Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hidrag.a


  • This topic is locked This topic is locked
3 replies to this topic

#1 thiagodalgalo

thiagodalgalo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 27 April 2012 - 07:57 PM

Hi!

I am with a malware or virus (I dont know) and i tried kaspersky antivirus. The name that the program found was hidrag.a

I will send the log from combofix.exe




ComboFix 12-04-27.02 - THIAGO 04/27/2012 21:37:14.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4014.2458 [GMT -3:00]
Running from: c:\users\THIAGO\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Phone\Skype.exe
c:\users\THIAGO\AppData\Roaming\Microsoft\~DFK19cef2.tmp
c:\users\THIAGO\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\THIAGO\AppData\Roaming\Microsoft\bass.dll
c:\users\THIAGO\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\THIAGO\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\THIAGO\AppData\Roaming\Microsoft\peaadje.dll
c:\users\THIAGO\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\THIAGO\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\lsprst7.dll
c:\windows\SysWow64\nsprs.dll
c:\windows\SysWow64\serauth1.dll
c:\windows\SysWow64\serauth2.dll
c:\windows\SysWow64\ssprs.dll
c:\windows\SysWow64\urttemp
c:\windows\SysWow64\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-28 00:47 . 2012-04-28 00:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-25 23:07 . 2012-04-28 00:32 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-25 23:07 . 2012-04-25 23:07 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-04-22 17:18 . 2012-04-22 17:33 -------- d-----w- c:\programdata\Video Strip Poker Supreme
2012-04-18 23:19 . 2012-04-18 23:19 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-04-18 19:50 . 2012-04-18 19:50 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-04-18 19:34 . 2012-04-26 09:28 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-17 23:44 . 2012-04-17 23:44 -------- d-----w- c:\users\THIAGO\AppData\Local\Mozilla
2012-04-17 23:33 . 2012-04-17 23:33 -------- d-----w- c:\windows\Sun
2012-04-17 10:50 . 2012-04-17 10:50 -------- d-----w- c:\program files\ChemExpert
2012-04-17 10:41 . 2012-04-17 10:49 -------- d-----w- c:\program files (x86)\Chemical Equation Expert
2012-04-07 13:51 . 2012-04-07 13:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-07 13:51 . 2012-04-07 13:51 -------- d-----w- c:\program files (x86)\Java
2012-04-07 13:29 . 2012-04-13 11:22 -------- d-----w- c:\users\THIAGO\AppData\Roaming\.minecraft
2012-04-07 01:50 . 2012-04-07 01:50 -------- d-----w- c:\users\THIAGO\AppData\Roaming\AspenTech
2012-04-05 22:29 . 2012-04-05 22:29 -------- d-----w- c:\users\THIAGO\AppData\Local\Facebook
2012-04-04 10:46 . 2012-04-26 06:33 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CE5A4DA-1A7E-43DE-B7A7-9103F07AB066}\offreg.dll
2012-04-02 11:07 . 2012-04-02 11:08 -------- d-----w- c:\users\THIAGO\AppData\Local\Microsoft Games
2012-04-01 23:36 . 2012-04-28 00:31 -------- d-----r- c:\users\THIAGO\Dropbox
2012-04-01 23:34 . 2012-04-28 00:31 -------- d-----w- c:\users\THIAGO\AppData\Roaming\Dropbox
2012-03-30 13:19 . 2012-04-28 00:32 -------- d-----w- c:\users\THIAGO\AppData\Local\Windows Live
2012-03-30 01:24 . 2012-03-30 01:24 -------- d-----w- c:\programdata\2DBoy
2012-03-30 01:23 . 2012-03-30 01:24 -------- d-----w- c:\program files (x86)\WorldOfGoo
2012-03-29 18:44 . 2012-03-29 18:44 -------- d-----w- c:\program files (x86)\EA Games
2012-03-29 00:55 . 2012-04-20 18:49 -------- d-----w- c:\program files (x86)\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 09:28 . 2006-10-26 16:45 293376 ----a-w- c:\windows\SysWow64\WISPTIS.EXE
2012-04-26 09:28 . 1997-10-22 13:10 470552 ----a-w- c:\windows\SysWow64\GSW32.EXE
2012-04-26 09:28 . 2012-03-24 19:03 118784 ----a-w- c:\windows\DiabUnin.exe
2012-04-18 19:34 . 2012-03-08 03:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-07 13:51 . 2012-03-19 14:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 13:24 . 2011-03-28 21:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-24 19:03 . 2012-03-24 19:03 2829 ----a-w- c:\windows\DiabUnin.pif
2012-03-19 14:47 . 2012-03-19 14:47 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-03-19 14:47 . 2012-03-19 14:47 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-03-19 14:47 . 2012-03-19 14:47 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-03-14 03:27 . 2012-03-25 18:18 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CE5A4DA-1A7E-43DE-B7A7-9103F07AB066}\mpengine.dll
2012-03-11 23:07 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-11 23:07 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-11 05:45 . 2012-03-11 05:45 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-03-08 21:50 . 2012-03-08 21:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 05:49 . 2012-03-08 05:49 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2012-03-08 05:49 . 2012-03-08 05:49 151552 ----a-w- c:\windows\KMService.exe
2012-03-08 04:44 . 2012-03-08 04:44 9621608 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-03-08 04:44 . 2012-03-08 04:44 733800 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-08 04:44 . 2012-03-08 04:44 678504 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-08 04:44 . 2012-03-08 04:44 649832 ----a-w- c:\windows\system32\nvudisp.exe
2012-03-08 04:44 . 2012-03-08 04:44 4452968 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-08 04:44 . 2012-03-08 04:44 323176 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-03-08 04:44 . 2012-03-08 04:44 3214952 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-08 04:44 . 2012-03-08 04:44 260712 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-03-08 04:44 . 2012-03-08 04:44 2361448 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-08 04:44 . 2012-03-08 04:44 1748584 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-08 04:44 . 2012-03-08 04:44 1530472 ----a-w- c:\windows\SysWow64\nvencodemft.dll
2012-03-08 04:44 . 2012-03-08 04:44 14725224 ----a-w- c:\windows\system32\nvoglv64.dll
2012-03-08 04:44 . 2012-03-08 04:44 1317480 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-08 04:44 . 2012-03-08 04:44 11696616 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-08 04:44 . 2012-03-08 04:44 10668648 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-08 04:44 . 2012-03-08 04:32 7723112 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-08 04:44 . 2012-03-08 04:44 239208 ----a-w- c:\windows\system32\nvcod189.dll
2012-03-08 04:44 . 2012-03-08 04:44 239208 ----a-w- c:\windows\system32\nvcod.dll
2012-03-08 04:44 . 2012-03-08 04:32 1314408 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-08 04:44 . 2012-03-08 04:32 1063528 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-07 17:30 . 2012-03-07 17:30 99016 ----a-w- c:\windows\system32\RTEEL64A.dll
2012-03-07 17:30 . 2012-03-07 17:30 81232 ----a-w- c:\windows\system32\SFCOM64.dll
2012-03-07 17:30 . 2012-03-07 17:30 78952 ----a-w- c:\windows\system32\RCoInst64.dll
2012-03-07 17:30 . 2012-03-07 17:30 78160 ----a-w- c:\windows\system32\SFAPO64.dll
2012-03-07 17:30 . 2012-03-07 17:30 76488 ----a-w- c:\windows\system32\RTEEG64A.dll
2012-03-07 17:30 . 2012-03-07 17:30 74064 ----a-w- c:\windows\SysWow64\SFCOM.dll
2012-03-07 17:30 . 2012-03-07 17:30 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2012-03-07 17:30 . 2012-03-07 17:30 504592 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll
2012-03-07 17:30 . 2012-03-07 17:30 489744 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll
2012-03-07 17:30 . 2012-03-07 17:30 476264 ----a-w- c:\windows\system32\RtkApi64.dll
2012-03-07 17:30 . 2012-03-07 17:30 474896 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll
2012-03-07 17:30 . 2012-03-07 17:30 375400 ----a-w- c:\windows\system32\RCoRes64.dat
2012-03-07 17:30 . 2012-03-07 17:30 372936 ----a-w- c:\windows\system32\RTEEP64A.dll
2012-03-07 17:30 . 2012-03-07 17:30 334848 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2012-03-07 17:30 . 2012-03-07 17:30 334680 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
2012-03-07 17:30 . 2012-03-07 17:30 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2012-03-07 17:30 . 2012-03-07 17:30 330656 ----a-w- c:\windows\system32\FMAPO64.dll
2012-03-07 17:30 . 2012-03-07 17:30 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2012-03-07 17:30 . 2012-03-07 17:30 315152 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll
2012-03-07 17:30 . 2012-03-07 17:30 307920 ----a-w- c:\windows\system32\RP3DHT64.dll
2012-03-07 17:30 . 2012-03-07 17:30 307920 ----a-w- c:\windows\system32\RP3DAA64.dll
2012-03-07 17:30 . 2012-03-07 17:30 268560 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll
2012-03-07 17:30 . 2012-03-07 17:30 265488 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll
2012-03-07 17:30 . 2012-03-07 17:30 2619496 ----a-w- c:\windows\system32\RtkAPO64.dll
2012-03-07 17:30 . 2012-03-07 17:30 2601816 ----a-w- c:\windows\system32\WavesGUILib.dll
2012-03-07 17:30 . 2012-03-07 17:30 2447592 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-03-07 17:30 . 2012-03-07 17:30 220496 ----a-w- c:\windows\system32\SFNHK64.dll
2012-03-07 17:30 . 2012-03-07 17:30 2197264 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2012-03-07 17:30 . 2012-03-07 17:30 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2012-03-07 17:30 . 2012-03-07 17:30 2036328 ----a-w- c:\windows\system32\RtPgEx64.dll
2012-03-07 17:30 . 2012-03-07 17:30 201928 ----a-w- c:\windows\system32\RTEED64A.dll
2012-03-07 17:30 . 2012-03-07 17:30 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2012-03-07 17:30 . 2012-03-07 17:30 1756160 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2012-03-07 17:30 . 2012-03-07 17:30 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2012-03-07 17:30 . 2012-03-07 17:30 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2012-03-07 17:30 . 2012-03-07 17:30 1325328 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll
2012-03-07 17:30 . 2012-03-07 17:30 124128 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
2012-03-07 17:30 . 2012-03-07 17:30 124128 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
2012-03-07 17:30 . 2012-03-07 17:30 123104 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll
2012-03-07 17:30 . 2012-03-07 17:30 1213544 ----a-w- c:\windows\system32\RTCOM64.dll
2012-03-07 17:30 . 2012-03-07 17:30 1178384 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll
2012-03-07 17:30 . 2012-03-07 17:30 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2012-03-07 17:30 . 2012-03-07 17:30 1110800 ----a-w- c:\windows\system32\DTSBoostDLL64.dll
2012-03-07 17:30 . 2012-03-07 17:30 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2012-03-07 17:30 . 2012-03-07 17:30 108960 ----a-w- c:\windows\system32\AERTAR64.dll
2012-03-07 17:30 . 2012-03-07 17:25 1251944 ----a-w- c:\windows\RtlExUpd.dll
2012-02-23 12:18 . 2012-03-07 18:36 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-25 17:43 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-25 17:43 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-25 17:43 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-25 17:43 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-25 17:44 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-25 17:44 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-25 17:44 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\THIAGO\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\THIAGO\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\THIAGO\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\THIAGO\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-10 742264]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-03-14 446136]
"Facebook Update"="c:\users\THIAGO\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-05 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2009-10-02 2596712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
.
c:\users\THIAGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\THIAGO\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-26 27264496]
Facebook Messenger.lnk - c:\users\THIAGO\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 03:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29 151976]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-25 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 253088]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-09-22 1571336]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29 151976]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-11-04 138392]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-11-04 74904]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-09-24 289952]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-10-24 958112]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-09-09 549408]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-09-08 381488]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-27 101600]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-10 53248]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2009-09-22 2963960]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-12-01 571248]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-10-28 1429608]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 19:34]
.
2012-04-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1711579924-2252829848-2983070539-1000Core.job
- c:\users\THIAGO\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-05 22:29]
.
2012-04-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1711579924-2252829848-2983070539-1000UA.job
- c:\users\THIAGO\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-05 22:29]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29 00:55]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29 00:55]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1711579924-2252829848-2983070539-1000Core.job
- c:\users\THIAGO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 05:01]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1711579924-2252829848-2983070539-1000UA.job
- c:\users\THIAGO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 05:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\THIAGO\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\THIAGO\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\THIAGO\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\THIAGO\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-07 11106408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 16397416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - d:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\THIAGO\AppData\Roaming\Mozilla\Firefox\Profiles\nqxecwo5.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Skype - c:\program files (x86)\Skype\Phone\Skype.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354} - c:\program files (x86)\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-27 21:50:06
ComboFix-quarantined-files.txt 2012-04-28 00:50
.
Pre-Run: 125,039,984,640 bytes free
Post-Run: 124,980,609,024 bytes free
.
- - End Of File - - E7A06F847F1A39AAEB32E00AA28EB0A8

BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:47 AM

Posted 29 April 2012 - 08:43 AM

Hello and welcome to BC forums,

Be very aware that running Combofix on your own without expert guided help could turn your system into a brick.
Please do not run any tools on your own. Just only do the items I guide you on.
Make no changes on your own. If you have questions, please ask first.

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT by Right-click on the exe and choosing Run as Administrator

4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
To show all files:
  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.
Step 3
Download aswMBR.exe ( 511KB ) to your desktop.
On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.
On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls


Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5
Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

Go slow and careful. This is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on
For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.
  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchn;true;true;true; /FP
    c:|Searchq;true;true;true; /FP
    c:|datamngr;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\*. /mp /s
    CLEARALLRESTOREPOINTS

    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please Copy and Paste the OTL log(s) . Do not enclose in Code or Quote.

Re-Enable your antivirus program.

Copy & Paste contents of aswMBR log, TDSSKILLER log, OTL.txt .
Use separate replies as needed if logs do not fit into one reply box.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:47 AM

Posted 01 May 2012 - 02:53 PM

Hello thiagodalgalo,


Are you still with us? Kindly provide status update.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#4 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:47 AM

Posted 16 July 2012 - 06:10 PM

Closed due to lack of response.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users