PM

  • Boot the computer with the USB drive again.
  • Click on File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see driver.sh.
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh -f
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    fbd.sys

  • Press Enter
  • If succesful, the script will search this file.
  • After it has finished a report will be located in the USB drive as filefind.txt

Please note - all text entries are case sensitive

Copy and paste the filefind.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users